M
Mark Darbyshire
All - does this sound good to you.
A rather large company (10's of thousands of users) have decided to rename
the "Users" OU to "Standard Users" and then plonk all of the users for an
entire Active Directory into it - no OU structure at all..... Not only this
but 12 DC's to support the lot over 250+sites and they think this will work
ok??? To add to this the fact that they are implementing group policies
based on group membership and not on OU membership - it all seems very wrong
to me.
So, best practice - is this a good idea I ask?
I think this is probably not the right thing to do and it should be a
structure based on OU's adding the group policy's to each of the OU's
otherwise we'll have a lot of admin on our hands removing people from groups
and adding them to new ones if they move site for instance. I think also
that if we slot the DC's into the correct places of the OU structure then we
can cut down replication?? Besides - with a flat structure such as this you
can't delegate administration can you. As a last thing then - no Exchange
but likely within 12 months - how will this affect this daft idea?
Anybody have any pointers for me please they would be greatly appreciated
for when I go bash somebody over the head!!
Many thanks,
Mark.
A rather large company (10's of thousands of users) have decided to rename
the "Users" OU to "Standard Users" and then plonk all of the users for an
entire Active Directory into it - no OU structure at all..... Not only this
but 12 DC's to support the lot over 250+sites and they think this will work
ok??? To add to this the fact that they are implementing group policies
based on group membership and not on OU membership - it all seems very wrong
to me.
So, best practice - is this a good idea I ask?
I think this is probably not the right thing to do and it should be a
structure based on OU's adding the group policy's to each of the OU's
otherwise we'll have a lot of admin on our hands removing people from groups
and adding them to new ones if they move site for instance. I think also
that if we slot the DC's into the correct places of the OU structure then we
can cut down replication?? Besides - with a flat structure such as this you
can't delegate administration can you. As a last thing then - no Exchange
but likely within 12 months - how will this affect this daft idea?
Anybody have any pointers for me please they would be greatly appreciated
for when I go bash somebody over the head!!
Many thanks,
Mark.