One simple question in relation to domain vs. OU - do you need specific and different security policy (i.e. Password or Lockout settings) for any of the locations that you are considering?
If no - then most likely OU's will work for you. OUs are going to allow (and, in fact are designed for) collecting like users and computers into a structure that is specifically designed for implementing administrative management. Domains, however, would require a Domain Admin per domain, which begins to lend too much complexity to the scenario. Specifically, you will have the use of two key things - one is delegation of authority and / or control, as well as Group Policy. Also, you will want to look into sites for each of the remote locations, and also review your network topology (the actual network infrastructure) to determine if the implementation of a number of separate sites is appropriate. I suspect that to control replication and to give a reasonable logon and use 'experience' for your users, you are going to want to seriously consider domain controllers for each site. If you are interested in Dfs (which it sounds as though you are, with the shared folder concept for applications), dedicating a server in most locations for file and print would be a thought as well. Your first decision point is domain vs. OU - I'd suggest the OUs over a bunch of domains. Learn about sites, replication, and Dfs. These will serve you well over the process. Also, get to know our own Brian Desmond here on the list. He's sys admin / designer / all around 'good guy' with a school district in (Chicago???). He's been there, done that with what you are doing. Good luck! Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Greene Sent: Monday, May 16, 2005 11:39 AM To: [email protected] Subject: [ActiveDir] We have not rolled out AD yet and are banging our heads against the wall figuring out which way to go. We have 24 Schools 1 Main office, 1 Maintenance shop, 1 Bus Garage. would it be best for use to roll out a single domain or 27 domains in our forest. it is not important for our users to be able to go to other locations and log into the system. It would be nice to be able to replicate a folder with all the schools that contains programs you never have when you need them (i.e. Adobe). I haven't got a clear understanding of Domains vs. OUs. One way I read it would be best for each school to be a domain and in another reading I think that each school just needs to be their own OU. any help would be greatly appreciated Eddie List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
