To fix this mess I created a group just for security groups. They would end up in various places and then no one could find them. What happened was, I would have groups that were not department specific. Problem solved! OU Best Practice #2: Create an OU for Security GroupsĪt first, I put security groups into department folders. Now, these computers still inherit the policies from their parent while applying the new timeout policy. I created a new Group Policy object that changed the lockout time to 60 minutes and applied it to this new OU. To fix this I just created a sub-OU called conference room computers and moved the affected computers into this OU. This became a problem for conference room computers, users would be teaching or giving a presentation and the screen would keep locking. This policy was applying to every computer in the domain. Here is a real-world example of how a good OU structure makes managing Active Directory easier.Ī customer had a domain policy that locks the computers after 15 minutes of inactivity. The most important tip is to group user and computer objects into separate organizational units.Īctive Directory Design Best Practices Example In organizations I’ve worked at, it made the most sense to manage them by department and specific functions. You can structure the sub-OUs in any way you like, it basically comes down to how you plan to manage the users and computers. I’ll create an OU for each one of these functions. Next, create OUs for specific functions or grouping of similar objects. Next, create sub-OUs for each department or grouping. Instead, create a new OU for Users and an OU for computers. OU Best Practice #1: Separate Users and Computersĭo not put users and computers into the same OU, this is a Microsoft best practice. Now that I’ve explained why OU design is so important, let me show you my tips for good OU design. If Active Directory is a mess, these simple day-to-day tasks can become difficult for the whole team. Reason #3 Administrative tasks – Modifying user accounts, using LDAP queries, reporting, and bulk changes are all common administrative tasks.A proper OU structure will allow you to easily delegate permissions at a granular level. Reason #2 Delegate permissions – Being able to delegate rights at a granular level and auditing those rights is a must.I’ve seen a drastic decrease in issues with proper OU design. Reason #1 Group Policies – Having a good OU design will make implementing and managing group policies much easier.If you don’t have a good Active Directory organization unit (OU) design you’re going to have problems.įirst, I’ll quickly explain the three main reasons why good OU design is so important. Active Directory OU Structure Best Practices In this article, I will share my tips on, AD design, naming conventions, automation, AD cleanup, monitoring, Active Directory user management, and much more.Ĭheck it out: 1. This is the most comprehensive list of Active Directory Management Tips online.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |