Creating Non-Inheriting Organizational Units for GPO Testing / Troubleshooting

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

In this lecture, we are going to be creating Non-Inheriting Organizational Units. I will be showing you how they work and why you would like to do that.

Open Active Directory Users and Computers. We are going to create an OU and then I am going to make it so it doesn’t inherit.

NOTE: A Non-Inheriting OU means that the Organizational Unit is not going to Inherit any Group Policy Objects that are not directly linked to the OU except for those Group Policy Objects that are enforced.

Expand > instructorpaul > RIght-Click and choose New > Organizational Unit.

Name the OU Test (Non-inheriting) and click OK.

Since we are logged into our Domain Controller and not using a Workstation, we are moving our Administrator user account into this test OU.

Click on the Yes button on the pop-up window.

We should be having the user Administrator in our new OU.

Now, click Server Manager > Tools > Group Policy Management.

Expand Forest: > Domains > > instructorpaul OU.

Since we are testing this on a user account we actually need to create a GPO that has some user settings.

Edit the Default Domain Policy right-clicking it and choose Edit.

Under User Configuration > Policies > Administrative Templates > Desktop > Desktop. Double click on the right Disable Active Desktop.

Choose the Enabled radio button and click Apply and OK button. Close Group Policy Management Editor.

NOTE: We are just picking a random setting.

Open a Command Prompt window by clicking on the Windows icon on the bottom left and type cmd. Click on the icon from the list and type gpupdate /force.

We can type gpresult /r and we should see that the Default Domain Policy is being applied.

Now, let’s create another GPO under the same Test OU. Right-click and choose to Create a GPO in this domain, and Link it here...

Let’s call this TEST GPO and click OK.

Right-click and choose Edit from the context menu.

From the Group Policy Management Editor window navigate to User Configuration > Preferences > Windows Settings > Folder. Right-click from the right empty pane window and right-click and choose New > Folder. 

From the New Folder Properties window let’s configure the following:

Action: Update

Path: C:\TestFolder

Click Apply and OK buttons.

Now we have some settings configured in this Test GPO. Close the Group Policy Management Editor window.

Click the TEST GPO and select the Settings tab. We should see the User Configurations.

Now run another gpupdate /force.

And we also type gpresult /r.

Under USER SETTINGS we see the Applied Group Policy Objects and the two policies applied TEST GPO and Default Domain Policy.

If we make the Test OU (Non-inheriting) folder non-inheriting then it will not inherit the Default Domain Policy settings. If there are settings in GPOs that are being inherited that are causing issues we can verify that by blocking all inheritance and then just linking the GPO that we want to test to this OU.

So we will do that by right-clicking the Test OU (Non-inheriting) folder and selecting Block Inheritance.

And now we see that an exclamation mark is listed there.

Notice that also if we go back to Active Directory Users and Computers and refresh the view (if open) there’s no change. There’s no way for you to know if the OU is inheriting or not.

That’s why I was saying that we should name it with the non-inheriting tag. Or you can navigate to the properties by right-clicking it and selecting Properties and giving it a Description.

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Saving Progress...

0 0 votes
Lesson Rating
Notify of
Inline Feedbacks
View all comments

Group Policy & Security with Windows Server


0/1 Lessons

Course Introduction

• 2min

0 / 1 lessons complete

Introduction to Group Policy Management

• 1hr 24min

0 / 6 lessons complete

Manage Your Workstations

• 1hr 46min

0 / 7 lessons complete

Securing Your Domain

• 1hr 1min

0 / 5 lessons complete

Group Policy Troubleshooting

• 53min

0 / 5 lessons complete

Course Conclusion

• 1min

0 / 1 lessons complete