I need some input and thoughts on properly designing an OU structure that is practical and scalable. I will also need some links and articles when possible to back up these ideas. I am under the impression that an OU structure should be designed to minimize the use of filtering. I think that you OU structure should be designed in a manner where you can apply your GPO's to the specific OU that you want it to affect and kind of design your domain structure that way.
But I have come across a source that introducing a new concept to me. This is applying all of your GPO's at a top level and using security groups to control who the GPO affects. I would like to know if anyone has used this method and if so how has it worked?
I also would like to know if GPMC's RSoP will be properly diagnosed against a user and computer if this concept is applied.
If my OU is broken into depts and have some settings that I only want to apply to a portion of the dept. What have been some practices that are proven to work well. Your thoughts? Thanks.