Need suggestions on Win2k Setup For Office

[SayitAintSoAdm]

We have about 75 people in the office at this point. We are a helpdes
company and have "teams" for each account we support. We are runnin
Win2k Server for the servers, duh, and Win2k Pro for the workstations
The question I have here is what would you suggest the setup be i
Active Directory? Do I create a OU for each "team" so I can setup
group policy? (Since right requirements are different for each team)

I need a setup that allows growth and easy to move domain account
between the "teams" since some "cross train". I would like them to sta
on the same domain, but I am open to suggestions. Im not a newbie i
this area, but I do have A LOT to learn. I am a Linux guy and first jo
as a admin on Windows based network and would like to get some input o
this. I have lots of other questions but would like to start out here.

Thanks
SayItAintSoAdmi

SayitAintSoAd

 

[SaltPeter]

We have about 75 people in the office at this point. We are a helpdesk
company and have "teams" for each account we support. We are running
Win2k Server for the servers, duh, and Win2k Pro for the workstations.
The question I have here is what would you suggest the setup be in
Active Directory? Do I create a OU for each "team" so I can setup a
group policy? (Since right requirements are different for each team)

I need a setup that allows growth and easy to move domain accounts
between the "teams" since some "cross train". I would like them to stay
on the same domain, but I am open to suggestions. Im not a newbie in
this area, but I do have A LOT to learn. I am a Linux guy and first job
as a admin on Windows based network and would like to get some input on
this. I have lots of other questions but would like to start out here.

Thanks
SayItAintSoAdmin

Yes, organize your departments by OUs and link a GPO to each OU. Place your
departmental groups, computer accounts, printers, folder shares in their
respective OUs. Each Group Policy in each group will be inherited by the
members placed within.

Then run the delegation wizard. and give the techs delegated administrative
rights to whatever OU object he or she is responsible for. Best include the
tech's account in the respective OU beforehand. An OU is the equivalent of
an NT4 domain with the benefit of hierarchy.
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/deleg
steps.asp

Take note as well that 2 GPOs exist by default on your AD domain, the DC
container and the domain's GPO (default_first_site holds no GPO by default).
When you modify a GPO, think about creating a new GPO entry instead in order
to track the changes you make throughout the network.

You'll find technet to be an excellent resource:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
prodtech/win2000/win2khg/04config.asp

 

[SayitAintSoAdm]

Thanks for the reply! A quick question, in the AD you see the domain an
all the "folders" underneathe it. The default is domain users an
computers. My question is by your recommendation do I create the O
inside the domain users folder or do I directly created it under th
domain tree?

Another question is so once Im done the domain user folder and compute
folder will be empty? (If you recommend that I create a OU under th
domain instead of in the domain users folder under the domain)

Thanks
SayitAintSoAd

SayitAintSoAd