There's no end all domain structure best practice. An empty root is fairly well accepted. Beyond that there are a multitude of things you need to look at from an technical perspective. One reason to segment off domains sometimes is geography. You have an AsiaPac domain and a Americas domain so that your AsiaPac <> Americas traffic is just GC replication rather than DC and sysvol. If you're truly goign to delegate it all out, and things like the above conern don't play in, I'd probably place my ballot on a sinle domain without knowing anything else. In reality you need to get yourself a provisioning ysstem and delegate account management tasks. Trust your provisioning system to do object lifecycle management. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132
________________________________ From: [EMAIL PROTECTED] on behalf of Harding, Devon Sent: Thu 1/12/2006 11:11 AM To: [email protected] Subject: RE: [ActiveDir] OU Delegation Well, I just thought it would be best practice to consolidate multiple domains to one. What's recommended? ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, January 11, 2006 7:58 PM To: [email protected] Subject: RE: [ActiveDir] OU Delegation You want to look at a couple of main points 1. How do you plan to delegate the permisisons, I.E. the groupings of machines, users, etc. 2. How do you play to do GPOs if at all. 3. How is the administration really going to work. For instance, if you use a provisioning system for managing users (highly recommended) you don't generally want to delegate those to local OU admins but instead keep them in a main OU that the provisioning system only has control to. Why one domain and one root domain? I am not arguing one way or the other, just curious for the reasoning. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Wednesday, January 11, 2006 4:24 PM To: [email protected] Subject: [ActiveDir] OU Delegation We're in the process of consolidating 21 child domains into just one and one root. We want to separate the divisions (domains) into different OUs. Is there a guide or best practice out there on delegating admin permissions on OUs? Also, we've got Exchange permissions to deal with too. Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469 ________________________________ __________________________________ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You.
<<winmail.dat>>
