Microsoft KB Archive/313066

= HOW TO: Move Users, Groups, and Organizational Units Within a Domain in Windows 2000 =

PSS ID Number: 313066

Article Last Modified on 11/19/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional

-



This article was previously published under Q313066



IN THIS TASK

 * SUMMARY
 * ** Move Users, Groups and OUs Within a Domain
 * Troubleshooting
 * REFERENCES



SUMMARY
This step-by-step article explains how to move users, groups, and organizational units (OUs) within a domain. You can move Active Directory objects such as users, groups, and OUs from one location to another when organizational or administrative functions change (for example, when an employee moves from one department to another).

back to the top

Move Users, Groups, and OUs Within a Domain

 * 1) In Active Directory Users and Computers, select the object that you want to move, and then click Move on the Action menu.
 * 2) In the Move dialog box, select the OU or container to which you want to move the object, and then click OK.
 * 3) The following conditions apply when you move objects between OUs or containers:
 * 4) * Permissions that are assigned directly to objects remain the same.
 * 5) * The objects inherit permissions from the new OU or container. Any permissions that were previously inherited from the old OU or container no longer affect the objects.
 * 6) * You can move multiple objects at the same time.

back to the top

You Need to Assign Permissions for Printers Within an OU
To simplify assignment of permissions for printers, move printers on different print servers that require identical permissions to the same OU or container. Printers are located in the Computer object for the print server.

To view a printer, click View, and then click Users, Groups, And Computers As Containers.

You Are Concerned About Changing the GUID When You Move an Object
A globally unique identifier (GUID, a 128-bit number that is guaranteed to be unique) is assigned to an object when the object is created. The GUID never changes, even if you move or rename the object. Applications can store the GUID of an object and use the GUID to retrieve that object regardless of its current distinguished name (DN).

In earlier versions of Windows NT, domain resources were associated to a security identifier (SID) that was generated within the domain. This meant that the SID was only guaranteed to be unique within the domain. A GUID is unique across all domains; this means that you can move objects from domain to domain and they still have a unique identifier.

back to the top

