Announcement

Collapse
No announcement yet.

AD Design suggestions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Design suggestions

    I've just landed a position with an international firm (very lucky in this economy) that has offices in Canada, US, Mexico, and Europe.
    While I'm not an expert, I've been asked to audit their Active directory and make suggestions on its current state and recommendations going forward.
    They have OUs for each location with several OU such as desktops, etc -- no laptops. They have domain controllers for some of the larger locations, but not all..
    They current only use AD to deploy updates via WUS and not much else.
    In the past, I've created OUs Users, Groups, Desktops users, Laptops Users and vendors.
    What are some best practices for designing AD? I realize an entire Microsoft Course exists on the topic; I'd like to provide some food for thought while I attend specific training.
    Some other uses could be defining printers, etc.
    Their Email is outsouced.

    Thoughts?

  • #2
    Re: AD Design suggestions

    Well, it all depends....


    Sites, network, amount of users, computers etc.

    Where to start?
    View your network. How are the diiferent office connected to each other.
    Is there a need to create sites, etc.
    If you are not that experienced in AD, i woud suggest to hire a consultant.
    A good desing pays itself.
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

    Comment


    • #3
      Re: AD Design suggestions

      Originally posted by TONYH View Post
      I've just landed a position with an international firm (very lucky in this economy) that has offices in Canada, US, Mexico, and Europe.
      While I'm not an expert, I've been asked to audit their Active directory and make suggestions on its current state and recommendations going forward.
      They have OUs for each location with several OU such as desktops, etc -- no laptops. They have domain controllers for some of the larger locations, but not all..
      They current only use AD to deploy updates via WUS and not much else.
      In the past, I've created OUs Users, Groups, Desktops users, Laptops Users and vendors.
      What are some best practices for designing AD? I realize an entire Microsoft Course exists on the topic; I'd like to provide some food for thought while I attend specific training.
      Some other uses could be defining printers, etc.
      Their Email is outsouced.

      Thoughts?

      Hmmm. You're basically asking us for consultancy work LOL - seeing as "Best Practice" for Design hinges on "Business Need" - which can only be dictated by your organisation.

      Ask your business what problems they're having with their current setup and see if you can find design solutions to them. Have a look at the support work you're having to do most of; and see if you can find design solutions that would remove those items from your list of big hitters. Have a look at the workings of DNS, DHCP etc and see if there are design ways to improve performance/cost of maintaining/efficiency. Most of all however look at how business processes have had to be moulded around the current design, get the business to tell you what business process they would LIKE to use, and see if you can find design solutions that will facilitate it.

      Remember - Business drives IT because Business is what your organisation does; IT should be a tool which is used because it fits perfectly to DOING that business.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: AD Design suggestions

        http://www.microsoft.com/downloadS/d...displaylang=en

        Best Practices for Delegating Active Directory Administration

        There are so many ways to delegate stuff, it all depends on how the business works. Design the domain around the business, don't try to force the business around the domain.

        That document explains the basics, different ways of doing the same thing and their advantages..

        In any case, I'd be glad to charge 800$ a day to do it for you
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: AD Design suggestions

          Actually your current design sounds very good, but as mentioned before it all depends on companies needs.
          maybe this link could help you a bit on the matter.

          http://forums.petri.com/showthread.php?t=25759

          Comment

          Working...
          X