If you have no legacy clients, you can run GPO scripts assigned to specific OUs. If you have to support legacy, you have to either get a little creative with legacy NetLogon scripts or assing different scripts in the users' profiles.
AD is very flexible. You can apply policies to groups by ACL but it is a lot easier to manage by OU.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
