I agree. I also would say that the depth and its impact is two-dimensional: A good rule of thumb is to keep it shallow if possible although no technical reason is available for that. It's a best practice mostly but I seem to recall there were some apps that will care if they try to keep that path information in a variable :) It's also an impact if you make it so complex that you don't efficiently manage the environment. That's what OU's are for after all - more efficient management.
My $0.04 anyway -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Tuesday, May 24, 2005 3:04 PM To: [email protected] Subject: Re: [ActiveDir] When is an AD structure too deep? Do policies change for the same Business Unit from location to location? I would much prefer to see an OU structure like: Domain -> Business Unit -> Desktop/Laptop/User If there are Policies that really do need to be applied by location I might look at making a GPO for that Site instead of by OU. Are you concerned that the depth you are proposing here would cause issues? If so, then you can feel safe that this is not an overly deep structure and is of a fairly common depth. Phil On 5/24/05, Dave Hochstaetter <[EMAIL PROTECTED]> wrote: > > > Good Afternoon, > > > A specific item was brought up in the following thread regarding deep > AD structures, > > > http://www.mail-archive.com/[email protected]/msg28979.html > > > > Coincidentially I have been thinking about AD structures and the depth > or complexitiy of them. I was hoping to explore this topic in a bit > greater detail. My scenario is, I am involved with desktop > administration, but currently do not do the hands on design/policy > implementation. This is what I would term a "black hole" in our organization. > > > > I am suggesting changes to the AD structure to the management groups > followed by delegation of polcy right to allow us to perform the > functions that IMO are vital. The current structure stops at the > location level with only desktops, servers, users, laptops below each > location. Thus all business units would get the same policies, however > the operations of the units do not currently allow that (nor does the > current company culture), thus we are hampered on taking many > necessary actions for managing a medium sized organization due to the wider impact at the location level. > > > > My example: > > > > Root domain > > <Region Domain (e.g. North America, etc.)> > > <Location> > > <Business Unit> > > Desktop > > Laptops > > Users > > <Business Unit> > > Desktop > > Laptops > > Users > > <Business Unit> > > Desktop > > Laptops > > Users > > <Location> > > > > > > > > This is a structure I am proposing to increase the manageability of > our environment with policies, sofitware assignments, and IMO a more > logical structure. > > > > Questions: > > > > Any comments on the structure? > > What is considered a deep structure? > > What is considered too deep a structure? > > How many here are running a deep structure? > > Any problems or caveats to this? > > Can anyone provide some links to resources covering pros and cons of > different structures? > > > > I am new to this list and will be searching the archives in detail as > I get more time, however if this has been covered and someone has a > quick link handy please let me know. > > > Thanks > > Dave List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
