Impact of Group policies when moving between OU's

Yankee30 206 Reputation points
2021-06-22T18:17:17.723+00:00

GPO 1(Domain Member Server Policy) with computer settings A,B,C,D & registries1 -> linked to OU 1
GPO 2(Domain Controller Policy) with computer settings X,Y,C,D & registries2 -> linked to Domain Controllers OU

**

  • Test 1

**

So we added the server A to domain in OU1 and as expected it got the settings A,B,C,D & registries 1 from GPO1.
Now we promoted this member server A to a Domain controller which moved it to Domain Controllers OU & now the settings are A,B,X,Y,C,D, registries 1 & registries 2.
Now X,Y,C,D & registries 2 being applied is understandable from GPO2
But it retained the settings as a local group policy from previously applied GPO 1 which is A,B & registries 2.
Is that the correct behavior to retain all previous settings & registries ?

**

  • Test 2

**

So we added the server B to domain in OU1 and as expected it got the settings A,B,C,D & registries 1 from GPO1.
I moved it to workgroup & I no longer see any of those A,B,C & D settings but only registries applied.
Will the registries won't delete when moving to workgroup?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,470 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,770 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,170 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,728 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-06-23T00:26:35.88+00:00

    Hi,

    I tried to do a test in my environment.
    OU1 client
    Deploy GPOs to OU1, configured the settings based on the registry and not based on registry.
    Refresh the GPO on the client
    Check all the settings are applied to the client
    108279-6233.jpg
    108280-6232.jpg
    Remove client from OU1 to OU2
    Restart the clients, all the settings applied from GPO1 was moved.
    108353-6234.jpg
    108343-6235.jpg

    Not sure what settings did you deployed, if possible, please share a screenshot of the output of the command: gpresult /h report.html before and after the computer was moved.

    Best Regards,

  2. Parvez Gadhia 1 Reputation point
    2021-06-28T11:15:03.51+00:00

    I believe the gpo leaves Group Policy Preferences (GPP) on the machine and that could be those registry settings you would be seeing on your domain controller which was a member server and residing under different ou before getting promoted as a domain controllers, and moved under domain controllers ou

    GPP will be retained though the respective gpo is removed / unlinked.

    0 comments