Active Directory user are in a container
what the best practice for where to put users in Active Directory. All of our users are in a container not a OU this includes Domain Admin, Enterprise Admins, Groups etc. I have to apply and GPO's for screen lock, background, My documents. what best way to apply these policies without affecting domain admin accounts etc.?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Gabriel Clifton
I typically use a root OU that all users go into and branch that off as needed for different buildings, departments, etc so that I can apply different group policies for different OUs where they need one setting and the others do not.
ASKER
so I should separate uses, groups , and domain admins in to different OU's as appose to having everyone in a container?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For me, and most sys admins I have met, it is usually a good idea to separate as much as possible so that you can create a group policy for HR department with shortcuts on desktop and internet settings and mapped drives that people in your maintenance department will not get.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.