Re: AD Design question
- From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Mon, 24 Jul 2006 09:11:56 -0500
You are a very small shop. Your need for a complicated OU structure would
only create unneeded complexities. The OU scenario for you should probably
fall on geographical boundries, personally I wouldn't even do that, but that
is just me. You should define your user access of data via group control,
assigning permissions to the groups and maintain group membership to provide
users access to these folders.
I also work for a Power Utility but we are much larger more of a midsized
firm with about 1,500 users. We have some OU structure but it is simple we
control all access via group membership.
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"SStory" <nospam@xxxxxxxxxx> wrote in message
news:ODZDYdyrGHA.4424@xxxxxxxxxxxxxxxxxxxxxxx
We are relatively small organization as compared to some. We have 100+
employees, but only 50-60 are users. We have four geographical
sites--most things happen at site #1. We are a utility company. We are
planning to implement Server 2003 AD on a new server. The current network
is just one big peer-to-peer.
In trying to properly design the AD the first time, I have read Mark
Minasi's book (around 1600p) and some other resources. The main questions
that I'm uncertain as to how to answer involve OU's.
1.) Should an organization of our size use OU's? I'm thinking yes, but
not certain.
2.) Our shares are mostly used by accounting at present. However, I
expect that this will change as the server comes online and folks
understand what is possible.
I gather that I can use OU's and Groups and GPO's to more easily
manage access to shares and such. The challenge is obviously, if I use
OU's how to
determine what OU's are needed. Does anyone have insight, input
into this task? Major pitfalls?
3.) I read a chapter from "Windows 2003 Server Bible" published by
Wiley. The basic premise of it's OU design was to create OU's not along
departmental divisions, but KME (Key Management Entities). This goes
along with my inital thoughts, of surveying the organization to discover
distinct roles. This chapter said to create OU's, assign groups to them
and users to the groups. What are you opinions about this strategy?
Any comments and advice, hopefully from folks with experience in this,
would be greatly appreciated.
Thanks,
Shane
.
- Follow-Ups:
- Re: AD Design question
- From: SStory
- Re: AD Design question
- References:
- AD Design question
- From: SStory
- AD Design question
- Prev by Date: Re: Domain Password Complexity
- Next by Date: Re: Migration AD from Windows 2000 to 2003
- Previous by thread: AD Design question
- Next by thread: Re: AD Design question
- Index(es):
Relevant Pages
|
