Moving OUs in ADUC not reflected in GPMC ??
I have created a set of Computer OUs.
There is a top-level Computer OU for the company/domain.
There are 3 site-related Computer OUs at the next level down.
PLUS, one more Computer OU at this same level for "test computers" that are put there on a transient basis.
So:
Domain Computer OU
Site 1 Computer OU
Site 2 Computer OU
Site 3 Computer OU
Test Computer OU.
After having used this structure for a time, I realized that I always do this:
1) put test computers into the Test Computer OU and link a new GPO there only.
2) Since Site 3 is the smallest, link the new GPO also to Site 3 Computer OU.
3) With good test results, add a link to Site 2 Computer OU.
4) Finally, add a link to Site 1 Computer OU or, alternately remove all the links and add one to Domain Computer OU with the same effect.
I hope that sounds reasonable enough....
Now, I figured that moving computers in and out of Test Computer OU might be a bit of a waste of time if I were going to just start yet another test.
So, I thought it might be helpful to Move Test Computer OU into Site 3 Computer OU and just leave the test computers there.
First, I removed all of the computers out of Test Computer OU - putting them into the other 3 OUs.
Next, I unlinked the current testing GPO link from the Test Computer OU.
Next, I MOVED the Test Computer OU into Site 3 Computer OU.
However, the Test Computer OU didn't show as moved in GPMC. ????
Why might that be?
Restarting the DC didn't fix it.....
(I did get it fixed but not without some trepidation).
There is a top-level Computer OU for the company/domain.
There are 3 site-related Computer OUs at the next level down.
PLUS, one more Computer OU at this same level for "test computers" that are put there on a transient basis.
So:
Domain Computer OU
Site 1 Computer OU
Site 2 Computer OU
Site 3 Computer OU
Test Computer OU.
After having used this structure for a time, I realized that I always do this:
1) put test computers into the Test Computer OU and link a new GPO there only.
2) Since Site 3 is the smallest, link the new GPO also to Site 3 Computer OU.
3) With good test results, add a link to Site 2 Computer OU.
4) Finally, add a link to Site 1 Computer OU or, alternately remove all the links and add one to Domain Computer OU with the same effect.
I hope that sounds reasonable enough....
Now, I figured that moving computers in and out of Test Computer OU might be a bit of a waste of time if I were going to just start yet another test.
So, I thought it might be helpful to Move Test Computer OU into Site 3 Computer OU and just leave the test computers there.
First, I removed all of the computers out of Test Computer OU - putting them into the other 3 OUs.
Next, I unlinked the current testing GPO link from the Test Computer OU.
Next, I MOVED the Test Computer OU into Site 3 Computer OU.
However, the Test Computer OU didn't show as moved in GPMC. ????
Why might that be?
Restarting the DC didn't fix it.....
(I did get it fixed but not without some trepidation).
Last Comment
OU will always have precedence
remember the acronym LSDOU
Local machines, Sites, Domains and Organizational Units.
remember the acronym LSDOU
Local machines, Sites, Domains and Organizational Units.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks folks!
I should have been clearer. I was doing all the work on one DC directly. Not with an ADUC interface on a workstation.
The GPMC was likely open when I moved the OU.
Refreshing, closing, opening, etc. seemed to do nothing.... either on the GPMC or the ADUC interface..
I didn't look at the other two DCs as I was working on one. And, I'm the only one who would have been doing things like this. So, I expect the other DCs were "watching" at the most.
The fix was to delete the OU entirely and start over.
I should have been clearer. I was doing all the work on one DC directly. Not with an ADUC interface on a workstation.
The GPMC was likely open when I moved the OU.
Refreshing, closing, opening, etc. seemed to do nothing.... either on the GPMC or the ADUC interface..
I didn't look at the other two DCs as I was working on one. And, I'm the only one who would have been doing things like this. So, I expect the other DCs were "watching" at the most.
The fix was to delete the OU entirely and start over.
ASKER
Thanks!!
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
check your domain controllers to make sure your intersite replication is working
start with that
whatever DC you are connected to in ADUC, connect to that same DC with the GPMC and see if the changes are there; if so, you might have a replication issue