?
Solved

Moving servers to another OU in Windows server 2008 Active Directory

Posted on 2012-03-18
17
Medium Priority
?
395 Views
Last Modified: 2012-03-20
Hello,

We plan to move some servers into a server OU in our WIN2K8 AD to apply an important WSUS group policy.  The servers includes Exchange 2003, 2010, SQL 2005, IIS, file and print running on platform from WIN2K, WIN2K3 & WIN2K8.  

Do you think moving servers into another OU will present issues with what are running on the servers?  

Any experience from yours is greatly appreciated.  I am also wondering if there is some good kb about things need to pay attention when doing think kind of thing.

Many thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
  • +1
17 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 1350 total points
ID: 37734765
Just dont Move domain controllers.
Make sure your not loosing group policies that are already applied to the OU they are in now.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 37734768
The main thing you have to worry about when moving a computer or user to a new OU are the group policies applied.

Nice thing is you can use group policy modeling to see what the GPOs/settings will be in the new OU.

Good video of group policy modeling here   http://www.youtube.com/watch?v=Yj7LwG0kafM

Thanks

Mike
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37734770
Also consider WHY you feel you need to move all these servers to get the updates applied?
Can you explain?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:nav2567
ID: 37734811
Thanks Mkline71.  Thanks Neilsr.  

Neilsr, to answer your question, we plan to use our intranet wsus to push updates to the servers.  I think it makes sense to separate the servers into different OU as not all of them need the same group of updates.  For example, a SQL server does not need Exchange updates.  

What do you think?  Do you have other suggestion(s)?

Thanks.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37734841
If you are using WSUS then distribution of updates to different groups should be managed by WSUS and not by OU's in active directory. Thats what WSUS groups and containers are for.

SQL Server will NEVER get updates for exchange applied, wsus is clever like that :D
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37734853
0
 

Author Comment

by:nav2567
ID: 37734865
I know.  But the thing here is that, I need to deliver the windows updates settings to a lot of servers.  (computer configuration>policies>windows settings>administrative templates>windows components>windows updates).  I think a quick way to do this is through GPO, right?
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37734869
Do you NOT use WSUS for EVERY machine on your domain? Do you not push out WSUS settings to ALL devices?
0
 

Author Comment

by:nav2567
ID: 37734877
correct.  We do not use wsus for every machine on our domain.  Not every machine has the wsus settings.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37734883
Is there a reason you dont update your computers with wsus?
0
 

Author Comment

by:nav2567
ID: 37734890
I think we should use wsus.  That's why we are trying to use group policy to update the wsus settings on the servers.  There are important servers we do not want to update the wsus settings but apply the patches manually.  Such as the domain controller servers.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37735247
Yes gpos are the way to configure windows update and set machines to use a wsus server...that part is correct.

We also have machines that are updated manually, exchange/BES in our case.
0
 

Author Comment

by:nav2567
ID: 37735675
Thanks.  

I just want to confirm your view of my original question.  Do you think creating separate server OU(s) is the only way to deliver the wsus settings to the servers?  Please forgive me, but I just want to be sure that moving the server to another OU will not cause any problem.  Assuming the original server group policies are kept.  

Thanks again.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37737572
Moving will not cause a problem so long as ANY GPO's you already apply to servers and rely on are also applied to the NEW OU.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37737605
If you want separate WSUS policies then yes.  By the way creating an OU for servers is very common.  It is not like you are doing something out of the norm here.

Thanks

Mike
0
 
LVL 6

Expert Comment

by:comnuts
ID: 37737747
This is how I do it in my organisation. Create different GPO for different needs of your servers. For example, create OUs under the Server OU; "Servers-WSUS-Auto" will apply updates automatically at regular intervals that you define; "Servers-WSUS-Manual" to apply updates with intervention but still check for updates at regular intervals. Next create GPO for each of these OUs with the settings and apply to each respectively. This way will allow some servers with automatic updates and some to require manual intervention. Remember to use client-side targeting also.


*.com
|--Servers
|--- Servers-WSUS-Auto <-- Apply automatic updates GPO
|--- Servers-WSUS-Manual <-- Apply manual update GPO
|--- Servers-No-WSUS <-- Disable WSUS
0
 

Author Closing Comment

by:nav2567
ID: 37741685
Guys, thank you very much for your comments.  I really appreciate for your help.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses
Course of the Month13 days, 1 hour left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question