Active Directory (moving a User to another OU) question

Hi. At work we are running active directory. We have about 150 sites and tons and tons of OUs.

We got a new user that transferred from another division. (of course, every division has a separate OU with unique GPOs linked etc)

My boss simply moved his user account from his old job's OU, to our OU.

The problem: The GPO linked to his old OU is still in effect to his user name,even though he's in our OU now.

What can I do to remedy this? Create a new user account for him?
Thanks
dissolvedAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Pete LongConnect With a Mentor Technical ConsultantCommented:

Moving a user account to a different container within the same domain

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_usr_aznz.asp

then do

XP client

start >run > gpupdate /force

2K client

Start > Run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  
Start > Run > SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
0
 
jdeclueCommented:
Usually, moving the user and rebooting the machine will take care of any GPO issues, follow PeteLongs recommendation to force the update. Hopefully that is all you need. If that does not solve the problem, read on.

If you have any GPO settings which change File permissions, Registry Permissions, and many registry settings they will not automatically reverse when a user or computer is removed from a GPO.

File and Registry permissions become set locally, they have to be manually changed back, or reversed with a another set of GPO policies .

Many Registry changes done through Administrative Templates set registry settings, these will not reverse unless they are changed manually or a GPO reverses the change.
0
 
jdeclueCommented:
Oh yeah... don't forget to move his computer if the OU's have computer configurations as well! ;)

J
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
All Courses

From novice to tech pro — start learning today.