Announcement

Collapse
No announcement yet.

Central versus Decentralized account creation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Central versus Decentralized account creation

    Hi,

    I am facing a challenge here (I am no expert in AD) and I was hoping that you experts may provide clarity. Thanking you in advance!

    Is it recommended for a large organization (5000 users) to create accounts in AD in a centralized OU with a limited set of attributes (name, phone number) and a limited set of security groups assigned. And to manage other attributes and security groups and GPOs at decentralized OUs by their own administrators?

    Or should account creation and management be done at one centralized location? What are the pros and cons?

    Thanks again.

    J

  • #2
    Re: Central versus Decentralized account creation

    It comes down to a number of things:
    Staff -- do you have trustworthy administrators for the remote OUs?
    Policy -- any corp rules in place
    Preference -- what do you prefer to do?

    IMHO I would have template accounts (pre-populated with as much as possible) and let local administrators clone and modify them. I would also have printed forms for local HR people to request new users, so the IT team does not get blamed for spelling mistakes etc
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Central versus Decentralized account creation

      Thank you very much. I am wondering if this partly central, partly decentralized solution is a good thing to do for such an organization.

      J.

      Comment

      Working...
      X