AD structure for company with groups split on two locations
Posted on 2008-10-01
I´ve been assigned the task to merge two domains into one. I will set up a new structure and migrate users into the new domain.
We have mainly two locations, and departments split over these locations.
We have 3 sales departments.
Sales internal is present in both locations
Sales external present in one location
Sales projects present in one location.
The same issue arises with other departments. Sales internal is one dep even though it´s split on two locations.
I´m wondering about an, as far as I know, untraditional structure to solve this .
Groups in Loc1: Sales external Loc1 and Sales internal Loc1
Groups in Sales (among others): Sales internal, Sales external, Sales projects, Sales Loc1, Sales Loc2 and Sales everyone.
Users would be added to the group in they´re physical locations, so example salesuser1 would only be added to Sales internal Loc1. Sales internal Loc1 would be joined to following groups in OU Sales: Sales internal, Sales Loc1 and Sales everyone. Sales internal Loc1 would be joined to following groups in rootlevel: Everyone Loc1, and All local users. (don´t use everyone group due to ftp server and other services set up)
I could then apply GP using security filtering based on department or physical location. Is this a structure that is advisable considering the strong link within a departmens split on two phycisal locations?