Well, what I wrote is AD design 101. You'll probably find it in every AD book, and also Microsoft's AD design documentation. And having implemented AD designs for a number of large enterprises, I think I have a reasonable idea of what works and what doesn't :-)
Obviously it depends on what your business does, and how it's administered. If you need to administer things (either delegate administration/permissions, or apply administrative settings) by region/geographical area, then organise your OU structure that way. But I've seen waaaay to many businesses organise things by geographical area just so that admins can find things easier in dsa.msc. That is a sub-optimal AD design, and just makes it harder to use AD effectively. Organise your OU structure by how you administer things, rather than how to make it easier to group things in GUI tools. Cheers Ken From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Tuesday, 5 February 2008 9:23 AM To: NT System Admin Issues Subject: RE: Server naming And there is nothing wrong with your way of doing it. I have my OUs set by area so that I can use GPOs to install software from different servers based on where they are located (not server based administration as Ken mentions). It has worked fine for me for years. I was curious if Ken had a reason for his blanket statement regarding how it shouldn't be done. If a reason exists I would be interested to know what it is. Tim From: Webb, Brian (Corp) [mailto:[EMAIL PROTECTED] Sent: Monday, February 04, 2008 3:26 PM To: NT System Admin Issues Subject: RE: Server naming I think what Tim is saying is the reason for creating new OUs is for administration purposes. The primary reason to create a new OU is to facilitate delegating administration or assigning Group Policy. We have hundreds of servers, but fewer than 10 OUs for them. -Brian ________________________________ From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Monday, February 04, 2008 2:53 PM To: NT System Admin Issues Subject: RE: Server naming I'm curious why you say that Ken. From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Sunday, February 03, 2008 4:07 AM To: NT System Admin Issues Subject: RE: Server naming Unless you have server administration by region, you shouldn't be organising your servers into regional specific OUs. Cheers Ken From: MarvinC [mailto:[EMAIL PROTECTED] Sent: Friday, 1 February 2008 4:28 AM To: NT System Admin Issues Subject: Re: Server naming Makes a whole lot of sense for me too. Once you create your OU's and place everything where they need to go then it gets even easier, for me anyways. So if I need to see all systems in a particular region or location I navigate to that function or location specific OU and go from there. Keep it simple, seriously! If you're dumping everything into one OU then I can see how it'd be a problem. On 1/31/08, Michael Ross <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: I choose a 2 letter prefix for the location such as CH for Chicago, then a meaningful name after that like Exchange for the type of server, then a number for the amount of servers you will have CHExchange1 CHFile1, etc. makes so much more sense to me. i know where it is, and what it is. -----Original Message----- From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, January 31, 2008 10:44 AM To: NT System Admin Issues Subject: RE: Server naming At my last job, we used golf related terms. Eagle, Putter, Driver, Wedge, Bunker, etc... at the job before that, we used superheroes. Superman, Spiderman, etc. Currently, we're using role based names, which I actually don't like, as it makes it that much easier for a hacker to know where to go for the info he's looking for... Joe Heaton -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, January 31, 2008 8:21 AM To: NT System Admin Issues Subject: Re: Server naming On Jan 31, 2008 10:22 AM, David Lum <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: > Attacking server naming conventions again, how do you guys name your > servers? Depends on the nature of the organization. For larger organizations, or if you have lots of servers, a name based on the site, function and a number tend to be the only way to go, especially with the flat naming system Windows still uses internally. For smaller shops with the right attitude (like my current employer), I tend to go with more interesting names, with a theme. Small shops almost always have all their servers being multi-purpose. Naming everything "SRV1", "SRV2", and so on tends to be confusing. For example, at my current main gig, we've got TIGER, PUMA, LION, COUGAR, and NTSERVER. (Can you guess which one has the legacy app that just don't die? ;-) ) At my last main gig, we used Simpsons characters. This doesn't scale up to large orgs, though, and if the place has a stuffy attitude it's not appropriate, either. For the latter, I usually just use "ORGSVR1" or whatever. RFC-1178 has some advice on this, although it's oriented more towards DNS, where the tree structure makes naming conflicts less of an issue. > Currently we use location and function in the name, but what about a > server that does more than one thing? Use a more generic name, like "SRV" or "UTIL" or whatever. Indeed, if it's at all likely a server will be tasked with multiple things, I always try to go with the more generic name. A server named one thing that's really doing more is misleading. Worse is when the original task then gets moved off, and now you have a server named "DC1" that isn't a DC anymore, or something like that. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
