No announcement yet.

Help with Active Directory

  • Filter
  • Time
  • Show
Clear All
new posts

  • Help with Active Directory

    Basicall I have a project for my degree that requires me to create an Active Directory for a made up university.
    I am having some confusions as to how I am going to go out this, I have installed Windows Server 2012 on a virtual machine.
    The scenario is as follows:
    3 buildings/sites: Research and Development, Law and Business, Science and Technology.

    For those 3 buildings should I create an Organisational Unit for each? So within the Unversity Domain, have 3 OU's each named after the 3 buildings previously mentioned?
    Or should I make the Organisational Units for each User Group, such as Students, Lecturers, I.T Department, Librarians etc?

    I have tried creating an OU for each building, so I have 3 OU's within the domain but i don't know how to include a single group (I.T Department) to all 3 OU's without adding it in each one individually.

    Help is very much appreciated!

  • #2
    Re: Help with Active Directory

    OUs exist for two purposes:
    1) To delegate AD management permissions
    2) To allow administration through group policies.
    So plan your OU structure with those two objectives in mind, and nothing else

    Groups have nothing to do with OUs, which can contain user and computer objects -- the OU a group belongs to is not relevant, nor can group membership be easily aligned with OU membership.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Help with Active Directory

      OUs are basically just a folder inside active directory, theres not much more hocus pocus on this.
      OUs are mainly used to separate indeed different departments, especially when they need to have each separate GPOs applied (Group policies) since its easy to apply a gpo on a complete OU.
      with "groups" you probably mean a "security group" (notice that its advised to always use an "Universal" security group from now (is usable and applicable on the whole forest when you would work with multi-domains)