There are a few things we need to consider when we create and link a Group Policy object to a site, domain, or OU:
- If it's a new GPO, it can be created directly under the relevant OU or domain using GMPC.
- In sites, it's only allowed to link to an existing GPO; therefore, if the new GPO needs to link to the site, it needs to add a new GPO using GPMC or a PowerShell cmdlet.
- An already added GPO can link to any OU, domain, or site. As an example, if policy A is created and linked under OU A, it can be reused in any other OU, domain, or site.
A new GPO object can be created using the New-GPO PowerShell cmdlet:
New-GPO -Name GPO-Test-A
The preceding command will create a GPO called GPO-Test-A. By default, it will not link to any OU, domain, or site. In GPMC, it can be viewed under the Group Policy Objects container.
After an object is created...
