Re: Active Directory design
- From: "Kurt" <lorentzenkurt@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 31 Jul 2006 20:43:53 -0700
I've found that group policies tend to be created out of necessity rather
than initial planning. Common policies like desktop background, redirecting
My Documents to a server with a tape drive for backup purposes, etc. can be
implemented at the domain level as you are planning. But other, more
granular policies are usually directed at a specific department, project or
team. Organizing your AD this way in the beginning makes light work down the
road. I think you're on the right track.
....kurt
"YHussein" <YHussein@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2C27635D-B1DB-4DA6-881F-DC93A35621F5@xxxxxxxxxxxxxxxx
Hi all,
I am in the process of setting up a small network for around 25 users (all
in one site) and would like some advice as to the best design for AD. We
have
5 main depts (Management, Middle Office, Marketing, Finance, Operations)
plus
a number of general admin staff that dont really belong to any dept. The
only group policy settings I am planning to define are those to do with
password security and workstation screensavers (which I think I can
achieve
from the default domain policy).
I was initially thinking of creating an OU for each dept and placing users
in their appropriate OU, which would give the follwoing OU structure:
- Management
- Marketing
- Middle Office
- Finance
- Operations
- General (for those users who dont belong to any dept)
However I'm not sure if this structure is neccessary, due to the following
reasons:
a. I wont be defining separate group policies to each OU - will use only
the
default domain policy to define a small number of domain-wide settings
b. I am the only administrator so wont be delegating control to any OU
c. Two of the depts only have one user in each!
Because of this I'm wondering if the above setup is just overkill. So my
questions are:
1. Is it simply worth me creating all the users within the default "Users"
container instead? Is there any advantage of doing this as opposed to
creating OUs?
2. If I do create the user accounts in the default 'Users' container, will
the defualt domain policy work on users in this container?
3. If I go for the OU deployment scenario, do I need to place the Security
and Distribution groups for each dept within their corresponding OU? E.g.
if
I create a Security Group called 'Finance' that contains all the members
of
the finance team, should this group be placed within the Finance OU, or
should I create a separate OU called 'Groups' and place all my Security
and
Distribution groups (for every dept) in the single OU, regardless of which
department's members they contain?
Many thanks in advance for any assistance.
Rgds,
Yasser Hussein
.
- Prev by Date: Re: How many Global Catalog Servers are needed?
- Next by Date: I need a LDAP query to find a user from other domain in a local group of my domain
- Previous by thread: Re: Active Directory design
- Next by thread: Re: Problem with restricted groups
- Index(es):
Relevant Pages
|
