• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 45
  • Last Modified:

Best practice for keeping AD organized

So this is what I am looking for some advice on.  The client I am working with is in an Exchange 2010 and Server 2008 R2 SP1 environment.  I am currently setting up some new distribution lists for them.

They have multiple remote offices that each have their own OU within the main forest that contains all of the users for that office.  But the main office doesn't.  It's OU is just called 'users' and is getting pretty messy.  I was thinking of taking the time and creating a new OU called HQ and cleaning everything up.  I was also thinking of creating a sub-group for HQ that would contain just email accounts (i.e distribution lists, etc..) so that anything that doesn't require an actual login username would be placed here.

Any thoughts on this or how your AD forest might differ?
3 Solutions
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
You have though goos to Organize and manage ..... AD depends on your Org or Administration requirements.

Let me know if you have any specific query in mind :)

- Rancy
msweisbergAuthor Commented:
The client leaves it to us to administer the system and keep it running.  In that respect we have setup each remote office with its own OU and all employees within each office have their information placed within the correct OU.  But it really looks like the main office has gotten overlooked and it's OU is quite messy.

So, the idea that I laid out above....does it look good or should I change something?
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I agree as to all Offices having this kind of configuration .... anyday any issues you know where exactly to find what you want in AD ..... not sure if there is any GPO linked to that OU that you would need to take care of as well :)

Look as you say if all others have the same configuration not sure why this should be ammended .... anyways what i can suggest is
Create some test users and DL and whatever objects you have in there and plan to move around .... just move those test users and DL and check if their functionality isnt affect in anyways or at most you can choose some Pilot users\DLs to check with no issues as moving without testing into such thing can sometime backfire and create a lot more work :)

- Rancy
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hypercat (Deb)Commented:
I don't think there are any "best practices" for this kind of thing, except these:

1.  Logic - organize your user and computer OUs into logical groups. It looks like you've thought yours through pretty clearly.
2.  Make sure you consider all the possibilities that might arise in the future that would affect those OUs -site management, email management and/or distribution group management, group policies, etc.  One major one that is often overlooked IMO is group policies.  Although GPs can be applied to subgroups within an OU by creating security groups, by far the easiest way to organize GPs is by organizational unit. So, when you create your units you should take into account any group policies that might affect your users and/or computers.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I agree with Hypercat - there is no real best-practice that fits everyone.  

You must remember that your objects (users, groups, computers, etc) cannot belong to more than one OU.  As a result, you need more planning that you would otherwise need when assigning group membership.

Another point - if you're users are in the default Users container, this is NOT an OU - it is a CONTAINER.  The difference being that a container cannot have group policies or sub "containers" or OUs.  So if that's where the are, if you want the ability to apply group policy you MUST move them.

HOW you set them up depends on your organizations needs/clients needs and you are, without question, in the best position of any of to determine those.
msweisbergAuthor Commented:
Thanks all....those are great answers and advice.  @leew...that is exactly what I am looking for.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now