Solved

Active Directory (moving a User to another OU) question

Posted on 2004-08-10
4
361 Views
Last Modified: 2010-04-12
Hi. At work we are running active directory. We have about 150 sites and tons and tons of OUs.

We got a new user that transferred from another division. (of course, every division has a separate OU with unique GPOs linked etc)

My boss simply moved his user account from his old job's OU, to our OU.

The problem: The GPO linked to his old OU is still in effect to his user name,even though he's in our OU now.

What can I do to remedy this? Create a new user account for him?
Thanks
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 50 total points
ID: 11762512

Moving a user account to a different container within the same domain

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_usr_aznz.asp

then do

XP client

start >run > gpupdate /force

2K client

Start > Run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE  
Start > Run > SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11763595
Usually, moving the user and rebooting the machine will take care of any GPO issues, follow PeteLongs recommendation to force the update. Hopefully that is all you need. If that does not solve the problem, read on.

If you have any GPO settings which change File permissions, Registry Permissions, and many registry settings they will not automatically reverse when a user or computer is removed from a GPO.

File and Registry permissions become set locally, they have to be manually changed back, or reversed with a another set of GPO policies .

Many Registry changes done through Administrative Templates set registry settings, these will not reverse unless they are changed manually or a GPO reverses the change.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11763630
Oh yeah... don't forget to move his computer if the OU's have computer configurations as well! ;)

J
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11786893
ThanQ
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question