Users and groups in W2K3 AD

M

Milos Puchta

What are basic rules for placing users and groups in AD?
In my understanding the default placing is not optimal from
the security reason and there is function, that redirects new
created users to OU with given GPO.
Unless loopback is applied is there any objection to the
following scheme? (User object are created directly by dsadd)

Places(OU) Room1 (OU)(with computers PC1, PC2,.....,PC10)
Room2 (OU)(with computers PCa1, PCa2,.... )
Hall1 (OU)(with computers SA1, PCcontroll,.....)

People(OU) Visitors (OU) (with users Guest1, Guest,...
and group GlobalGuest,
LocalGuest,...)
Employees (OU) (with users John, David, Ann,....
and group GlobalEmpl1,
GlobalEmpl2,..)

Your comments are appreciated.
Rgds,
Milos
 
J

Johan Arwidmark

You are right about not having to users in the users container, but
when it comes to ou-planning there is no absolute right or wrong.
Think more of it like how you would like to administer your Active
Directory. The OU structure is a pure logical representation of the
objects.

Most companys I know of uses an OU structure that represent either
their geographic locations or the different departments in the
organization.

Your OU structure looks fine to me

regards
Johan Arwidmark

Windows User Group - Nordic
http://www.wug-nordic.net
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

groups and OU's in ad 3
AD OU Objects and Replication Performance 5
Inter-Forest Trust with AD Delegation 2
TEST/EVAL 2000 AD Lab built 2
AD OU and Security Group Structure 1
NT4.0 to AD 2003 Users and groups info 1
Manage Users and Groups from W2K workstation 1
How to show part of the AD Users and Computer in the Tree 2

Top