Announcement

Collapse
No announcement yet.

Active Directory Domain Organizational Unit Structure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Domain Organizational Unit Structure

    How would I design Active Directory Domain Organizational Unit Structure for a new Active Directory implementation at an existing organization. I am being ask by my boss to come up with some questions that should be asked to recommend an OU Structure appropriate to the organization

  • #2
    Re: Active Directory Domain Organizational Unit Structure

    that is a hard question to answer without more information...

    its also a question that is hard for us to answer, as we have no knowledge of what your organization does or how its arranged. that is going to be a question best answered by you.

    in addition, you have not said if this would be an addition of a subdomain to an existing forest or an entire new forest with a trust relationship to a new forest that is then migrated to the new forest, or will they all just get new logons to a new domain?

    you must also take the existing GPOs into consideration when making a plan, but that again, depends on what your trying to do.
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Active Directory Domain Organizational Unit Structure

      Thank you very much for that quick response. It was very helpful

      Comment


      • #4
        Re: Active Directory Domain Organizational Unit Structure

        Generally, you should set up your OU's based on your existing business hierarchy and how your dept's are organised. You should only create OU's where user separation is required. This can manifest as either different user configurations or computer configurations (or both).

        Just remember that you not try to over-complicate it. Make it as simple as possible.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: Active Directory Domain Organizational Unit Structure

          Have to say I'm not sure about OUs reflecting Business Organisation.

          OUs / AD structure should exist to allow
          a) Proper application of Group Policy
          b) Delegation of AD permissions.

          If the organisation structure allows this, good, but if a different OU structure would aid the two goals, use it.

          (Bitter experience of unpicking OUs which mimic the business organisation, but make the IT goals awkward!)
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Active Directory Domain Organizational Unit Structure

            Fair enough
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Re: Active Directory Domain Organizational Unit Structure

              Have to say I'm with Ossian on that one, sometimes I've found that OU structures have to be geographical or something like that depending on the local availability of domain controllers and the speed of the WAN links. I've had a few bitter experiences myself (My Documents redirection of 10gb iTunes library over crappy ADSL being a memorable charlie-foxtrot to clean up)
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Re: Active Directory Domain Organizational Unit Structure

                There you go - that shows the difference between my network (very small) compared to the networks you guys have experience with. I'll not suggest that again.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Re: Active Directory Domain Organizational Unit Structure

                  Originally posted by Blood View Post
                  There you go - that shows the difference between my network (very small) compared to the networks you guys have experience with. I'll not suggest that again.
                  You obviously know your company structure and how it works so you need to set it up and future proof it as best you can. No one way is going to be the right one. What works for those with remote sites/users may not necessarily be suitable for a smaller in-house setup.

                  I have sites with 1,000 Users and have structured them along the organisational lines of the site and in this case it works especially when you have up to 1/5th of your users leave every year and get replaced by another couple of hundred. (Educational sites)

                  Prisons and schools. Two sites where the "users" are hostile towards the administrators.
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment

                  Working...
                  X