DC's and Member servers in the same OU

  • Thread starter Thread starter Guest
  • Start date Start date
Clinton said:
Is there any problem DC's and Member servers being in the same OU?
Click to expand...

No, but DCs have never been very happy being outside
of the default DC OU.

Even putting them in a child OU (of the DC OU) seems
to make them quirky.

Putting member servers in there is probably not
very sensible but it won't hurt the Servers in
a general way -- but it might not BENEFIT from the
GPO(s) usually applied to DCs.

Recommendation: Don't do it even if it works.
 
We are trying to apply similar security measures to DC's and member servers
using policies applied to the OU.
 
Clinton said:
We are trying to apply similar security measures to DC's and member servers
using policies applied to the OU.
Click to expand...

Build the policy once (with the common settings)
and link it TWICE (unless the OUs are in a parent-child
relationship.)

It is perfectly legal to use a GPO for multiple disparate
OUs.
 
I would recommend that you use two OUs - keeping the default Domain
Controllers OU and creating an OU and move all of the member servers to that
created OU.

Do you have the GPMC SP1 installed on a WINXP Pro system in your
environment? This might be a really good start for you. The GPMC can do a
lot of things for you.....

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
Back
Top