HamannWetteren
asked on
Active Directory structure
A customer still has an Win2003 environment, and wants to structure his AD.
Currently it is all flat, all computers in 1 OU, all users and groups in 1 OU.
They have a main site with 50 users, and 10 remote sites with 5 - 10 users, connected through DSL-lines. Each remote site has a DC/GC.
Sidemark: 70% of the PC's are laptops, moving around to main site and remote sites a lot.
How would you structure servers, users, groups and computers in this kind of site, thinking about future policies, preferences, virusscan updates, WSUS....etc.
rgrds
Currently it is all flat, all computers in 1 OU, all users and groups in 1 OU.
They have a main site with 50 users, and 10 remote sites with 5 - 10 users, connected through DSL-lines. Each remote site has a DC/GC.
Sidemark: 70% of the PC's are laptops, moving around to main site and remote sites a lot.
How would you structure servers, users, groups and computers in this kind of site, thinking about future policies, preferences, virusscan updates, WSUS....etc.
rgrds
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also make sure to go through the article at
This will be useful when you create a custom "Computer Acct" OU at root, reason is when u join a desktop by default its account will be created in default Computer OU, and using redircmp ou=Computer Acct, DC=domain,dc=com the computer account will land in your custom Computer Acct OU.
AND
if you want a specific set of policy to be applied when user and computer accounts comes to domain for the 1st time.
This will be useful when you create a custom "Computer Acct" OU at root, reason is when u join a desktop by default its account will be created in default Computer OU, and using redircmp ou=Computer Acct, DC=domain,dc=com the computer account will land in your custom Computer Acct OU.
AND
if you want a specific set of policy to be applied when user and computer accounts comes to domain for the 1st time.
article is at http://support.microsoft.com/kb/324949
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Normally servers would be better in an OU of their own (DCs are already in a seperate OU by default and should not need to be changed). Laptops too may be better in an ou of their own, depending on how you want to manage them