Announcement

Collapse
No announcement yet.

Active Directory Architecture Consulation

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Architecture Consulation

    Hey all,
    i think that's my first Topic. yeyy

    k , i have this issue that i have no idea how to solve

    i have main DC in the company office , and about 30 RODC in branch offices.
    we have set up the site and service and each branch have a site.
    it's all connected in IP VPN .

    for each branch office we have 2 projects .
    and now we have another project with diffrent configurations.

    the ad ou now looks like this :

    branch1
    --- computers
    --- users
    --- project1
    --- --- computers
    --- --- users

    the diffrent configuration for the other project is :

    branch2
    --- computers
    --- --- newProject
    --- project1
    --- --- computers
    --- --- users
    --- users
    --- --- newProject
    --- --- --- ou1
    --- --- --- ou2
    --- --- --- etc...

    i thout of 2 ways to make it be more readable
    and easier to manage , and i want you guys to help me decide :

    branch3
    --- computers
    --- --- desktops
    --- --- project1
    --- --- newProject
    --- users
    --- --- users
    --- --- project1
    --- --- newProject
    --- --- --- ou1
    --- --- --- ou2
    --- --- --- etc...

    branch4
    --- desktops
    --- --- computes
    --- --- users
    --- project1
    --- --- Computers
    --- --- users
    --- newProject
    --- --- computers
    --- --- users
    --- --- --- ou1
    --- --- --- ou2
    --- --- --- etc...

    now , our GPOs are for both computers and users
    the users shuld login to their project and not to another projects.
    so user from project1 is not soppose to log in the newProject
    and etc...
    you get it...

    i think tha for the branch3 way i'll have to split all our GPOs and will have 7 GPOs for each branch...

    what do you think?

    thanks in advance.
    Last edited by FuckingMoron; 16th March 2012, 18:55.

  • #2
    Re: Active Directory Architecture Consulation

    uhm.. where the user is in relation to the OU doesn't matter.
    users log on to domains.

    does this help answer your question?
    cause I'm not really sure what you're trying to ask.. ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Active Directory Architecture Consulation

      thank you all for replay

      i have 3 kinds of projects :

      the one that open for evrything and have just desktops with the same user
      so someone can just sit there and work.

      another one is just for ie. the user logon and get only the ie page,
      and not suppose to get any access to anything else..

      and there is the new project , the VDI , this muchines have nothing on the desktops and all configurations come from policy..

      so let's say that i have a printer that already installed on the desktop and shouldn't be on the net book and deplied to the VDI...

      it's all preatty much basic policies and configurations...
      nothing too complexed...

      but i'm just thinking how it will be the easiest way to manage this...
      for the VDI project i'm gonna have about 10k of new users so it's preatty robust AD...

      thank you again.

      Comment


      • #4
        Re: Active Directory Architecture Consulation

        i'm trying to work out what we want to do here:

        so you have 3 discrete groups of users - say as follows:
        "Full Desktop Users"
        "VDI Users"
        "IE Only Users"

        correct?


        and you want a user who should be an IE-OnlyUser for instance, to get the specific locked down IEOnlyDesktop?

        and the same for others..?
        You don't want them to be able to choose which environment they have, and can only migrate between them when an administrator does it for them
        Is that more or less corect?
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Active Directory Architecture Consulation

          st. Patricks...
          wow the hangover!

          so that's about it , i have the policies and it's working...
          but then the vdi guys showed up and added their ou and groups...
          so now i'm tring to solve , what would be better.. (?!)
          couse i don't want to mess with gpo permissions and deny and stuff all the time..
          i'm tring to keep this as simple as it can get...

          the users souldn't migrate , the policy , the gpo is build up just for each enviroment
          and it is by the users settings...

          the 4 branch examples are in the topic , the first one is the beginning befor the vdi project
          the second is with the vdi , and 3 and 4 are 2 ways that i'm thinking about...
          actualy i want it the branch 4 type but my boss thik the branch 3 will be better...
          so i thout , why not consult the IT comunity..(!?)

          thanks for taking out your free time to help me decide!

          Comment


          • #6
            Re: Active Directory Architecture Consulation

            right. well if you have groups, and policies applied on OUs, then you put the user in correct OU and correct groups, and it'll just work.
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Active Directory Architecture Consulation

              yes , that's right,
              well , so you'r sain' it's all the same...
              it's just doesn't matter if the OU is nither way and it's just a matter of convinience...?

              Comment


              • #8
                Re: Active Directory Architecture Consulation

                yea - readability and..uhm.. what's the word I want.. ? inheritable

                if you have certain policies that must be applied etc, you ant to make sure however you setup your OUs won't block any of them out etc.
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Active Directory Architecture Consulation

                  kewl , thanks...
                  i think i have to check it out , couse i really don't want to recreate all the gpos to seperate the computers and users...

                  cheers mate

                  Comment

                  Working...
                  X