K
KKL
Is there a reccomendation from MS as to the number of
OU's that can be linked to a certain GPO?
thanks,
OU's that can be linked to a certain GPO?
thanks,
C
Chriss3
KKL, There is no such limitation or recommendation from Microsoft so far I
know.
If you have to link the same GPO to many OUs you may have to look over your
Active Directory Design and may take use of the inheritance from a parent
object there the GPO is linked and then create child OUs. This is also a
question of simplify administration.
The question can also be the other way around, How many GPOs can you link to
a certain OU. Here is a few recommendations. You can see the link below or
do a search for "Optimize Group Policy" at www.google.com to found out more.
HOW TO: Optimize Group Policy for Logon Performance in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315418
know.
If you have to link the same GPO to many OUs you may have to look over your
Active Directory Design and may take use of the inheritance from a parent
object there the GPO is linked and then create child OUs. This is also a
question of simplify administration.
The question can also be the other way around, How many GPOs can you link to
a certain OU. Here is a few recommendations. You can see the link below or
do a search for "Optimize Group Policy" at www.google.com to found out more.
HOW TO: Optimize Group Policy for Logon Performance in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315418
S
Stew Basterash
Chris,
This is a question I am asked all the time... It is not uncommon for someone
to create a "Workstations" OU of some sort (and then break this down into
sub OU's based on functionality or location) and then package up all kinds
of software for disrtibution by computer... On my test network at my office
I am over 30... in other words with as few as 5 workstations I am
distributing 30 seperate applications using Intellimirror... At a at least
two large organization where I have consulted I have seen this bloat to
nearly 1000... taking into consideration all the minor applications... even
the onesy-twosy applications... Nothing wrong with network design here...
perhaps there may be a better way to orphanize the structure... but thinking
this through this could go more than several layers deep in an OU
structure... I believe MS recommends staying away from more than three
orphan layers deep...
Just some thoughts
Stew
This is a question I am asked all the time... It is not uncommon for someone
to create a "Workstations" OU of some sort (and then break this down into
sub OU's based on functionality or location) and then package up all kinds
of software for disrtibution by computer... On my test network at my office
I am over 30... in other words with as few as 5 workstations I am
distributing 30 seperate applications using Intellimirror... At a at least
two large organization where I have consulted I have seen this bloat to
nearly 1000... taking into consideration all the minor applications... even
the onesy-twosy applications... Nothing wrong with network design here...
perhaps there may be a better way to orphanize the structure... but thinking
this through this could go more than several layers deep in an OU
structure... I believe MS recommends staying away from more than three
orphan layers deep...
Just some thoughts
Stew
C
Chriss3
I'm always create a User OU and a Computer OU when I design the Active
Directory. Since Group Policies comes in this two parts and it have seems to
be easy to manage my customers desktops with GPOs with this desgin.
Directory. Since Group Policies comes in this two parts and it have seems to
be easy to manage my customers desktops with GPOs with this desgin.
B
Brian Desmond [MVP]
Chris-
This design works in many scenario's, but there are certain scenario's where
it isn't logical, namely geographical organization. Let's say you have OUs
for Kansas, Alabama, and Florida. The users & computers in each location are
going to need to be in the local subtree, and they're going to need distinct
settings. So, you make a Kansas GPO, and configure everything in it to spec.
--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us
Http://www.briandesmond.com
This design works in many scenario's, but there are certain scenario's where
it isn't logical, namely geographical organization. Let's say you have OUs
for Kansas, Alabama, and Florida. The users & computers in each location are
going to need to be in the local subtree, and they're going to need distinct
settings. So, you make a Kansas GPO, and configure everything in it to spec.
--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us
Http://www.briandesmond.com
C
Chriss3
Sure you can configure a GPO for Kansas but how ever its inheritance down to
child OUs that could be Computers and Users.
But you are right there is
no perfect design over all. Each AD has it own needs.
--
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup
child OUs that could be Computers and Users.
But you are right there isno perfect design over all. Each AD has it own needs.
--
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup