I'd say it depends on whether you're opting for centralised or decentralised administration. The fact that you talked about ASP being responsible for packages suggests that you're referring to a more granular approach on a per site basis in which case 2nd camp for sure. IMO a 'flat and fat' approach OU-wise isn't a bad thing... it's only when you nest your OU's that there's real issues.
You mentioned Tivoli for software distribution, so you're not relying on Group Policy in that sense. If you have a common desktop, common build, common everything GP-wise then maybe the first scenario has a bit of credence, otherwise go with (2). If you can post a bit more info, it'd be useful. Good luck, Mylo PS: Just curious, but this sounds like you've got some ex-Novell ppl there, as this is the sort of holy war I recall with NDS :0) ----- Original Message ----- From: "Mike Baudino" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 04, 2004 6:19 PM Subject: [ActiveDir] OU design quandary > > > > > All, > > We are in the final stages of a global AD design for our company. The > design will have two user domains -- one for North America and one for > Europe -- and it will have an empty root. Each of the user domains will > have approximately 35,000 users. Software distribution will be via Tivoli. > > Two camps have emerged regarding OU structure and there's a rather large > gap between them. I'm asking for your expert and experienced input to help > resolve this issue. > > Camp one: > We're going to search instead of browse. So put all users in a single > users OU, put all desktop machines in a single desktops OU, put all laptops > in a single laptops OU, put all IIS servers in a single OU, all SQL servers > in a single, etc, etc, etc. Manage by groups instead of by OU in which the > object resides. > > Camp two: > Regardless of whether we're going to search or browse, at some point having > office heirarchy in the OU design will be helpful enough that it's > necessary to build it now. Users, desktops and laptops will be grouped as > child OUs to the office OUs. Servers for applications will be grouped by > function and then by the , by the application suite or ASP that is > responsible for the application. Allows more granular delegation and > application of group policy. > > > We have too little actual deployement and management experience in Active > Directory, especially this size, to make a definitive decision so I would > appreciate any and all feedback regarding the pros and cons. > > > Thanks, > Mike > > > ******************* PLEASE NOTE ******************* > This E-Mail/telefax message and any documents accompanying this > transmission may contain privileged and/or confidential information and is > intended solely for the addressee(s) named above. If you are not the > intended addressee/recipient, you are hereby notified that any use of, > disclosure, copying, distribution, or reliance on the contents of this > E-Mail/telefax information is strictly prohibited and may result in legal > action against you. Please reply to the sender advising of the error in > transmission and immediately delete/destroy the message and any > accompanying documents. Thank you. > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
