I like to straighten out my old questions to understand group policy better, so please read all questions and hope you can answer.
1. For Active Directory, in what cases OU is really helpful? Is that just like a folder in file system to organize computers and users? In my case, I often have to a apply group policy to computers belonging to different OU. I wonder what OU is meaningful for other purposes.
2. In Group policy, I often read OU is the smallest unit you can apply group policy. I am not quite understanding this. If I have to apply single group policy to computers from different OUs (in Question 1), then I apply group policy to the domain root directly and can filter by 'security filtering' under Scope tab in the group policy. Wouldn't that be easier than applying group policy to an ou and later you find the group policy needs to be applied any portion of computer/user in another OU?
3. In Group policy Management, when I click domain, the right pane shows tabs 'Linked Group Policy' and has 'link order' column. Also the next tab is 'Group Policy Inheritance' and has 'precedence' column. Can you explain differences of the two tabs and what the column means and how I can take advantage of ordering GPOs here?
4. What is delegation tab on GPOs and where is useful?