I currently have 10 sites in AD, and that is also reflected in my OU structure. The structure is something like this:
admins contacts groups servers unmanaged users workstations laptops
What is the difference in applying a GPO to the site (in AD sites and services) vs. applying them to the OU's that reflect the sites? Does it make a difference in regards to the processing of the GPO?
If I want a GPO to apply to certain users, would I be better off having that GPO encompass an entire site, but only applied to groups in the security permissions?
If someone could point me in the right direction to a effecient and intiutive GPO structure, it would be greatly appreciated. Thanks.