In my opinion when talking about structures an OU structure is based on the following design rules: (1) Create the first OU structure based on the needs of delegation of control (who does what and what is the scope) (2) Adjust the first structure to your needs to hide certain objects if applicable (3) Adjust the second structure to your needs to apply group policy objects for policy management and/or software distribution
always: * justify the existence of each OU.. otherwise get rid of it! * and when finished with the three rules go through them again to see if it still meets your needs in all three situations. * don't set up the OU structure primary to reflect the organizational structure (it is however possible that after following the rules the OU structure reflects the organizational structure) * also think about other possible configurations These are my EUR0.02 (or US$ 0.025) ;-) Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/24/2005 8:45 PM Subject: [ActiveDir] When is an AD structure too deep? Good Afternoon, A specific item was brought up in the following thread regarding deep AD structures, http://www.mail-archive.com/[email protected]/msg28979.html <http://www.mail-archive.com/[email protected]/msg28979.html> Coincidentially I have been thinking about AD structures and the depth or complexitiy of them. I was hoping to explore this topic in a bit greater detail. My scenario is, I am involved with desktop administration, but currently do not do the hands on design/policy implementation. This is what I would term a "black hole" in our organization. I am suggesting changes to the AD structure to the management groups followed by delegation of polcy right to allow us to perform the functions that IMO are vital. The current structure stops at the location level with only desktops, servers, users, laptops below each location. Thus all business units would get the same policies, however the operations of the units do not currently allow that (nor does the current company culture), thus we are hampered on taking many necessary actions for managing a medium sized organization due to the wider impact at the location level. My example: Root domain <Region Domain (e.g. North America, etc.)> <Location> <Business Unit> Desktop Laptops Users <Business Unit> Desktop Laptops Users <Business Unit> Desktop Laptops Users <Location> This is a structure I am proposing to increase the manageability of our environment with policies, sofitware assignments, and IMO a more logical structure. Questions: Any comments on the structure? What is considered a deep structure? What is considered too deep a structure? How many here are running a deep structure? Any problems or caveats to this? Can anyone provide some links to resources covering pros and cons of different structures? I am new to this list and will be searching the archives in detail as I get more time, however if this has been covered and someone has a quick link handy please let me know. Thanks Dave This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
