what the best practice for where to put users in Active Directory. All of our users are in a container not a OU this includes Domain Admin, Enterprise Admins, Groups etc. I have to apply and GPO's for screen lock, background, My documents. what best way to apply these policies without affecting domain admin accounts etc.?