GPO best practices : Security-Group Filtering Versus OU
Posted
by
Olivier Rochaix
on Server Fault
See other posts from Server Fault
or by Olivier Rochaix
Published on 2012-11-29T16:32:35Z
Indexed on
2012/11/29
17:06 UTC
Read the original article
Hit count: 526
Good afternoon everyone,
I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU.
Do you think it is a good practice or should I stick to OU ?
We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups.
The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU.
Thanks for your advices, Olivier
© Server Fault or respective owner