Background: I've been helping out with a recent G.P. simplification (read overhaul) at work. I'm working from a list of things my supervisor has requested be done with Group Policy to harden our security. Due to changes in our G.P. structure, moving the domain controllers into another OU (specifically two layers deeper into that other OU) is preferred. The environment consists of Windows 7, Server 2008 R2, and Server 2012, including a mixture of physical and virtual machines. Of the DCs in question, one is physical while the other is virtual. Both are using Server 2008 R2.
.
Through my valiant efforts at Google-fu, I have only found a single non-Microsoft post warning against it (See John Savill link).
Question: As the title says, what will break if I move my Domain Controller machine accounts from the default OU into another OU, assuming the policy is linked?
I'm not asking about Best Practices. I'm asking what will break when/if the change in question is made.
Links: John Savill Windows IT Pro Q&A Post on Jul. 8, 2009 (I sincerely doubt Microsoft support would hiccup from such a change, we don't use Exchange, the OS updates thing is bogus, etc.)
Group Policy Overview (The Caution beneath Group Policy objects that exist by default references linking the policy correctly, which has been done.)
Securing Active Directory Administrative Groups and Accounts (The Important beneath Moving Administrative Workstation Accounts into the Admin Workstations OU again references linking the policy correctly, which has, again, been done.)