I administer a network with Server 2003 domain controllers. I am planning to replace the domain controllers with new Server 2008 DC's. When running DCDIAG, I receive an error that the domain controllers failed something along the lines of "test MachineAccount". I forget the exact error message. The message appears because a previous admin moved the domain controller computer accounts out of the "Domain Controllers" OU. I knew this beforehand, but now I wonder if this may cause new issues during the ADPREP process. Some documents I have read state issues with Exchange and other aspects of the infrastructure when the objects are moved from the Domain Controllers OU. This has not been my experience to date since everything seems OK now. I am wondering if anyone else has experience in this area. I would not want to move the Domain Controller objects again before covering my bases and planning ahead.
Thanks.
Best Answer
From http://technet.microsoft.com/en-us/library/cc728418%28WS.10%29.aspx
I think the biggest problem occurs when DCs are placed in separate OUs that do not have the default DC policy applied, though it is a good idea to keep them in the Domain Controllers OU if they're just in a differently named container anyway.