How to Design a Group Policy Infrastructure
Group Policy can be a great way to manage group of users and computers centrally from one console. This topic really comes down to two questions, what AD objects can I link group policy to? and how can I organize my resources—AD objects ?
What AD objects can I link group policy to?
Group Policy Object can be linked to
- Active Directory domain
- Active Directory Site
- Active Directory Organizational Units
- Active Directory Security Groups
Active Directory domain
When a group policy is linked to a Domain, GPO is applied to every Active Directory objects within a domain. This is regardless of the Site or OU where user/computer object is located.
Active Directory Site
When a group policy is linked to a Site, the GPO is applied to every Active Directory objects within a Site. This is regardless of the domain or OU where user/computer object is located.
Active Directory Organizational Units
When a group policy is linked to an OU, the GPO is applied to every Active Directory objects within an OU. Administrators use OU to organize Active Directory objects usually by departments. This allows granular configuration of user and computers within a department.
Active Directory Security Groups
When a group policy is linked to a Security group, the GPO is applied to every Active Directory objects that is a member of a Security group. This is regardless of the Site, domain or OU where user/computer object is located.
