Re: Computers/Users and OU structure

Hi Alex,

You are always welcome. Please feel free to post back if you still have any
concerns.

Have a good day!


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
From: "Alex Feigenson" <alexf@xxxxxxxxxxxxxxxx>
References: <OyA2OKkjGHA.5036@xxxxxxxxxxxxxxxxxxxx>
<04CFDF29-1397-48C6-9CA8-AA6C573F0877@xxxxxxxxxxxxx>
<#Jx90amjGHA.4512@xxxxxxxxxxxxxxxxxxxx>
<HZS78mojGHA.4528@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Computers/Users and OU structure
Date: Mon, 12 Jun 2006 18:36:42 -0700
Lines: 169
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <#JadBpojGHA.3816@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.active_directory
NNTP-Posting-Host: adsl-71-135-43-80.dsl.pltn13.pacbell.net 71.135.43.80
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.active_directory:76368
X-Tomcat-NG: microsoft.public.windows.server.active_directory

Right, I understand that... sorry if I came off like that in my post.

Thanks for the link though!

Alex
"Vincent Xu [MSFT]" <v-xuwen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:HZS78mojGHA.4528@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Alex,

Richard provided detailed information and I just want you know, you
cannot
create OUs under "Computer" or "User" folder in Active Directory Users
and
Computers. You have to create OUs on the same level as
"Computers"&"Users"

Since AD desgin is really a complicated project, I also find following
article for your reference:


<http://www.microsoft.com/technet/desktopdeployment/inframan/inframanad.mspx


Hope this helps.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
From: "Alex Feigenson" <alexf@xxxxxxxxxxxxxxxx>
References: <OyA2OKkjGHA.5036@xxxxxxxxxxxxxxxxxxxx>
<04CFDF29-1397-48C6-9CA8-AA6C573F0877@xxxxxxxxxxxxx>
Subject: Re: Computers/Users and OU structure
Date: Mon, 12 Jun 2006 14:22:33 -0700
Lines: 93
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-RFC2646: Format=Flowed; Original
Message-ID: <#Jx90amjGHA.4512@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.active_directory
NNTP-Posting-Host: nmail.nimanranch.com 66.7.249.114
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.active_directory:76348
X-Tomcat-NG: microsoft.public.windows.server.active_directory

Richard -- thank you for your insight. I understand what you are
saying.
I
won't be implementing user policies for the time being -- just computer
policies for now.

That being said, if I'm going to change our structure for the future,
seperating computers and users wouldn't be a bad idea.

I was thinking something like:

domain.com
|
-Computers
| |
| -IT
| -Finance
|
-Users
|
-IT
-Finance

I'm watching the webinar and reading through Sanjay's documentation.

Thanks a bunch,
Alex


"Richard Crandall" <RichardCrandall@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:04CFDF29-1397-48C6-9CA8-AA6C573F0877@xxxxxxxxxxxxxxxx
OU design really has two purposes: 1) To ease administration and 2)
To
facilitate group policy deployment. Arguments can be made for some
other
stuff but most of them fit into one of these two categories IMHO. To
generically answer your question, most people find it easier to keep
computers and users separated (ie a Users OU and a Computers OU under
each
business unit).

To be more detailed is really much more of a discussion of what suits
your
organization best. There are two generic models, business unit and
geographic. It looks like you have chosen business unit which is
fine
as
long as that is the division of your administration and policy
application.
For detailed info about how to do the design you may want to see this
webcast:

http://www.microsoft.com/technet/community/events/ad/add-03.mspx

Or read Sanjay Tandon's white paper about delegating administration
in
AD:



http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1-48fa-
9730-dae7c0a1d6d3&DisplayLang=en


http://www.microsoft.com/downloads/details.aspx?FamilyID=29dbae88-a216-45f9-
9739-cb1fb22a0642&DisplayLang=en

There are a lot of other things that you can consider as well
depending
on
which applications will also be leveraging AD (ie Exchange, MIIS,
ISA,
NetIQ,
etc)

--
Let me know if that was helpful

/rich


"Alex Feigenson" wrote:

I'm pretty new to designing ADS structures, and I have a very simple
question (I hope!)

I have created an OU structure that looks like this:

domain.com
|
----IT OU
----Finance OU

Etc.

Pretty simple, department based organization.

However, there are two things associated to each user, their actual
user
account and their computer account. (We don't permit sharing
computers).
My
question is, do I move both the computer object and the user object
into
the
OU, or just the user, or just the computer? What are the common/best
practices?

TIA,
Alex Feigenson











.

Relevant Pages