Re: AD Design Help..needed..
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 06/18/04
- Next message: Darren D: "Re: AD Design Help..needed.."
- Previous message: Darren D: "AD Design Help..needed.."
- In reply to: Darren D: "AD Design Help..needed.."
- Next in thread: Darren D: "Re: AD Design Help..needed.."
- Reply: Darren D: "Re: AD Design Help..needed.."
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Jun 2004 10:38:51 +1000
Hi Darren
I'm not sure this is a question easily answered in a newsgroup :) The
following URL is the hub of all things Windows Server 2003 Active Directory:
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
I'd recommend looking at the following from a security standpoint:
Delegating Control is covered in:
http://www.microsoft.com/technet/security/guidance/secmod130.mspx
User and Location Management Architecture Guide:
http://www.microsoft.com/technet/itsolutions/techguide/msm/acctmgmt/acmarch/acmarch2.mspx
As far as I know, there's no limit to the number of objects you can have in
an OU. I think you'd reach the limit of managability before anything else.
Kind regards
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "Darren D" <Darren@somewhere.com> wrote in message news:eDHT4oMVEHA.1888@TK2MSFTNGP11.phx.gbl... > My company has recently embark on a new challenge, as we all know planning > is key in creating a solid AD foundation. After extensive review of our > enterprise network that consist of over 300 NT4.0 domains, a decision was > made to move to Win2003 AD, with the key items in focus which Win2003 AD > seems to offer.. Domain consolidation, Manageability and Scalability as a > result we are considering a simple design approach. > > Our forest design would consist of (2) domains .. The root will contain > the > schema , GC .. DC's etc no accounts would be created in this root/domain, > however the child domain will consist of GC, FSMO's DC's geographically > disperse using sites. > My question is we are considering using OU's within the child domain that > will encompass all resources ---Computer accounts, users accounts , > printer > etc. > Are there any limits on how many resources an OU can hold ? In addition we > would like to use GPO's to delegate rights to a central help desk and > local > admin resources.. > The following GPO's below will be created..... Are there any documentation > that I can reference that would allow me to create these GPO's granted > that > we are going to use delegation to allow rights.. > Group Creation > User/group Rights Admin > Password Reset > User Creation > Computer Adds > GPO Modification > OU MAC > Printer MAC > Naming Standard Updates > AD Structure MAC > Schema Mgmt > > Thanks > > -Darren > >
- Next message: Darren D: "Re: AD Design Help..needed.."
- Previous message: Darren D: "AD Design Help..needed.."
- In reply to: Darren D: "AD Design Help..needed.."
- Next in thread: Darren D: "Re: AD Design Help..needed.."
- Reply: Darren D: "Re: AD Design Help..needed.."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
