1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Active Directory Design

Discussion in 'Networks' started by b2051758, Apr 13, 2012.

  1. b2051758

    b2051758 Bit Poster

    14
    0
    2
    Hello All,

    I'm new to this so please bear with me. I have been given an exercise to design a user and group structure in Active Directory for a made up company with the following info.
    Managing Director x1
    Sales Manager x1
    Purchasing Manager x1
    Accounts Managerx1
    Sales Staff x4
    Purchasing Staff x4
    Accounts Staff x4.

    16 users in all. How would I go about organizing this when they all have difference requirements for software installation, access to certain files, ect?
    The managers need access to all files within their respective departments with the MD having access to all files. I understand that ill have to apply a different GPO to specify which users get what software but does that mean separate OU's for each manager, and users since not all users require the same software as the others?

    Thanks for any info

    Tom.
     
    carlolewis likes this.
  2. mcbro

    mcbro Byte Poster

    136
    0
    23
    A different OU for every manager or user wouldnt scale very well in a large business! How about doing it by department.
     
    Last edited by a moderator: Apr 13, 2012
    Certifications: MCITP:EA, CCNA
  3. b2051758

    b2051758 Bit Poster

    14
    0
    2
    So if I have a separate OU for the MD, sales, purchasing and accounts and within each them have two global groups, one for staff and one for managers. If a GPO applied to say the sales OU, would this affect all users in that OU no matter which group they are in?
     
  4. mcbro

    mcbro Byte Poster

    136
    0
    23
    I think your getting groups and ou's mixed up buy yes if you applied a gpo to an OU it would affect anything within that OU unless you explicitly set it not to inherit the settings.

    Best thing to do is if you have a PC/laptop with ok spec is create a virtual machine and install Windows server with AD in it. That way you can do all this for real(ish)
     
    Last edited: Apr 13, 2012
    Certifications: MCITP:EA, CCNA
  5. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Think of it this way, GPOs apply to organizational units. The GPOs can be applied to users and computers in the OUs to restrict/apply settings, deploy packages, scripts etc. User Groups for example are good for applying permissions. For example a security group can be given permission to a folder where only the users in that group can have access... Depending on that type of requirement, you have to build your AD environment accordingly. One thing to note, you can do these changes in more than just one way and have the same result, you just need to figure out the most efficient way to do it.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. b2051758

    b2051758 Bit Poster

    14
    0
    2
    Thanks for all the info guys, I think I understand it now! Reading a Microsoft book on managing servers makes it seem soo much more complicated than it is, maybe its the way they word it. I already have a few xp machines on virtual, so Ill install a virtual server also as I can get windows server off MSDN :-).
     

Share This Page

Loading...