Dangerous to move user objects around in MS Active Directory (Server 2008)?

Initially when I setup the Active Directory on Windows 2008 server, I created all the accounts, groups and printers in Users. Now I found that I could create Organizational Unit in the root domain so I created a company OU then all the departments and started moving a few user accounts into the Department OU.

I am doing this so that all the users are properly categorized instead of just one long list in the original User OU.

Is there any issues/risk/danger of moving user account around (using right click and Move)? I do not use any policy on OU containers etc (mention this because there was a warning that policies may not work if objects moved to another OU).

Thanks
Joo
artradisAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phil_taylor1980Commented:
it is considered best practice to move your users into OU's. Although you are not using any poicles now it will make it easier to apply and a more granular level. You can also apply the GPO to mutiple OU's if required.

You will get the added advantage of being able to find your users easier, again this won't affect you to much with a small AD but if it grow you are making life easier in the long run.

You also can in furture delegate control of diffent users to other admin/accounts, so again if AD grows and you want a junoir admin to be responsible for the "accounts" OU you can do.

Again none of this may seem important no, but as your AD grows it really helps if it is already organised.

hope this helps?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
artradisAuthor Commented:
Thanks. Yes, it is definitely better to put users in OUs. But because I created them all in the default User OU, I was concerned about moving things around and breaking links.

It seems after moving users around, the links update themselves i.e. if a user account is in two groups, after moving the user account object into another OU, the links in the groups will automatically update.

I just wanted to check to avoid the case were users suddenly look access rights to folders when they login tomorrow and then there will be a hugh impact.

Thanks
Joo
0
Brian PiercePhotographerCommented:
Groups and OUs have not got anything in common really, if you move users into OUs then this will not affect the groups that they are in. Equally you can move the groups into OUs and this will not affect any members of the group.

The idea  of OUs is that you can use them to apply security policies to them and the users/computers thst they contain.

Groups are used to assign permissions to files/folders/printers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.