HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU) PROPERLY
Hi Ya,
I have seen many messy Active Directory Structure where there is mixture of users and computers. Creating and targeting policy is a messy. When you built your AD,it will look like the picture on the right.
They are the default Microsoft AD OU structure. These OU has specific Purpose.
I have seen many messy Active Directory Structure where there is mixture of users and computers. Creating and targeting policy is a messy. When you built your AD,it will look like the picture on the right.
They are the default Microsoft AD OU structure. These OU has specific Purpose.
OU
|
CONTENTS
|
Builtin
|
The Builtin container holds default service administrator accounts and
domain local security groups. These groups are pre-assigned permissions
needed to perform domain management tasks.
|
Computers
|
The Computers container holds all computers joined to the domain
without a computer account. It is the default location for new computer
accounts created in the domain.
|
Domain Controllers
|
The Domain Controllers OU is the default location for the computer
accounts for domain controllers.
|
ForeignSecurityPrincipals
|
The ForeignSecurityPrincipals container holds proxy objects for
security principals in NT 4.0 domains or domains outside of the forest.
|
LostAndFound
|
The LostAndFound container holds objects moved or created at the same
time an Organizational Unit is deleted. Because of Active Directory
replication, the parent OU can be deleted on one domain controller while
administrators at other domain controllers can add or move objects to the
deleted OU before the change has been replicated. During replication, new
objects are placed in the LostAndFound container.
|
NTDS Quotas
|
The NTDS Quotas container holds objects that contain limits on the
number of objects users and groups can own.
|
Program Data
|
The Program Data container holds application-specific data created by
other programs. This container is empty until a program designed to store
information in Active Directory uses it.
|
System
|
The System container holds configuration information about the domain
including security groups and permissions, the domain SYSVOL share, DFS
configuration information, and IP security policies.
|
Users
|
The Users container holds additional predefined user and group
accounts (besides those in the Builtin container). Users and groups are
pre-assigned membership and permissions for completing domain and forest
management tasks.
|
Source: https://sites.google.com/a/pccare.vn/it/ent-admin-pages/default-containers
Many engineers will just create users, computer or security group inside one of these OU or Just create OU saying users and workstation. Personally I don't like engineers doing this because this makes harder to manage the OU structure and it will create mess on long run. Instead creating a separate organizational unit (OU) naming as your Organization name would just do good.
If you have a small to medium organization to maintain, do create a a separate parent OU relating to your organizational name. Add sub OU creating Users , computers and Groups to organize.
This makes way way convenient to maintain Active Directory (AD). This not only help you to understand your AD, It will also easy on applying group policy to apply. This is because you can create sub OU inside the parent OUs
For example if my Organization have floors or room, I can create OU under that name and place my computer base on floors. Easily apply printing Group policy to the computer base on floor 1.