Moving DC to sub-OU of Domain Controllers OU unsupported?

Discussion in 'Active Directory' started by HarryH, Oct 27, 2008.

  1. HarryH

    HarryH Guest

    Hello,

    I have heard that moving a DC to a child OU under the default Domain
    Controllers OU is not supported by Microsoft. (Nobody seems to be able to say
    what will / could go wrong though.)

    Is this a true statement or just a myth? Does anybody know of a microsoft
    link that confirms this statement or goes into any details?

    Thanks for your help / hints!

    Regards
    HarryH
     
    HarryH, Oct 27, 2008
    #1
    1. Advertisements

  2. Hello HarryH,

    IMPORTANT: Do not move any domain controller accounts out of the default
    Domain Controllers OU, even if some administrators log on to them to perform
    administrative tasks. Moving these accounts will disrupt the consistent application
    of domain controller policies to all domains, and is not supported.

    From:
    http://technet.microsoft.com/en-us/library/cc700835.aspx

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Oct 27, 2008
    #2
    1. Advertisements

  3. Meinolf Weber, Oct 27, 2008
    #3
  4. HarryH

    jwd Guest

    DO NOT move any DCs to different OUs. Your domain will become unstable.

    OUs control Group Policy and administration. Group policy and
    administration must be the same on all DCs so there is no reason to do this.

    Best Regards
    Joe Dunn
    MCSE, CCNA
     
    jwd, Oct 27, 2008
    #4
  5. Do NOT move the DCs out of the Domain Controllers OU structure. I'm saying
    "structure", which means I would not mind putting a DC in a sub-OU of the
    Domain Controllers OU.

    Some tools or programs however, expect the DC objects to be in the Domain
    Controllers OU. For example, if I'm not mistaken DCDIAG will throw "an
    error" if it is in a sub-OU.

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Oct 28, 2008
    #5
  6. HarryH

    HarryH Guest

    Hello,

    thanks for your answer. I had seen this link but since it is not a Microsoft
    link I wasn't sure about the validity.

    Regards
    HarryH
     
    HarryH, Oct 28, 2008
    #6
  7. HarryH

    HarryH Guest

    Hello,

    thanks for your answer. Many of our DCs are "one man shows" in distributed
    offices - servers that run as DC, DNS, DHCP, FS, EMail and PS. We where
    thinking of applying different printer publishing policies for different
    sites. I would like to stop some DCs from publishing printers but would like
    to allow this on other DCs. Therefore I was thinking of different sub-OUs
    under the default container.

    Regards
    HarryH
     
    HarryH, Oct 28, 2008
    #7
  8. HarryH

    HarryH Guest

    Hello,

    I appreciate your answer. Have you ever tested the placement of DCs in
    Sub-OUs of the default container?

    Regards
    Harald
     
    HarryH, Oct 28, 2008
    #8
  9. Jorge de Almeida Pinto [MVP - DS], Oct 28, 2008
    #9
  10. HarryH

    admcse Guest

    Hello,

    There seems to be conflicting information on the two issues below, can you
    please clarify?
    1. Move DCs out of the Domain Controllers OU
    2. Move DCs to a sub-OU of the Domain Controllers OU

    We are in the process implementing a design (the has already been approved
    by our client) in which the DCs are members of a OU and I would like to get
    some concrete info on this before we either implement or possibly change
    (Yikes!) the design.

    Also, is there a KB article or procedure on what needs to be done and the
    possible problems that might be encountered. I am assuming that, at a
    minumum, the Default Domain Controller's Policy has to be linked to the new
    OU but I'm not sure what else might have to be done or what "gotcha's" there
    might be.

    DOMAIN
    OU1
    New Domain Controllers OU

    Thanks
    Angelo
     
    admcse, Nov 11, 2008
    #10
  11. moving the DCs out of the Domain Controllers OU to some other OU which is
    NOT a sub-OU is not recommended and probably not supported.
    moving the DCs out of the Domain Controllers OU to a sub-OU is something I
    would not have a problem in doing (as long as it is in scope of the Default
    Domain Controllers OU/GPO I have no problems with it


    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Nov 29, 2008
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.