This works great, I know exactly where all the groups are and can organize them any way I want with sub OUs. Just like users and computers, I can create sub OU’s to group department or functional groups together. To fix this mess I created a group just for security groups. They would end up in various places and then no one could find them. What happened was, I would have groups that were not department specific.
Design Tip #2: Create an OU for Security GroupsĪt first, I put security groups into department folders. Now, these computers still inherit the policies from their parent while applying the new timeout policy. I created a new Group Policy object that changed the lockout time to 60 minutes and applied it to this new OU. To fix this I just created a sub OU called conference room computers and moved the affected computers into this OU. This became a problem for conference room computers, users would be teaching or giving a presentation and the screen would keep locking. I have a domain policy that locks the computers after 15 minutes of inactivity. Here is one example that demonstrates the flexibility of this design. It’s very simple, flexible and easy to navigate. That’s it for organizing users and computers. I’ll create an OU for each one of these functions. Next, I’ll create OU’s for specific functions or grouping of similar objects. Next, create sub OU’s for each department. Instead, create a new OU for Users and an OU for computers. Design Tip #1: Separate Users and Computersĭo not lump users and computers into the same OU, this is a Microsoft best practice. Now that I’ve explained why OU design is so important, let me show you my tips for good OU design. If Active Directory is a mess, these simple day to day tasks can become difficult for the whole team. Modifying user accounts, using LDAP queries, reporting and bulk changes are all common administrative tasks. Proper OU design will allow you to easily delegate permissions at a granular level.
MICROSOFT WORD THE ACTIVE DIRECTORY DOMAIN SERVICES UPDATE
Reason #2 Delegate permissionsĭoes your helpdesk need to reset passwords, add and remove computers from the domain? Do you need non admins to manage groups? Does HR need access to update user accounts?īeing able to delegate rights at a granular level and auditing those rights is a must. I’ve seen a drastic decrease in issues with proper OU design. Having good OU design will make implementing and managing group policies much easier. If you don’t have good Active Directory organization unit (OU) design you’re going to have problems.įirst, I’ll quickly explain the three main reasons why good OU design is so important. In this article I will share my tips on, design, naming conventions, automation, AD cleanup, monitoring, checking Active Directory Health and much more.Ĭheck it out: 1. This is the most comprehensive list of Active Directory Management Tips online.
0 kommentar(er)
