I am performing an inventory using AD, in an attempt to try and identify machines that have not accessed any of our domains in the previous 3 months. During this exercise, as is always the way, a few additional problems have come to light with our AD records.
However, I am trying to quantify the risk with a few of the findings so would appreciate some input from AD admins. Due to the diversity of our network, there are several OU’s. We have been finding departments have been physically moving workstations from one OU, and putting them in a completely different OU, such as when a team changes office location etc. This makes our records outdated but also may have security implications? My question is what security issues could this introduce to our AD environment? What procedures do you have in place when moving a PC from one OU to another? DO you document anything to keep your auditors happy?