Discussion in 'Active Directory' started by Graham C, Jan 13, 2006.

  1. Graham C

    Graham C Guest

    Hi, we've got a relatively large branch-office scenario comprising around 300
    geographically disparate sites in a single domain with each site containing a
    single DC. To enable different policies to be applied to the head-office DCs
    and the branch DCs I want to create a few sub-OUs under the "Domain
    Controllers" OU.

    I'm trying to establish what problems I may encounter (if any) through
    moving my DCs to the appropriate sub-OU. On the face of it moving a machine
    to a sub-OU is nothing special, but as these are Dcs I'm not 100% certain.

    Has anyone else configured their AD in this way and does anyone know of any
    problems I may encounter?
    Graham C, Jan 13, 2006
  2. IMO as long as the DCs fall under the scope of the top OU "Domain
    Controllers" there will be no problem. (of course I assume nothing strange
    is configured in the GPO on the sub-OUs)
    One issue know to me is when you run DCDIAG it fails the machineaccount test
    because DCDIAG expects the computer account of a DC right under the OU
    "Domain Controllers". Talking about this, make sure no other (LDAP) apps
    expect that


    # Jorge de Almeida Pinto #
    BLOG -->
    Jorge de Almeida Pinto, Jan 13, 2006
  3. Graham C

    Graham C Guest

    Hi Jorge, thanks for the prompt response. I did consider that the DCs should
    always fall under the "Domain Controllers" OU scope and I also considered
    that each DC would require a reboot once moved so that everything would be
    aware of its new DN - but I didn't consider that some apps would be too lazy
    to read the DN and instead rely on the DCs being directly under the "Domain
    Controllers OU - so that's given me something else to think about.

    Has anybody seen a Knowledgebase article around this?


    Graham C, Jan 13, 2006
  4. Jorge de Almeida Pinto, Jan 13, 2006
