We help IT Professionals succeed at work.

Windows Server 2003: implications of moving user accounts to a new OU

defecta
defecta asked
on
Medium Priority
726 Views
Last Modified: 2012-05-11
I have just started at a new company and I am trying to clean up things a but an make things a little more managable.

at the moment all our user accounts are in the OU called 'Users' along with a lot of administration accounts etc.

I would like to move the user accounts to their own OU but I am concerned about the implications of doing so.

If we only have the default group policy in place my understanding is there is very little risk of something going wrong if the OU I move the users to are sill in the same domain.

Can any one confirm please?
Comment
Watch Question

If you are only using the default domain GPO moving to a new OU in the domain should not effect the GPO being applied.
If it did have an adverse effect you could make a copy of the default GPO and apply it to the new OU.

Author

Commented:
Also is it best practice the leave the administration account etc. vin the Users OU or can I safely move them to a different OU? The 'Users' OU is a accurate description of what I want it to contain so if its safe to do so, I would move the other adminstration accounts out of there.

CERTIFIED EXPERT
Author of the Year 2010
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Author of the Year 2010
Top Expert 2010

Commented:
Yes, the administrator account can also be moved

Author

Commented:
these are the admin accounts/groups that I am concerned about moving to a different OU.

 
Small Business Administrator
Domain Controllers
Domain Guests
Domain Users
Domain Computers
Administrator
IUSR_DESIGNWCC
IUSR_SERVERFILE
IUSR_SERVERMAIL
Guest
IWAM_DESIGNWCC
IWAM_SERVERFILE
IWAM_SERVERMAIL
Debugger Users
Domain Admins
Enterprise Admins
Schema Admins
Designers
DnsAdmins
DnsUpdateProxy
Cert Publishers
IIS_WPG
SQLServer2005MSSQLServerADHelperUser$SERVERFILE
SQLServer2005MSSQLServerADHelperUser$SERVERMAIL
SQLServer2005MSSQLUser$SERVERFILE$BKUPEXEC
SQLServer2005MSSQLUser$SERVERFILE$SQLEXPRESS
SQLServer2005MSSQLUser$SERVERMAIL$BLACKBERRY
SQLServer2005MSSQLUser$SERVERMAIL$MSSQLSERVER
SQLServer2005MSSQLUser$SERVERMAIL$WSUS
SQLServer2005SQLBrowserUser$SERVERFILE
SQLServer2005SQLBrowserUser$SERVERMAIL
Group Policy Creator Owners
GFI_ESEC_CdDvd_FullAccess
GFI_ESEC_USB_FullAccess
GFI_ESEC_OtherDevices_FullAccess
GFI_ESEC_PDA_FullAccess
GFI_ESEC_StorageDevices_FullAccess
GFI_ESEC_CdDvd_ReadOnly
GFI_ESEC_StorageDevices_ReadOnly
TelnetClients
DHCP Administrators
DHCP Users
WINS Users
Exchange Domain Servers
Exchange Enterprise Servers
Small Business Power User
RAS and IAS Servers
GFI_LPSC_CDDVD
GFI_LPSC_FLOPPY
GFI_LPSC_REMOVABLE
TsInternetUser
Small Business User
WSUS Administrators
WSUS Reporters

Open in new window


Im concerned moving the GFI groupsto a different OU might break our GFI Languard security. Can anyone confirm?
CERTIFIED EXPERT
Author of the Year 2010
Top Expert 2010

Commented:
Is this a small business server? If so the reason the users are all in the Users container is because they have been setup incorrectly.  They should be in the MyBusiness > SBS Users OU.

Author

Commented:
@demazter: no its Server 2003 Standard. what effect will that have on moving the users to a different OU in this case? Or is it irrelevant?

Author

Commented:
thanks guys. i have now confidently moved the users to a new OU and not broken anything. :)

Author

Commented:
@demazter: can you explain what the CN is that you mentioned?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.