AD question

Hello Experts,

I have a question on AD design

I have a company with 4 offices in different countries. I have a data center in north America and One office in US.

My questions is about best practice for example in the OU for US and it has 2 sub OU which are BU1 and BU2.  Do I create one OU for users under the US OU or do I create the users ou under each department?  Also what about OU for laptops, desktops, printers and servers.

Thanks,
LVL 4
Habib ZakariaNetwork Solutions ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
This is really up to you.  You could do both.  How do you want to manage it?  What are the pros and cons for you?
0
Ganesh Kumar ASr Infrastructure SpecialistCommented:
You didn't mention about the other country, let us assume one in Australia and one in japan.

Option 1 : You can create Parent OU of each location and delegate the permission if you have any admins over there for that specific OU and its sub OU.  For USA you can create Parent OU called USA and create SubOU with the office location names. Under that you can create users OU and computer OU. This will be useful to segregate the computers.

Option 2:  create sub-domains for each location if it is feasible to deploy additional domain controllers. So all the computer can be added and managed in that specific domain.

Finally you can choose whichever is feasible for you and if you have enough resource to manage the subdomains.  

If you predict the growth of IT department in next 5 years, the demand of software, hardware resources, tools you are going to bring in.
0
Zacharia KurianAdministrator- Data Center & NetworkCommented:
There are many  of ways to design an OU structure, depending on the Size of your AD, Functional/Departments, Resource -based, Geographic ,User-Classified etc..

The design  also depends on your GPOs implementation too. Just make sure you do not use too little OUs or too many OUs, rather make sure to have just enough OUs. The best I can think of are the following ones.

 1. Company structure.
 2. The physical sites.
 3. Organization Support.
                  (a)  What are the support boundaries (e.g. Location and/or Workstations and/or Servers
4. Types of PCs/Servers
                           (a) Highly Secured.
                     (b)Standard SOE.
                     (c)Process Control/Automation
                     (d)Server Roles (e.g. Exchange, SQL or File Server)
 5. Network Topology.
                     (a) Bandwidth / Latency.
6. Group Policy Management.
7. Security requirements (password policy, auditing etc.)
8. Change in management process.
9. Auditing requirements for Group Policy.

Zac
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.