Preventing Orphaned GPOs

When you remove a computer from a domain there are a few steps you should take to ensure that its GPO settings are removed properly as well.

You might want to remove a computer from your network for any number of reasons. Irreguardless, you need to keep track of which GPOs are being applied to the object.

An orphaned GPO is the result of what happens when you remove a computer from a domain without removing its applied Group Policy Objects. In order to prevent this from happening, it is a good idea to first move the computer in Active Directory into an OU that has no GPO's applied to it before removing it from the domain completely. It is also a good idea to make sure that this OU is blocking policy inheritance from OU's above it. Doing this will completely ensure that you all group policy settings are removed from the computer in question.

About this post

Posted: 2008-08-12
By: FortyPoundHead
Viewed: 2,241 times

Comments

No comments have been added for this post.

You must be logged in to make a comment.