No announcement yet.

Setting up a decent AD structure(or the best)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up a decent AD structure(or the best)

    I had a really interesting discussion with another IT admin about how to set up AD.

    Now this question has probably been asked before, and i doubt there is only one answer but here it goes.

    What is the best structure for an AD domain?

    Do you structure by department or by technical details or location?
    The admin I had this discussion with also had all users in one OU, I consider this a bad practice, but maybe you dont, and I would like to hear why.

    He said to me that it doesnt really matter where this person is, and tht AD is just a tool and so on, but I think it is much more efficient to nest OU's in a logical structure.

    Microsoft has some nice best practices ideas about this, but I think that there must be a way to fit all kinds of organizations

    Also having more groups than users seems like a bad idea, or at least it sounds that way but it could/should be possible to make it more efficient.

    In advance thx for all responses and insights
    Please give points where appropriate

    <I dont create ready scripts for you, but I'm willing to point you in the right direction>

  • #2
    Re: Setting up a decent AD structure(or the best)

    I personally organise my AD based on ease of administration. The more complex your AD structure the harder it is to keep on top of it with GPO's, delegated permissions etc.

    I suppose it's down to each company's requirements but why make things harder for yourself.

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: Setting up a decent AD structure(or the best)

      Something I use on a nationally ditributed site - put users into location based OUs and workstations into a single OU (assuming same base software company wide)

      Further application of policy can then be by role based security groups.


      • #4
        Re: Setting up a decent AD structure(or the best)

        There's no one "best way". It depends entirely on business, physical and technical requirements in each individual case.

        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you


        • #5
          Re: Setting up a decent AD structure(or the best)

          There are entire books and at least two Microsoft exams that are dedicated to this topic. It's a fairly loaded question. As the previous poster said, there is no one size fits all solution. AD is usually tailored to fit each organization.
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
 - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.