To fix this just add in the middle initial.įor example, I have Joe Smith, then I get a new employee with the name of Jane Smith. The one problem you may run into is duplicate user names. The next popular option is complete first name + last name (use a special character to separate the name).īoth methods work well and are user friendly. The most popular option is users first initial + last name. Here are my tips for good naming conventions. No matter if your organization is big or small you need to standardize the naming of Active Directory objects. I have the flexibility to apply group policies, delegate control, and administer the objects.
WINDOWS SERVER 2008 SECURITY GROUPS HOW TO
Now I can apply policies to all the servers or specific ones.īy keeping Active Directory organized all the admins will know how to easily find objects. I can also create sub OUs to group specific servers for whatever need. You will have group policies that need to apply only to servers and not workstations and vice versa. You want to keep your servers in their own OU. This works great, I know exactly where all the groups are and can organize them any way I want with sub OUs. Just like users and computers, I can create sub OU’s to group department or functional groups together. To fix this mess I created a group just for security groups. They would end up in various places and then no one could find them. What happened was, I would have groups that were not department specific. Design Tip #2: Create an OU for Security GroupsĪt first, I put security groups into department folders. Now, these computers still inherit the policies from their parent while applying the new timeout policy. I created a new Group Policy object that changed the lockout time to 60 minutes and applied it to this new OU. To fix this I just created a sub OU called conference room computers and moved the affected computers into this OU. This became a problem for conference room computers, users would be teaching or giving a presentation and the screen would keep locking. I have a domain policy that locks the computers after 15 minutes of inactivity. Here is one example that demonstrates the flexibility of this design. It’s very simple, flexible, and easy to navigate. That’s it for organizing users and computers. I’ll create an OU for each one of these functions. Next, I’ll create OU’s for specific functions or grouping of similar objects. Next, create sub OU’s for each department. Instead, create a new OU for Users and an OU for computers. Design Tip #1: Separate Users and Computersĭo not lump users and computers into the same OU, this is a Microsoft best practice. Now that I’ve explained why OU design is so important, let me show you my tips for good OU design.
If Active Directory is a mess, these simple day-to-day tasks can become difficult for the whole team. Modifying user accounts, using LDAP queries, reporting, and bulk changes are all common administrative tasks. Proper OU design will allow you to easily delegate permissions at a granular level.
WINDOWS SERVER 2008 SECURITY GROUPS UPDATE
Reason #2 Delegate permissionsĭoes your helpdesk need to reset passwords, add and remove computers from the domain? Do you need non admins to manage groups? Does HR need access to update user accounts?īeing able to delegate rights at a granular level and auditing those rights is a must. I’ve seen a drastic decrease in issues with proper OU design. Having a good OU design will make implementing and managing group policies much easier. If you don’t have a good Active Directory organization unit (OU) design you’re going to have problems.įirst, I’ll quickly explain the three main reasons why good OU design is so important. In this article I will share my tips on, design, naming conventions, automation, AD cleanup, monitoring, checking Active Directory Health, and much more.Ĭheck it out: 1. This is the most comprehensive list of Active Directory Management Tips online.
0 kommentar(er)
