OU creation question

[Russ]

We currently have our OUs designed in this way--

CAM OU(Division)
WH OU(Hemisphere)
DHQ OU(Location)
(Computers Users and Groups go here)


But some of our remote admins are telling us we should do it this way

CAM OU(Division)
WH OU (Hemisphere)
DHQ OU(Location)
Computers OU (Computer accounts go here)
Users OU(User accounts go here)
Groups OU(Group accounts go here)

Is it stupid to create an individual OU for each object type?
(Computers, users, groups)? Versus having them all in that site's OU
and just sorting them when viewing them?

 

[Cary Shultz [MVP]]

-----Original Message-----
We currently have our OUs designed in this way--

CAM OU(Division)
WH OU(Hemisphere)
DHQ OU(Location)
(Computers Users and Groups go here)


But some of our remote admins are telling us we should do it this way

CAM OU(Division)
WH OU (Hemisphere)
DHQ OU(Location)
Computers OU (Computer accounts go here)
Users OU(User accounts go here)
Groups OU(Group accounts go here)

Is it stupid to create an individual OU for each object type?
(Computers, users, groups)? Versus having them all in that site's OU
and just sorting them when viewing them?
.

Russ,

No one can tell you what is stupid in your environment!
I would, however, tend to agree with your remote admins (
at least in principle ). However, that totally depends
on what you do with the OUs. If you just simply create
the OUs so that there is soley some separation then I
guess that it does not really matter. However, if you
use the OUs to apply Group Policies then it *COULD* be
useful! Again, that depends on what you are trying to do.

I typically create an OU structure as follows:

Departments
HR
IT
Marketing
Sales
Finance
PCs
WIN2000
WINXP

However, please keep in mind that I am in tiny Roanoke,
VA where there are not too many companies with multiple
sites, hundreds of users, etc. This is typically for a
single location, 45-user environment. I typically use
GPO to install Adobe Acrobat Reader 6.0 ( I like to
publish it to the Computer Configuration ) and Office
2000 / XP ( I like to Advance Assign it to the User
Configuration and make use of the .mst files so that
Sales people get Power Point and Finance gets Access,
etc. and everyone gets Word, Excel and Outlook! ).

It totally depends on what you are going to do! And
remeber that OUs can be restructured and users can be
moved in and out of OUs very easily ( just need to make
sure that you are aware of the consequences of that ).
Remember that you can create a GPO and have it linked to
that particular OU as well as link that particular GPO to
any other OU. You can also make use of Security Groups
to filter GPOs. I have included the last two lines for
some general information to keep in the back of your head
( if you were not already aware ).

HTH,

Cary