Re: Active Directory Folders
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Mon, 30 Jan 2006 00:04:00 -0500
In news:204D8761-7CFC-4338-9B41-90EF6F0290A1@xxxxxxxxxxxxx,
rodge <rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on below:
> Well,
>
> I'm certainly not going to discount a book published by Microsoft
> Press, but I should say that I took the suggestion from the
> book(because it made a great deal of sense) and applied to my current
> environment. I didn't set this domain up, and some of what was set up
> did make sense, but adding the additional organization did make
> sense. Also, I just wasn't sure about what to do with the other
> default containers(thanks for the name by the way), which is why I
> asked. So, is it pretty typical to have another set of OU's to
> replace the computers and users containers created by default and
> move the objects inside them to the OU's to help with policy
> application? It makes sense to me, it just creates another step for
> admins, once new objects are created, but not that big of a deal at
> all.
Rodge,
The books are guidelines. Many of the Microsoft Press are published after
the MOC (Microsoft Official Courseware) for a specific product. I teach MOC
and what they are is showing you how the system works and how to use it to
your advantage. For OUs, they are guidelines. OUs are flexible to organize
your objects. Sometimes I refer to them as kitchen cabinet drawers in a
kitchen cabinet with many other drawers with whatever inside. One drawer may
have junk, another silverware, etc. You can make rules on each drawer, such
as putting a GPO on an OU. But there is one global set of rules to the
kitchen cabinet that encompasses all the drawers, such as a password rule on
who's allowed to access them. Passowords can only be set in a GPO at the
domain level, usually set in the Default Domain GPO (don't go deleting this
one or the DC GPO).
OUs can be akin to departments, locations, or a hybrid of both, such as a
location OU with departments (or 'function' OUs) at that location. We can
also standardize function OUs for the whole company, such as:
Philly OU
.. Administrators
.. Users
.. Computers
.. Laptops
Chicago OU
.. Administrators
.. Users
.. Computers
.. Laptops
etc
Or .....
Philly OU
.. Accounting
.. . Administrators
.. . Users
.. . Computers
.. . Laptops
.. Sales
.. . Administrators
.. . Users
.. . Computers
.. . Laptops
Chicago OU
.. Accounting
.. . Administrators
.. . Users
.. . Computers
.. . Laptops
.. Sales
.. . Administrators
.. . Users
.. . Computers
.. . Laptops
etc
With the way I designed the bottom one above, I would apply a specific OU
for the Philly region to say, install Mcafee, but in the Chicago region,
they got a better deal on Norton, so I would create a GPO to install at
Chicago and apply it to the Chicago OU. I'm just using the antivirus
software as an example and would never think one company would have
different AV apps in different locations.
It's totally up to you how you want to organize OUs and use the features,
such as GPOs. If you read the Press books, look for one called Active
Directory Design. I can also suggest, with all due respect, to attend a MOC
course, specifically 2279. This course is pretty much encompassing with AD
with it's hands-on labs. You can test things in the classroom and see how
GPOs (and everything about them) and OUs (everything about them too) work,
etc. You'll break down a design, and reinstall AD in different scenarios.
You also have the trainer as a resource to lean on. All the trainers I know,
including myself, are always willing to help our students. Not a day goes by
without at least one email from a former student that I am happy to answer.
Well worth the money and 5 days out of your busy schedule to attend it.
"2279: Planning, Implementing, and Maintaining a Microsoft® Windows ServerT
2003 Active Directory® Infrastructure"
Summary: In this five-day instructor-led course students will learn the job
skills necessary to plan, implement and troubleshoot the key components of a
Microsoft Windows Server 2003 directory service environment.
Audience: IT professionals
Delivery Method: Instructor-led (classroom)
http://www.microsoft.com/learning/syllabi/2279Afinal.asp
Good luck!
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.
The only thing in life is change. Anything less is a blackhole consuming
unnecessary energy.
===========================
.
- Follow-Ups:
- Re: Active Directory Folders
- From: rodge
- Re: Active Directory Folders
- References:
- Re: Active Directory Folders
- From: Cary Shultz
- Re: Active Directory Folders
- From: rodge
- Re: Active Directory Folders
- Prev by Date: Re: Active Directory Error on password reset.
- Next by Date: Re: Home Folders
- Previous by thread: Re: Active Directory Folders
- Next by thread: Re: Active Directory Folders
- Index(es):
Relevant Pages
|
Loading
