Currently we have all our users in one AD OU. There are no staff with specific requirement to have power user/admin rights /special access on their machine. We also don't have any applications that require the user to have admin rights in order for it to run. So the few group policies that we have in place works across the board for all staff in all departments. But now the director is asking that we think about creating Departmental OU's for the staff. I don't think there is a need for it as it creates more work for no reason. Is it good practice to have departmental OUs?