Dangerous to move user objects around in MS Active Directory (Server 2008)?

Initially when I setup the Active Directory on Windows 2008 server, I created all the accounts, groups and printers in Users. Now I found that I could create Organizational Unit in the root domain so I created a company OU then all the departments and started moving a few user accounts into the Department OU.

I am doing this so that all the users are properly categorized instead of just one long list in the original User OU.

Is there any issues/risk/danger of moving user account around (using right click and Move)? I do not use any policy on OU containers etc (mention this because there was a warning that policies may not work if objects moved to another OU).

Thanks
Joo
artradisAsked:
Who is Participating?
 
Phil_taylor1980Commented:
it is considered best practice to move your users into OU's. Although you are not using any poicles now it will make it easier to apply and a more granular level. You can also apply the GPO to mutiple OU's if required.

You will get the added advantage of being able to find your users easier, again this won't affect you to much with a small AD but if it grow you are making life easier in the long run.

You also can in furture delegate control of diffent users to other admin/accounts, so again if AD grows and you want a junoir admin to be responsible for the "accounts" OU you can do.

Again none of this may seem important no, but as your AD grows it really helps if it is already organised.

hope this helps?
0
 
artradisAuthor Commented:
Thanks. Yes, it is definitely better to put users in OUs. But because I created them all in the default User OU, I was concerned about moving things around and breaking links.

It seems after moving users around, the links update themselves i.e. if a user account is in two groups, after moving the user account object into another OU, the links in the groups will automatically update.

I just wanted to check to avoid the case were users suddenly look access rights to folders when they login tomorrow and then there will be a hugh impact.

Thanks
Joo
0
 
Brian PiercePhotographerCommented:
Groups and OUs have not got anything in common really, if you move users into OUs then this will not affect the groups that they are in. Equally you can move the groups into OUs and this will not affect any members of the group.

The idea  of OUs is that you can use them to apply security policies to them and the users/computers thst they contain.

Groups are used to assign permissions to files/folders/printers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.