Announcement

Collapse
No announcement yet.

2008 AD Default User and Computers OU's

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2008 AD Default User and Computers OU's

    Hi all

    Just wondered if its advised to use the default user and computer groups within 2008 AD ?

    I realise you cannot apply separate GPO's to these as they aren't OU's as such.
    However we have 2 GPO's for the whole company as there is only 15 users.

    Any feedback welcome

    Thanks

  • #2
    Re: 2008 AD Default User and Computers OU's

    Entirely up to you -- as you say, they are not OUs, just containers to make ADUC look "tidier".

    With 15 users and 2 GPOs, unless you need to apply a GPO to some users or computers only, no need to move things.

    On the other hand, you could create new OUs, move users and computers, and then IF you needed some special behaviour, create new GPOs linked to the OU -- at present all domain GPOs would apply to any OUs unless over-ridden
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: 2008 AD Default User and Computers OU's

      Thanks for that

      Didnt think it was life or death in our little setup.

      Comment


      • #4
        Re: 2008 AD Default User and Computers OU's

        it;s not a massive problem to use the default containers (and in fact, some objects need to stay there, or things break.)

        however, just for myself, I always create a separate OU, Called "CompanyA" or whatever, and then break the resources down below that.
        I also use "redircmp" and "redirusr" to change the default location..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: 2008 AD Default User and Computers OU's

          Tehcamel's suggestion is a great way to organize the OU structure. This method ensures that the top level of your AD structure is clean and organized. I use this design as well. This OU can be called "departments", "enterprise", "company", etc... I generally link my top level organizational GPOs at this level such as login scripts, proxy, other common settings.
          JM @ IT Training & Consulting
          http://www.itgeared.com

          Comment


          • #6
            Re: 2008 AD Default User and Computers OU's

            yeah for me I was going to create an OU called Cambridge and then within that split it into Computers and users...this then leaves me the option of doing it by department should it ever come to that

            Thanks all for the friendly advice

            Comment

            Working...
            X