Active Directory documentation guidance

I searched the site and it doesn't seem as though this has come up.  We have an AD already designed and implemented.  We have a need though to go back and create, I hope I am using the right title for this, an Active Directory Architecture document.  The purpose of this document would be to put in writing our current design.  After this we will need a change management document detailing any changes that would be made to the Active Directory.  The question is, is there a universally accepted format for how these documents should be put together?  Is there software that might be able to help in the creation of these documents?  Is there a boilerplate we could get/buy to ensure we have a compliant document or as standard as possible?  We are good with the design and implementation . . . the documentation aspect, however, is not something covered in Microsoft training.  Any help or guidance would be greatly appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
There are the infrastructure planning and design guides

For drawings the AD topology diagrammer is a great tool

Having said that in terms of the documents I've not seen a standard, every place I've seen sort of has their own templates and documents

Some of the oldest guides online were from the Stanford AD deployment of Windows/AD

I used them as guides for things I did for documenting my AD (back in the 2000 days)...thanks to the Stanford IT staff :)



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TardyAuthor Commented:
So, this isn't our AD.  We have a sub-ou in an existing AD that is where our design begins.  We are really only documenting the OU structure where most of these cited examples put most of the emphasis on everything else.  I am imagining that what this document should contain is the current structure and what the purpose of each OU is, What GPO's are applied to each OU, what delegated control is at each OU . . . but I am only guessing.  As for the change management document I don't really have a clue where to begin.  I guess so far I am hearing that there is not standard though.

I should have specified to this is more of a policy type document not a reproduction of the AD design in paper form.  I hope this makes sense.  In other words this is so that when a group that we support says "I think I should have a sub-ou under the OU you admin and full admin to it" that we would have a document to say "this is our current AD design, fully documented, so detail why it does not fit your need and why you need an exception"  the change management part would in part define how that exception walks through the process toward either approval or denial by our security office.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Mike KlineCommented:
The ADTD will document the OU structure for you

You can also use the built in scripts with GPMC to help you document group policy


TardyAuthor Commented:
I'm not a domain admin.  I just have full admin to the Sub-OU delegated to me.  I have no knowledge of what the name of the DC that the GC sits on and probably don't have rights on it to be able to run ADTD against it anyway.  Likewise with the scripts.
Mike KlineCommented:
Won't hurt to give ADTD a try, by default you should have read access to the OUs.

The HQ/EA admins may have taken that away but that is usually not done.


TardyAuthor Commented:
Actually I guess we should have rights to read.  Just need to figure out where the GC is.  Not sure about he scripts.  I can replicate that easy enough though.  I'm thinking that a good start would be to outline our OU structure then go from OU to OU listing delegates and GPO's and maybe a brief description of each OU's purpose.  That might be good enough.  

Still stuck on Change Management though.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Project Management

From novice to tech pro — start learning today.