Active Directory Organizational Structures
Posted on 2014-01-23
Thanks for looking at this question! Without going in to too much detail, we are interested in redesigning our AD structure to serve our support and management needs better.
Currently we have ~30some physical locations and 1 domain. We have two separate 'business units' which require different things - backgrounds/login screens, software, mapped drives, et al.
The structure of this essentially starts with a top level then the 2 branches then 20some sub-OU's (for each location, some exist on in both organizatiosn). This structure essentially appears twice with minor differences, once for user objects, once for computer objects.
Now for the most part each site has nothing specific about them (except on the user side we have subgroups for 'job roles' to grant permissions).
My question is this: Is there a standard design approach for an organization like this -which is expecting to grow steadily with new locations? What are the best resources available for determining how to design AD structures (i.e. would a domain and subdomain be ideal? 2 separate domains?) And, lastly, any tips or considerations that are worth looking in to which could help simplify management, design, or deployment of this.
Thanks again for any help!!