I think I am being slowly converted :-)
Michael Parent MCSE MCT
Analyst I - Web Services
ITOS - Systems Enablement
Maritime Life Assurance Company
(902) 453-7300 x3456
| "Tony Murray" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 10/31/2003 06:02 AM
|
To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] OUs by server function? |
Why not try this approach:
Start of with a single OU for all your different server types. Use security group filtering to (exceptionally) handle group policies that need to be applied to certain types of servers but not others (remember that computers can be members of security groups). If you find you have to do a lot of filtering and this becomes too difficult to manage then create new OUs as required.
Here is some on-line info about scope filtering:
http://www.microsoft.com/technet/treeview/default.asp?url="">
The benefit of this approach is that you start of with a simple design and then grow it organically as required, rather than beginning with (potentially) an over-complicated OU structure.
Tony
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Donnerstag, 30. Oktober 2003 20:37
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OUs by server function?
Heh, yeah I understand those are the 2 primary criteria for creating OUs. Let me try again :-)
Here's the thing, I am not sure delegation of computer objects buys you much for servers, so that leaves us with GPO.
On the surface there seems to be a case to dividing them up for this purpose, but I have to wonder if the reality bears that out or not.
So perhaps my question, more focused, ought to have been: for those who have done this, in reality is it practical to try to deploy GPO based on a server's role?
One problem we have is that some servers share roles, and since a server cannot be in two OUs a tthe same time...
I was wondering if there other similar "gotchas", and conversely if anyone has enjoyed some successes in going this route...
Michael Parent MCSE MCT
Analyst I - Web Services
ITOS - Systems Enablement
Maritime Life Assurance Company
(902) 453-7300 x3456
| "Tony Murray" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10/30/2003 03:11 PM | To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] OUs by server function? |
Some good questions to ask when thinking about creating an OU structure are:
1. Will the delegation of administration be different for the various computers?
2. Will the application of group policy be different for the various computers?
If the answer to either of these is yes, then you should consider creating separate OUs. If not, lump them all under the same OU.
In my company, we have separate OUs for client machines and servers, because they are administered by different teams. Administration is delegated at this OU level and is inherited by the OUs at the level below. Beneath these OUs we have a level for applying different group policies, e.g. under the Clients OU we have something like, W2K, Lab, Legacy, etc.
Tony
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Donnerstag, 30. Oktober 2003 16:34
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OUs by server function?
I am currently erdesigning our OU structure and was wondering:
Has anyone done an OU structure that accounts for server function i.e. file and print, web, database?
Was it useful? What other computer structures have you use successfully?
Michael Parent MCSE MCT
Analyst I - Web Services
ITOS - Systems Enablement
Maritime Life Assurance Company
(902) 453-7300 x3456
