What is considered best practice? Linking GPOs at the Domain Level with Item Level Targeting or linking GPOs at the OU level?
-
Unsolved Link GPO at Domain Level or OU Level????
-
Hello Nathan,
Even with item-level targeting, best practice would still be to link the policies to the target OUs. Item-level targeting is really more about filtering a policy so it only applies to certain objects within an OU, or subset of OUs. It is a much easier and more robust way to do security filtering. If you know a policy will only apply to a certain subset of OUs, it would be better to link it there, than link it to the domain. Linking every policy to the domain and then doing item-level targeting will cause unnecessary processing, especially during busy times on the domain controller. In a small organization, this might not be noticeable, but as the organization gets larger, this could impact logon times.
Hope this helps,
Mike
Mike Rodrick
Edutainer, ITProTV**if the post above has answered the question, please mark the topic as solved.