Recommendations for OU and group policy design

Tags:
Business/IT alignment
Compliance
DataCenter
Desktops
Development
Laws
Management
Microsoft Windows
Networking
OS
Regulations
Security
Servers
SQL Server
standards
Tech support
Hi, We are currently running a Win2003 AD and have been for some time. As is the usual with this sort of thing, the OU and Group Policy structure has evolved over time and it's currently in a bit of a mess. I'd like to get some input on how best to re-design the OU and GPO structure. Any ideas are welcomed. Thanks in advance, Greg.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Even though the task may seem daunting at this time, don’t worry, once you work everything out, it’s just a matter of implementation.

Basically, what I did was to break it all out on paper. I worked for a company with multiple offices worldwide so the first thing I did was break everything down by what office a user was in and then by what department they were in until everyone fit in to the appropriate place.

Another way to look at it would be from an HR point of view and just break down all of your users by what department they are in regardless of location, though, I did find it more organized to break them by location first and then department. It all depends on how you want the information broken out.

I hope this helps.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • HumbleNetAdmin
    GregNottage rayne427?s post is right on. That is how I manage the AD structure as well. In my last position as Net Admin. I broke down the AD OU Structure into departmental levels. The primary reason for doing this was for granularity in applying Group Policies for our employees. And the other was because we started providing terminal service access to run applications to our clients. I needed to be able to maintain control of each TS client?s access and desktop, and that control would need to be different at three different levels for each client, as well as different for each client. Following is a diagram of sorts of how I did it. Hope this helps and good luck AD Domain (Default Domain GPO) | -Sales OU (Sale OU GPO) | -Customer Service OU (CustServ OU GPO | -IS OU (IS OU GPO) | -Terminal Service Users OU (TS OU GPO) | ------Client A (Client A OU GPO) | ---------Branch (ClnABrn OU GPO) | ---------Administration (ClnAAdmin OU GPO) | ---------Corporate (ClnACorp OU GPO) | ------Client B (Client B OU GPO) | ---------Branch (ClnBBrn OU GPO) | ---------Administration (ClnAAdmin OU GPO) | ---------Corporate (ClnACorp OU GPO)
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following