Simple OU structure, something like:
|--Branches
|--Users
|--ComputersThe "Users" OU would hold around 5000 users and the "Computers" OU an equal amount of workstations and servers.
GPO's would be created for the users and linked to the OU, but only applied to certain global groups that the users would be members of. Similar for the computers. There would be an "All Users" and "All Computers" GPO with global settings, then more granular GPO's for departmental specific settings.
Almost all administration would be done centrally, so there should be little need for delegation.
This seems like it should be simple and effective, but we haven't tried it real-world, so I'm curious if people have any thoughts on possible gotcha's, issues, etc.
-- David
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
