maingateinc
asked on
How to redo Active Directory and OU's for my company
Looking for opinions on how to best rework our Active Directory - it's messy right now and I don't even think there are any GPOs being enforced. As part of working toward using GPOs and redoing login scripts, etc I want to redesign our AD to fit these criteria. I've included a screen shot of our current AD arrangement. The OU's are "political" in that they are separated by department. This doesn't seem to be the most efficient because most all of these department's computers and users are managed identical to each other. We also have a couple of out-of state sites being added in the coming months, so I need to include them into this big pitcure. When I was studying for MCSE (which I'm no where near completing) I remember learning that it's not a good idea to design OU's be geographical reason. I'm looking for any direction or advice that anyone can provide. I've also google-imaged looking for other AD screenshots, I see some are organiced as CN= or OU=, is there any signifigance to this? Thanks
(I'm a visual learner, so if you can include any screenshots or graphs I would be uber grateful!)
AD-OUs-WTF.jpg
(I'm a visual learner, so if you can include any screenshots or graphs I would be uber grateful!)
AD-OUs-WTF.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If your departments are located in some physical locations and each department is just in one location (is not spread) it's better to create (Design) your top level OUs by your physical locations and put departments in them. Each OU is better to have three last OUs (Computers, Users and Groups) so you can separate your objects.
ASKER
mkline71 you are touching on two areas I have had questions on for a while:
Delegation of Administration - what exactly does this mean? Our IT department is setup like this:
IT Director (pretty hands off of the servers)
Network Admin (me, responsible for administration and stuff like this)
POS Admin (responsible for point of sale systems)
Programmer (self explanitory)
Help desk tech (responsible for help desk support)
Does Delegation of Administration imply delegating to employees outside of IT? That hasn't ever made since to me because even smart heads or managers in other departments won't know what to do or why when it comes to AD/network administration. Or does this mean defining different levels of administration within my IT department? Right now, no one outside of the IT department does any administration or would understand what I was talking about if I tried to bring them in on the AD design
2nd part - How does having GPO's at the domain level differ from this other method; "Designing OU's around group policy and applying those policies "
Delegation of Administration - what exactly does this mean? Our IT department is setup like this:
IT Director (pretty hands off of the servers)
Network Admin (me, responsible for administration and stuff like this)
POS Admin (responsible for point of sale systems)
Programmer (self explanitory)
Help desk tech (responsible for help desk support)
Does Delegation of Administration imply delegating to employees outside of IT? That hasn't ever made since to me because even smart heads or managers in other departments won't know what to do or why when it comes to AD/network administration. Or does this mean defining different levels of administration within my IT department? Right now, no one outside of the IT department does any administration or would understand what I was talking about if I tried to bring them in on the AD design
2nd part - How does having GPO's at the domain level differ from this other method; "Designing OU's around group policy and applying those policies "
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.