In
onone said:
A propsal
If everyone share there ideas then this is a better world?
Deapend!
Biggest thing for me when designing my first AD was what structure
should I use, so here goes
ROOT . DOMAIN NAME
ADMINISTRATION
USERS
DESKTOPS
LAPTOPS
WORKSATIONS
DESKTOPS
LAPTOPS
NO GP (LOW nUM USER APPS AND TEST)
DESKTOP
LAPTOPS
GENERIC (SOLID SIGN ON ETC EVERYWHERE!)
SERVER ETC
An AD design should support the business model. There is no 'one' design
method. You need to determine the scope of AD in the organization. There are
various general guidelines, but first you must identify the business needs
and how IT will support and enable it. Look at the administrative process at
the business level and come up with a plan to support it. BPM (business
productivity model) is the mainstay we must look at supporting.
The characterization of the IT department is important as well, whether it's
centrally controlled (all control from one location), central control with
decentralized management (one domain with OUs for various sites and/or
departments), decentralized (child domains for each unit whether location or
department), or outsourced. Based the design on this criteria.
You may come up with a hierarchy based on location, organization, or
function. One of the more popular ones with central control but
decentralized management is a hybrid design, such as location then
organization. In this design with a single domain model, you can design the
OU hierachy by location, even if you have one.
So you are not too far off with your original design above. But you also
want it to support and optimize applying GPOs. You can finite it such as
with this suggestion. With this design I can create GPOs specific for
locations or even departments within each location, especially if
departments requires different applications I can push out using a GPO. I
can also link common GPOs such as for WSUS or common software deployment.
domain.com
.. New York
.. Accounting
.. Users
.. Desktops
.. Laptops
.. No WSUS
.. HR
.. Users
.. Desktops
.. Laptops
.. No WSUS
.. Manufacturing
.. Users
.. Desktops
.. Laptops
.. No WSUS
.. Executive
.. Users
.. Desktops
.. Laptops
.. No WSUS
.. Servers
You can also use this model to delegate to "Location admins" where you give
a location admin FC or finite permissions on their respective OUs.
The point is every installation is different and must be evaluated on how IT
will support the business model. IT supports the business and productivity,
not the other way around. It is coming to an age where we (IT) are slowly
moving away from the IT 'geekmasters' realm to becoming Business Analysts.
Rightfully so, especially the way technology has progressed and allows new
ideas and flexibility to better support the business productivity model
(BPM).
--
Regards,
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check
http://support.microsoft.com for regional support phone numbers.
Infinite Diversities in Infinite Combinations