Solved

What is the best practice for designing an ePolicy Orchestrator Directory Structure?

Posted on 2009-07-16
1
701 Views
Last Modified: 2013-12-09
Hi
I am currently trying to optimise our ePolicy setup, with integration with AD. Currently in AD we have a "Servers", "PCs" and "Domain Controllers" OUs. We also have a disaster recovery site with a different IP range and subnet, but on the same network. Should i create 2 sites in ePo, "Home" and "DR", or have the sites set to the OUs, "Servers" etc? i guess i'm wondering what the best practice for designing the directory structure is.

Thanks in advance
Brian
0
Comment
Question by:ITUCIRL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 19

Accepted Solution

by:
aissim earned 500 total points
ID: 24929563
Personally, I've always tried to keep my ePo structure identical to my AD structure because it makes life simple. Knowing where objects are in ePo without having to think about it is always a benefit.

I think the only reason to split into 'Home' and 'DR' would be if you have some configuration/protection needs (within ePo) that are different between the two sites. But if your configuration on the DR machines are identical to your live/home network, my two cents would be to leave the structure as is! All depends on how specialized your ePo config needs to be....in my environment keeping PCs, servers, and domain controllers separate is the important part with regards to exclusions, scan times, etc...
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question