1) the way that we're moving these OU's is to essentially remove the old OU and create the new OU. How will OKTA be able to pick up the new OU structure? do we need to do an import first to just pick up the new OU structure in order to select the new OU's?
2) What about groups? We are moving the group OU as well. We'll obviously make sure that the new group OU is selected, but will the group membership relation for users be maintained?
Firstly add the two new OU's and perform an import to get the added OUs showing up in Okta. Make sure you can see these new OU's before you perform any moves of users or groups.
Once you can see the new OUs make sure to add them as part of the settings. I've not tested moving groups and users as a single change, I've tended to move one and then the other. After say moving the users then I've done a manual import, then move the groups and do another manual import to reflect changes.
One thing to note that when you move the groups from one OU to another and then perform an import, you will see a warning to say "x" users that were in groups have been updated and that "y" groups have been updated. You will also see a lot of "Push users profile to external application", or "Updated user application property" type syslog messages.
I would suggest just to stage a few test runs with a sample set of users, and a sample set of groups rather than doing wholesale batch process, and once tested successfully then alter.
Just before you do this (as I've not done this on a huge number of users and groups), what's the user popuation here? Maybe a call with support or professional services would be wise?