I was wondering if anyone has any ideas or thoughts behind managing Active Directory Devices within containers for instances like:
User A in Department A turns in Laptop A which has specific GPOs assigned for Department A (confusing I know, hold on , it may get worse.)
User A leaves --> Laptop A is re-provisioned but stays in Department A container and still receiving Department A
s GPO's but laptop A has been assigned to USER B who is in Department B (oh no!).
So i know there is a way to have a script run on the core and compare AD to the Ivanti EPM database and perform cleanup when machines are removed from AD. My question is, is there a way to say move a machine from one container to another during provisioning to remove GPOs from a specific device like Laptop A to put it into a non deployed state?
Or is there a product that will handle this say Environment Manager for example.
Any help is greatly appreicated.