Have the following network, single forest, single domain. Would like to make sure initial AD is setup correctly. Total users 100, located in 8 offices. Main office is 70 users with all servers. Branch offices have no servers. All offices linked together via dsl VPN. Organization is public service, no sales. Four departments including 5 sub-departments, administration and management. Resources required at main office on main server(DC) for login, home directory, and intranet on seperate web server. All offices have own printers and access internet/email via local isp's. All applications accessed locally. Installed so far(test environment): DHCP, DNS and AD(shows several default OU's). It seems that seperate Login scripts and Group Policies will be necessary. Questions: Should the OU's be setup in a departmental hierarchy or branch office structure ? What would be the next steps in the above scenerio to complete the AD ? Can multiple group policies exist per OU ? Can users belong to multiple OU's ? If yes, do I not want to avoid this ? Under default Computer and User OU, should these be populated with OU's or users ? Also, is there other OU's that should be added to complete a typical AD ?