Re: Computers/Users and OU structure

Right, I understand that... sorry if I came off like that in my post.

Thanks for the link though!

Alex
"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:HZS78mojGHA.4528@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Alex,

Richard provided detailed information and I just want you know, you cannot
create OUs under "Computer" or "User" folder in Active Directory Users and
Computers. You have to create OUs on the same level as "Computers"&"Users"

Since AD desgin is really a complicated project, I also find following
article for your reference:

<http://www.microsoft.com/technet/desktopdeployment/inframan/inframanad.mspx


Hope this helps.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
From: "Alex Feigenson" <alexf@xxxxxxxxxxxxxxxx>
References: <OyA2OKkjGHA.5036@xxxxxxxxxxxxxxxxxxxx>
<04CFDF29-1397-48C6-9CA8-AA6C573F0877@xxxxxxxxxxxxx>
Subject: Re: Computers/Users and OU structure
Date: Mon, 12 Jun 2006 14:22:33 -0700
Lines: 93
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <#Jx90amjGHA.4512@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.active_directory
NNTP-Posting-Host: nmail.nimanranch.com 66.7.249.114
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.active_directory:76348
X-Tomcat-NG: microsoft.public.windows.server.active_directory

Richard -- thank you for your insight. I understand what you are saying.
I
won't be implementing user policies for the time being -- just computer
policies for now.

That being said, if I'm going to change our structure for the future,
seperating computers and users wouldn't be a bad idea.

I was thinking something like:

domain.com
|
-Computers
| |
| -IT
| -Finance
|
-Users
|
-IT
-Finance

I'm watching the webinar and reading through Sanjay's documentation.

Thanks a bunch,
Alex


"Richard Crandall" <RichardCrandall@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:04CFDF29-1397-48C6-9CA8-AA6C573F0877@xxxxxxxxxxxxxxxx
OU design really has two purposes: 1) To ease administration and 2) To
facilitate group policy deployment. Arguments can be made for some
other
stuff but most of them fit into one of these two categories IMHO. To
generically answer your question, most people find it easier to keep
computers and users separated (ie a Users OU and a Computers OU under
each
business unit).

To be more detailed is really much more of a discussion of what suits
your
organization best. There are two generic models, business unit and
geographic. It looks like you have chosen business unit which is fine
as
long as that is the division of your administration and policy
application.
For detailed info about how to do the design you may want to see this
webcast:

http://www.microsoft.com/technet/community/events/ad/add-03.mspx

Or read Sanjay Tandon's white paper about delegating administration in
AD:


http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-
9730-dae7c0a1d6d3&DisplayLang=en

http://www.microsoft.com/downloads/details.aspx?FamilyID=29dbae88-a216-45f9-
9739-cb1fb22a0642&DisplayLang=en

There are a lot of other things that you can consider as well depending
on
which applications will also be leveraging AD (ie Exchange, MIIS, ISA,
NetIQ,
etc)

--
Let me know if that was helpful

/rich


"Alex Feigenson" wrote:

I'm pretty new to designing ADS structures, and I have a very simple
question (I hope!)

I have created an OU structure that looks like this:

domain.com
|
----IT OU
----Finance OU

Etc.

Pretty simple, department based organization.

However, there are two things associated to each user, their actual
user
account and their computer account. (We don't permit sharing
computers).
My
question is, do I move both the computer object and the user object
into
the
OU, or just the user, or just the computer? What are the common/best
practices?

TIA,
Alex Feigenson









.

Relevant Pages

  • Richard wonders if anyone has suggestions
    ... Below is the string between Richard Harper and myself over the last few ... >> other than the Windows XP firewall on either PC? ... >> * PLEASE post all messages and replies in the newsgroups ... >>> The computers get their IP addresses automatically through a router. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Computers/Users and OU structure
    ... Richard -- thank you for your insight. ... seperating computers and users wouldn't be a bad idea. ... "Alex Feigenson" wrote: ... do I move both the computer object and the user object ...
    (microsoft.public.windows.server.active_directory)
  • Re: Something on JKRs sight.
    ... Lets Hear It For Talking Computers. ... Picky picky ... Richard The Blind Typer ...
    (alt.fan.harry-potter)
  • RE: Druckwarteschlange wird beendet (Ereignis-ID 7031)
    ... "Richard Brunner" schrieb: ... > Seit kurzem erscheint beim Start des Computers die Fehlermeldung, ... Prev by Date: ... Next by Date: ...
    (microsoft.public.de.german.win2000.sonstiges)
  • Re: Access Denied error on Startup Script
    ... >> the credentials of the computer object in the domain. ... All computers should be members of this group. ... Here is the script: ... which should give computer objects rights to run the startup scripts. ...
    (microsoft.public.windows.server.scripting)
Loading