Question on organizing Computers

  • Thread starter Thread starter Jonathan Jesse
  • Start date Start date
J

Jonathan Jesse

Sorry for the cross-posting as this deals with both groups as it deals with
both groups

I am working on getting SUS working through my domain and would like to
setup two groups to have different policies in them.

Currently all of my computers, including servers, are in the "Computers"
folder in Active Directory and I would like to create two "Orginzational
Units" or "Groups". (In quotes cause I'm not sure the best title for this)
One would be the desktops and would have one SUS GPO applied to them, and
the other group would be servers and have a different GPO setup so I don't
have a ton of traffic when both the desktops and the servers check my SUS
server.

Is this the best way to do it? Or should I be going along a different
route?

Thanks in advance,

--
Jonathan Jesse
Network+, Linux+, A+
MCSA
Network Specialist
Founders Trust Personal Bank

This page and any accompanying documents contain confidential information
intended for a specific individual and purpose. If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is strictly prohibited. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
 
Sounds like you have it right - one of the main purposes of Organizational
Units (or OUs) is to group multiple computers together that require similar
GPO settings. Check out this document to familiarize yourself with creating
and linking Group Policy objects to different OUs:

http://www.jsiinc.com/SUBK/tip5400/rh5499.htm
 
Laura,

Thanks so much for help, it confirms I was thinking correctly.

A follow up question:

There is the organizational unit in Active Directory Users and Computers ->
my domain -> Computers . Is there a way to create these new Organizational
Units under the Computers main OU?
It would then look like this my domain -> Computers -> Servers and also my
domain -> Computers -> Desktops

When I right click on computers -> new, it expands out to include Computer,
Contact, Group, Printer, User, or Shared Folder. When I right click on the
domain -> new it expands out to include the above plus Organizational Unit

Let me know if I'm not making sense
 
No, you're making sense. It's a bit tricky - the "Computers" folder isn't
exactly an OU, it's a "Built-in folder". So is "Builtin",
"ForeignSecurityPrincipals", "LostAndFound", "System" and "Users". Since
these folders aren't actually OUs, they have two noticable restrictions:

[1] They cannot contain OUs within them.

[2] You cannot apply a GPO to them. (Try right-clicking on
Users-->Properties, you'll see a definitive lack of a "Group Policy" tab.)

Because of this, you'll begin any new OUs at the root of your domain. You
can create nested OUs, one within another, but not within any of the
Built-in folders.
 
Once again Laura thanks for your help

Jonathan

Laura E. Hunter (MVP) said:
No, you're making sense. It's a bit tricky - the "Computers" folder isn't
exactly an OU, it's a "Built-in folder". So is "Builtin",
"ForeignSecurityPrincipals", "LostAndFound", "System" and "Users". Since
these folders aren't actually OUs, they have two noticable restrictions:

[1] They cannot contain OUs within them.

[2] You cannot apply a GPO to them. (Try right-clicking on
Users-->Properties, you'll see a definitive lack of a "Group Policy" tab.)

Because of this, you'll begin any new OUs at the root of your domain. You
can create nested OUs, one within another, but not within any of the
Built-in folders.


--
******************************
Laura E. Hunter - MCSE, MCT, MVP
Replies to newsgroup only


Jonathan Jesse said:
Laura,

Thanks so much for help, it confirms I was thinking correctly.

A follow up question:

There is the organizational unit in Active Directory Users and
Computers -> my domain -> Computers . Is there a way to create these new
Organizational Units under the Computers main OU?
It would then look like this my domain -> Computers -> Servers and also
my domain -> Computers -> Desktops

When I right click on computers -> new, it expands out to include
Computer, Contact, Group, Printer, User, or Shared Folder. When I right
click on the domain -> new it expands out to include the above plus
Organizational Unit

Let me know if I'm not making sense
Click to expand...
Click to expand...
 
Hi

I was just reading your trouble shoots. I too same sort of problem.

Why doesn't Windows 2000 apply Group Policy Objects (GPOs) that I set
at the organizational unit (OU) level to members of that OU? Which
worked perfectly before i restarted the server and client machines the
next day?

Can Laura help me out? cludl you please email reply to my e-id pls.
(e-mail address removed)

Daniyal
 
Back
Top