move existing user in AD to new OU

  • Thread starter Thread starter JOEY
  • Start date Start date
J

JOEY

I have a couple users that I need to apply extreme lock
down measures to.

Please tell me if this is correct.

1. Create a new OU
2. Move their user accounts to the new OU.
3. Move their computer accounts to the new OU.
4. Create my new GPO.
5. Give read and apply group policy rights to my new OU.

This seems to work but my biggest question is do I have to
move the computer account to the new OU for this to work.
 
The policy you apply to the OU can only apply to computer and user accounts
below that OU. If the extreme lock down policy you are describing only
affects the User items in the policy then you only need to move the User
accounts into the OU. If, however, your policy requires computer policies to
be applied to their PCs then you need to move their PCs too.
 
The only settings I changed were in the user
configuration, But the policy will not run unless I
disable the default configuration OR I move the computer
account to the new OU.
 
Back
Top