Re: Active Directory Folders

wow Thanks for the Post Ace, very helpful! I'm definitely interested in the
course. Does this course deal with using AD to setup application installs?
This is something I am aware of it's existance, but have never tried to
implement.

"Ace Fekay [MVP]" wrote:

> In news:204D8761-7CFC-4338-9B41-90EF6F0290A1@xxxxxxxxxxxxx,
> rodge <rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on below:
> > Well,
> >
> > I'm certainly not going to discount a book published by Microsoft
> > Press, but I should say that I took the suggestion from the
> > book(because it made a great deal of sense) and applied to my current
> > environment. I didn't set this domain up, and some of what was set up
> > did make sense, but adding the additional organization did make
> > sense. Also, I just wasn't sure about what to do with the other
> > default containers(thanks for the name by the way), which is why I
> > asked. So, is it pretty typical to have another set of OU's to
> > replace the computers and users containers created by default and
> > move the objects inside them to the OU's to help with policy
> > application? It makes sense to me, it just creates another step for
> > admins, once new objects are created, but not that big of a deal at
> > all.
>
>
> Rodge,
>
> The books are guidelines. Many of the Microsoft Press are published after
> the MOC (Microsoft Official Courseware) for a specific product. I teach MOC
> and what they are is showing you how the system works and how to use it to
> your advantage. For OUs, they are guidelines. OUs are flexible to organize
> your objects. Sometimes I refer to them as kitchen cabinet drawers in a
> kitchen cabinet with many other drawers with whatever inside. One drawer may
> have junk, another silverware, etc. You can make rules on each drawer, such
> as putting a GPO on an OU. But there is one global set of rules to the
> kitchen cabinet that encompasses all the drawers, such as a password rule on
> who's allowed to access them. Passowords can only be set in a GPO at the
> domain level, usually set in the Default Domain GPO (don't go deleting this
> one or the DC GPO).
>
> OUs can be akin to departments, locations, or a hybrid of both, such as a
> location OU with departments (or 'function' OUs) at that location. We can
> also standardize function OUs for the whole company, such as:
>
> Philly OU
> .. Administrators
> .. Users
> .. Computers
> .. Laptops
> Chicago OU
> .. Administrators
> .. Users
> .. Computers
> .. Laptops
> etc
>
>
> Or .....
>
>
> Philly OU
> .. Accounting
> .. . Administrators
> .. . Users
> .. . Computers
> .. . Laptops
> .. Sales
> .. . Administrators
> .. . Users
> .. . Computers
> .. . Laptops
> Chicago OU
> .. Accounting
> .. . Administrators
> .. . Users
> .. . Computers
> .. . Laptops
> .. Sales
> .. . Administrators
> .. . Users
> .. . Computers
> .. . Laptops
> etc
>
> With the way I designed the bottom one above, I would apply a specific OU
> for the Philly region to say, install Mcafee, but in the Chicago region,
> they got a better deal on Norton, so I would create a GPO to install at
> Chicago and apply it to the Chicago OU. I'm just using the antivirus
> software as an example and would never think one company would have
> different AV apps in different locations.
>
> It's totally up to you how you want to organize OUs and use the features,
> such as GPOs. If you read the Press books, look for one called Active
> Directory Design. I can also suggest, with all due respect, to attend a MOC
> course, specifically 2279. This course is pretty much encompassing with AD
> with it's hands-on labs. You can test things in the classroom and see how
> GPOs (and everything about them) and OUs (everything about them too) work,
> etc. You'll break down a design, and reinstall AD in different scenarios.
> You also have the trainer as a resource to lean on. All the trainers I know,
> including myself, are always willing to help our students. Not a day goes by
> without at least one email from a former student that I am happy to answer.
> Well worth the money and 5 days out of your busy schedule to attend it.
>
> "2279: Planning, Implementing, and Maintaining a Microsoft® Windows ServerT
> 2003 Active Directory® Infrastructure"
> Summary: In this five-day instructor-led course students will learn the job
> skills necessary to plan, implement and troubleshoot the key components of a
> Microsoft Windows Server 2003 directory service environment.
> Audience: IT professionals
> Delivery Method: Instructor-led (classroom)
> http://www.microsoft.com/learning/syllabi/2279Afinal.asp
>
>
> Good luck!
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
>
> Not sure how? It's easy:
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Windows Server Directory Services
> Microsoft Certified Trainer
> Assimilation Imminent. Resistance is Futile.
> Infinite Diversities in Infinite Combinations.
>
> The only thing in life is change. Anything less is a blackhole consuming
> unnecessary energy.
> ===========================
>
>
>
.

Relevant Pages

  • Re: Active Directory Folders
    ... > I'm certainly not going to discount a book published by Microsoft ... > replace the computers and users containers created by default and ... Passowords can only be set in a GPO at the ... Laptops ...
    (microsoft.public.windows.server.active_directory)
  • Re: Assigning and application to selected users on selected comput
    ... Microsoft Global Technical Support Center ... |> to do what you have outlined except by use of loopback processing. ... |> Then you would need to either have the loopback GPO apply to all ... |> would need to add such as Domain Computers). ...
    (microsoft.public.windows.group_policy)
  • RE: GPO has no effect
    ... 298444 A Description of the Group Policy Update Utility ... What is the OU your GPO applied to? ... Directory Users and Computers. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: [ANN] "Dbl-Click Wont Open..." Issues
    ... A responsible citizen at Microsoft realised they would have to ... had to take two extra steps to put their computers at risk. ... It won't affect me -- I have commercial-grade security systems set up on ...
    (microsoft.public.mac.office)
  • Re: GPO user-side not applying
    ... Manfred, thanks for the info. Have added that to the GPO now, will let you ... Microsoft Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | remote laptop is now showing both correct settings. ...
    (microsoft.public.windows.server.sbs)