D
Darren D
My company has recently embark on a new challenge, as we all know planning
is key in creating a solid AD foundation. After extensive review of our
enterprise network that consist of over 300 NT4.0 domains, a decision was
made to move to Win2003 AD, with the key items in focus which Win2003 AD
seems to offer.. Domain consolidation, Manageability and Scalability as a
result we are considering a simple design approach.
Our forest design would consist of (2) domains .. The root will contain the
schema , GC .. DC's etc no accounts would be created in this root/domain,
however the child domain will consist of GC, FSMO's DC's geographically
disperse using sites.
My question is we are considering using OU's within the child domain that
will encompass all resources ---Computer accounts, users accounts , printer
etc.
Are there any limits on how many resources an OU can hold ? In addition we
would like to use GPO's to delegate rights to a central help desk and local
admin resources..
The following GPO's below will be created..... Are there any documentation
that I can reference that would allow me to create these GPO's granted that
we are going to use delegation to allow rights..
Group Creation
User/group Rights Admin
Password Reset
User Creation
Computer Adds
GPO Modification
OU MAC
Printer MAC
Naming Standard Updates
AD Structure MAC
Schema Mgmt
Thanks
-Darren
is key in creating a solid AD foundation. After extensive review of our
enterprise network that consist of over 300 NT4.0 domains, a decision was
made to move to Win2003 AD, with the key items in focus which Win2003 AD
seems to offer.. Domain consolidation, Manageability and Scalability as a
result we are considering a simple design approach.
Our forest design would consist of (2) domains .. The root will contain the
schema , GC .. DC's etc no accounts would be created in this root/domain,
however the child domain will consist of GC, FSMO's DC's geographically
disperse using sites.
My question is we are considering using OU's within the child domain that
will encompass all resources ---Computer accounts, users accounts , printer
etc.
Are there any limits on how many resources an OU can hold ? In addition we
would like to use GPO's to delegate rights to a central help desk and local
admin resources..
The following GPO's below will be created..... Are there any documentation
that I can reference that would allow me to create these GPO's granted that
we are going to use delegation to allow rights..
Group Creation
User/group Rights Admin
Password Reset
User Creation
Computer Adds
GPO Modification
OU MAC
Printer MAC
Naming Standard Updates
AD Structure MAC
Schema Mgmt
Thanks
-Darren