Re: huge user OU

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Eric Chamberlain, CISSP (eric.chamberlain_at_newsgroups.nospam)
Date: 06/09/04

• Next message: Dan DeStefano: "Re: removing a computer from the domain"
• Previous message: Eric Chamberlain, CISSP: "Re: AD Design"
• In reply to: Jeff Senter: "huge user OU"
• Next in thread: Jeff Senter: "Re: huge user OU"
• Reply: Jeff Senter: "Re: huge user OU"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 8 Jun 2004 21:10:23 -0700

Jeff,

We have all our students in a single OU (some exceptions for graduate
programs). We create OU's for departments and then delegate full control to
the department. The OU admins use loopback processing to apply policies to
students. One of the reasons our student population is in a single OU is
that undergrads move around and take classes in different units, they don't
belong to one department or administrator. Another issue is FERPA, there
are strict federal laws on what student information can and can't be visible
in the directory, before populating information in Active Directory make
sure you are in compliance.

Our AD deployment is pretty extensively documented at
http://calnetad.berkeley.edu

-- 
Eric Chamberlain, CISSP
Campus Active Directory Architect
Central Computing Services
University of California, Berkeley
http://calnetad.berkeley.edu
"Jeff Senter" <jsenter@erols.com> wrote in message
news:OgjsOlVTEHA.760@TK2MSFTNGP12.phx.gbl...
> I do some consulting for an University and they are planing on haveing
> all of the users in one large OU.  The plan on breaking the machines up
> in to smaller OU.  THey belive that thay can manage this thoug GPO
> easily with this configuration.  SOme thing tells me this is not going
> to work well but I can not put my finger on it.  Or am I wrong am this
> configuration will work just fine.
>

---

• Next message: Dan DeStefano: "Re: removing a computer from the domain"
• Previous message: Eric Chamberlain, CISSP: "Re: AD Design"
• In reply to: Jeff Senter: "huge user OU"
• Next in thread: Jeff Senter: "Re: huge user OU"
• Reply: Jeff Senter: "Re: huge user OU"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Problem that has never been resolved, Mapped home directory ... I am using 2003 R2 Server with Active Directory. ... When I do this each day I have students and staff that are unable to access ... their home directory because it maps to the root of the student folder ... (microsoft.public.windows.server.active_directory) Re: Programming the User-Account_Property using C# ... I am writing a program in C# VS 2005 to create user accounts for our students in Active Directory. ... I am trying not to use ADSI in my new program, ... (microsoft.public.dotnet.languages.csharp) Re: Active Directory and Exchange acct. creation Automation ... Well, I don't know what the capabilities of the Unix system might be, but if ... it was capable of exporting a list of new students to say a text file then ... > and Exchange 2003 Administrator. ... > that info. to Active Directory and automate the creation of the Active ... (microsoft.public.windows.server.general) Re: nothing in network neighbourhoud ... you can disable "Network Neighborhood" in ... Still if students are members of Active Directory they have other ways of ... they have read permissions on most objects in Active Directory. ... E.g. if you have domain members or domain controllers in different VLANS ... (microsoft.public.windows.server.general) GPO for printers ... I manage an active directory for a small school of about 200 students. ... Clients use xp, DC's run 2003 std. ... account and have their printers available at any computer they use. ... (microsoft.public.win2000.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2004-06