Preventing Orphaned GPO’s

  • Section(s): Active Directory
  • Created on Feb 07, 2007.
  • Last Modified on Jun 13, 2007.
  • Last Modified by Chris Sanders.
  • Rated 3 out of 5 based on 1 votes.
When you remove a computer from a domain there are a few steps you should take to ensure that its GPO settings are removed properly as well.
There are various different reasons why you might want to remove a computer from a domain within your network. Regardless of the reason, you have to be careful that you take notice of group policy being applied to the computer in order to prevent “orphaned” GPO’s.

An orphaned GPO is the result of what happens when you remove a computer from a domain without removing its applied Group Policy Objects. In order to prevent this from happening, it is a good idea to first move the computer in Active Directory into an OU that has no GPO’s applied to it before removing it from the domain completely. It is also a good idea to make sure that this OU is blocking policy inheritance from OU’s above it. Doing this will completely ensure that you all group policy settings are removed from the computer in question.

***

Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.

Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Virus Appliance solution?