Preventing Orphaned GPOs

Posted On 2008-08-12 by FortyPoundHead
Tags: Active Directory Windows 2000 Windows Server 2003 Windows Server 2008
Views: 1904

When you remove a computer from a domain there are a few steps you should take to ensure that its GPO settings are removed properly as well.

You might want to remove a computer from your network for any number of reasons. Irreguardless, you need to keep track of which GPOs are being applied to the object.

An orphaned GPO is the result of what happens when you remove a computer from a domain without removing its applied Group Policy Objects. In order to prevent this from happening, it is a good idea to first move the computer in Active Directory into an OU that has no GPOs applied to it before removing it from the domain completely. It is also a good idea to make sure that this OU is blocking policy inheritance from OUs above it. Doing this will completely ensure that you all group policy settings are removed from the computer in question.

About the Author

has posted a total of 1974 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links