Location of User Account in Active Directory - OU or top level?

[Chris]

I was wondering if there were any advantages to storing
all of a department's user accounts in the just
the 'department OU' rather than storing them in the Domain
level container in Active Directory. My concern is mostly
with security and specifically the 'visibility' of these
account names in the domain level. I would much rather
they not be seen by anyone outside of our department OU.
Are there any other advantages or even disadvantages to
creating/managing user accounts at the OU level.... is it
better management, better security?

Thanks,
Chris

 

[Chriss3]

Hello Chris

Build your as you want to administrate it. i prefer to Create a OU first by
location, and in that OU create invdual OU´s for all my driffrent
Departments i have at the company i build the directory services for, in
each Department OU i always create Users OU and Computers OU, Becuse you can
role out gorup policy by computer settings and user settings. This is the
way i have found to make directory services. i can sub delegate control of
an Department OU for an local Account Mananger in tha Department and so on.
You have to found out what is the best for your company.

//Christoffer Andersson