Solved

Default Users OU

Posted on 2015-02-19
6
44 Views
Last Modified: 2015-02-24
I am in the process of organising our Active Directory Organisation Unit (OU) structure from a security standpoint.
 
1.      Can I move all the objects in the Default users OU to another OU I created?
2.      If Yes, What would be any negative impact in moving them?
3.      From a security standpoint, what would any one suggest in terms of where I should move them to and how to protect them?


Many Thanks


Nikky
0
Comment
Question by:Nike_Baby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40619412
1) The "default" users container is not an OU. It is a subtle but important distinction. Of course you can move users from the default container into an OU. Otherwise, why would AD have OUs at all?

2) Entirely dependent on your environment. There could be no negative impacts, or you could move users into an OU where delegation, liked GPOs, or other factors totally break your environment. If you aren't familiar with administering AD, take classes, buy books, call in an expert to assist.... but don't try to go it alone. *Nobody* here can answer this question since it is assuredly specific to each environment.

3) see #2
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40619423
1,2,3) See Cliff's answer. :)
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40619425
The Default Users Container is where accounts get created unless otherwise specified. This is similar to the default computers container where new computers added to the domain appear in if you have not redirected your default computer placement.

You can move these user accounts to another OU where you can then apply policies, if required.

From a security standpoint, what would any one suggest in terms of where I should move them to and how to protect them?

This really depends on who you want to have access to modify properties of these accounts. I would start with Delegation of Control to ensure that only people authorized have access to these accounts. I would also use "Protect From Accidental Deletion" on the OU that you place them in.

I would continue this process throughout your restructuring of OU's as well.

Will.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 37

Expert Comment

by:Mahesh
ID: 40619451
You can't apply any GPOs to Default Users Containers except "Default Domain Policy"

Because Default domain policy will be applied to all containers in entire domain including Users container.

The purpose of moving users from default users container to another OU have some specific reasons such as:

U want to move users according to your defined organizational structure, because OU structure resembles your organizational structure
U want to apply specific user level polices on those OUs which is not possible by simply keeping them in default users container
OUs are there to represent your organizational structure \ simplify administration and to put restrictions
There is no very hard rocket science in that.
0
 
LVL 13

Expert Comment

by:Natty Greg
ID: 40619614
Already answered,
0
 

Author Closing Comment

by:Nike_Baby
ID: 40628396
Thank you all for your help
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question