AD Design suggestions

This topic contains 4 replies, has 5 voices, and was last updated by  gepeto 10 years, 2 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts

  • TONYH
    Member
    #135236

    I’ve just landed a position with an international firm (very lucky in this economy) that has offices in Canada, US, Mexico, and Europe.
    While I’m not an expert, I’ve been asked to audit their Active directory and make suggestions on its current state and recommendations going forward.
    They have OUs for each location with several OU such as desktops, etc — no laptops. They have domain controllers for some of the larger locations, but not all..
    They current only use AD to deploy updates via WUS and not much else.
    In the past, I’ve created OUs Users, Groups, Desktops users, Laptops Users and vendors.
    What are some best practices for designing AD? I realize an entire Microsoft Course exists on the topic; I’d like to provide some food for thought while I attend specific training.
    Some other uses could be defining printers, etc.
    Their Email is outsouced.

    Thoughts?


    Killerbe
    Member
    #305906

    Re: AD Design suggestions

    Well, it all depends….

    Sites, network, amount of users, computers etc.

    Where to start?
    View your network. How are the diiferent office connected to each other.
    Is there a need to create sites, etc.
    If you are not that experienced in AD, i woud suggest to hire a consultant.
    A good desing pays itself.

    #220503

    Re: AD Design suggestions

    TONYH;122363 wrote:
    I’ve just landed a position with an international firm (very lucky in this economy) that has offices in Canada, US, Mexico, and Europe.
    While I’m not an expert, I’ve been asked to audit their Active directory and make suggestions on its current state and recommendations going forward.
    They have OUs for each location with several OU such as desktops, etc — no laptops. They have domain controllers for some of the larger locations, but not all..
    They current only use AD to deploy updates via WUS and not much else.
    In the past, I’ve created OUs Users, Groups, Desktops users, Laptops Users and vendors.
    What are some best practices for designing AD? I realize an entire Microsoft Course exists on the topic; I’d like to provide some food for thought while I attend specific training.
    Some other uses could be defining printers, etc.
    Their Email is outsouced.

    Thoughts?

    Hmmm. You’re basically asking us for consultancy work LOL – seeing as “Best Practice” for Design hinges on “Business Need” – which can only be dictated by your organisation.

    Ask your business what problems they’re having with their current setup and see if you can find design solutions to them. Have a look at the support work you’re having to do most of; and see if you can find design solutions that would remove those items from your list of big hitters. Have a look at the workings of DNS, DHCP etc and see if there are design ways to improve performance/cost of maintaining/efficiency. Most of all however look at how business processes have had to be moulded around the current design, get the business to tell you what business process they would LIKE to use, and see if you can find design solutions that will facilitate it.

    Remember – Business drives IT because Business is what your organisation does; IT should be a tool which is used because it fits perfectly to DOING that business.


    gepeto
    Member
    #323774

    Re: AD Design suggestions

    http://www.microsoft.com/downloadS/details.aspx?familyid=631747A3-79E1-48FA-9730-DAE7C0A1D6D3&displaylang=en

    Best Practices for Delegating Active Directory Administration

    There are so many ways to delegate stuff, it all depends on how the business works. Design the domain around the business, don’t try to force the business around the domain.

    That document explains the basics, different ways of doing the same thing and their advantages..

    In any case, I’d be glad to charge 800$ a day to do it for you :lol:


    Akila
    Member
    #314731

    Re: AD Design suggestions

    Actually your current design sounds very good, but as mentioned before it all depends on companies needs.
    maybe this link could help you a bit on the matter.

    http://forums.petri.com/showthread.php?t=25759

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.