GPOs can be configured Locally, at the Site level, the Domain level or at the Organizational Unit (OU) level. Group Policies are applied in a Specific Order, LSDOU. This order means that the local GPO is processed first, and GPOs that are linked to the Organizational Unit are processed last, so the OU level GPO overwrites settings in the earlier GPOs if there are conflicts.
As OU policies are applied starting at the “root level“, we can organize users and computers into different containers and apply GPO to a specific OU depends on various organization needs. We can set a Group Policy to OU by following two ways:
– Create a new GPO and Link it to OU
– Link an existing GPO to OU
Create a new GPO and Link it to a Organizational Unit (OU)
1. Open the Group Policy Management console by running the command gpmc.msc.
2. Expand the tree Forest >> Domains , right-click on the OU where you want to apply new policy, click Create a GPO in this domain, and Link it here…
3. Type the new policy name and click OK and you can edit GPO settings by right-click on the newly created GPO and click Edit.
Link an existing GPO to a Organizational Unit (OU)
1. Open the Group Policy Management console by running the command gpmc.msc.
2. Expand the tree Forest >> Domains , right-click on the OU and click Link an existing GPO…, and select the Group Policy which you want to link, then click OK.