OU, with Global Groups inside Right or Wrong >> Best Practices for Small Biz
Posted on 2003-02-18
Do you need to use Global groups inside of an OU or can you just use several OUs and put only user accounts into the OU and assign permissions for user access at the OU level? Or should I create OU-Global Group-and add users to the global group, and then assign permissions at the Global group level. Looking for best real world practices books only define.. What are the best strategies going forward for the real world?
For example is this correct. Create an OU called CompanyA and create user accounts inside this OU called CompanyA, and right click the OU and set user permissions, that way without using Group Policy. Or would it be better to create a OU called CompanyA and create a global group inside the CompanyA OU called Users and create the users inside the Global group, assign permissions at the Global group level, so it would look something like this OU-Global Group-User Accounts sitting inside global group. I will be supporting other companies in the network, separate entities, so I was thinking about creating OUs for the separate companies and assigning Group Policies later, but I want to do it right from the ground up. I read you should not get to granular with the OUs but I am not sure if I am going about the Active Directory structure the correct way by not using global groups and creating user accounts directly into the OU and right clicking the OU and adding member groups like domain users, administrators, etc. to the OU, maybe this is why my domain user account with Admin rights was being declined access to my device manager, denying changes, error insuffient rights. Please Help with OUs....
Thanks in advance....