Active Directory documentation guidance

Tardy
Tardy used Ask the Experts™
on
I searched the site and it doesn't seem as though this has come up.  We have an AD already designed and implemented.  We have a need though to go back and create, I hope I am using the right title for this, an Active Directory Architecture document.  The purpose of this document would be to put in writing our current design.  After this we will need a change management document detailing any changes that would be made to the Active Directory.  The question is, is there a universally accepted format for how these documents should be put together?  Is there software that might be able to help in the creation of these documents?  Is there a boilerplate we could get/buy to ensure we have a compliant document or as standard as possible?  We are good with the design and implementation . . . the documentation aspect, however, is not something covered in Microsoft training.  Any help or guidance would be greatly appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013
Commented:
There are the infrastructure planning and design guides

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD3921FB-8224-4681-9064-075FDF042B0C&displaylang=en

For drawings the AD topology diagrammer is a great tool  http://www.microsoft.com/downloads/details.aspx?FamilyID=cb42fc06-50c7-47ed-a65c-862661742764&displaylang=en

Having said that in terms of the documents I've not seen a standard, every place I've seen sort of has their own templates and documents

Some of the oldest guides online were from the Stanford AD deployment of Windows/AD http://windows.stanford.edu/Public/Infrastructure/WinAdminGuide.htm

I used them as guides for things I did for documenting my AD (back in the 2000 days)...thanks to the Stanford IT staff :)

Thanks

Mike

Author

Commented:
So, this isn't our AD.  We have a sub-ou in an existing AD that is where our design begins.  We are really only documenting the OU structure where most of these cited examples put most of the emphasis on everything else.  I am imagining that what this document should contain is the current structure and what the purpose of each OU is, What GPO's are applied to each OU, what delegated control is at each OU . . . but I am only guessing.  As for the change management document I don't really have a clue where to begin.  I guess so far I am hearing that there is not standard though.

I should have specified to this is more of a policy type document not a reproduction of the AD design in paper form.  I hope this makes sense.  In other words this is so that when a group that we support says "I think I should have a sub-ou under the OU you admin and full admin to it" that we would have a document to say "this is our current AD design, fully documented, so detail why it does not fit your need and why you need an exception"  the change management part would in part define how that exception walks through the process toward either approval or denial by our security office.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2013

Commented:
The ADTD will document the OU structure for you

You can also use the built in scripts with GPMC to help you document group policy   http://wmug.co.uk/blogs/1972/archive/2006/05/01/39.aspx

Thanks

Mike

Author

Commented:
I'm not a domain admin.  I just have full admin to the Sub-OU delegated to me.  I have no knowledge of what the name of the DC that the GC sits on and probably don't have rights on it to be able to run ADTD against it anyway.  Likewise with the scripts.
Top Expert 2013

Commented:
Won't hurt to give ADTD a try, by default you should have read access to the OUs.

The HQ/EA admins may have taken that away but that is usually not done.

Thanks

Mike

Author

Commented:
Actually I guess we should have rights to read.  Just need to figure out where the GC is.  Not sure about he scripts.  I can replicate that easy enough though.  I'm thinking that a good start would be to outline our OU structure then go from OU to OU listing delegates and GPO's and maybe a brief description of each OU's purpose.  That might be good enough.  

Still stuck on Change Management though.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial