General discussion


Active Directory - Planning stage - OU's

By sunshine47 ·
Hi there,

I work for a multinational organisation.
We are one company(as oppsed to a comglomorate) with around 20 offices in Europe and Japan(500 users).
Each country is using their own language for the desktop OS's(2000, xp). Currently each office is a single NT4 domain(no trusts).
I am playing with different AD models and am leaning towards the geographical approach but was wondering a few things.

1. Would it be a good idea to have an OU for each Country and under that an OU for each City? This would be useful as we do have an administrator in each country, but is this just adding a layer too many? (I could easily just make the admin guy the administrator of which ever city in that country)

2. Do any of you (with multinationals) use a OU based on Language? Is it useful?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Active Directory Configuration

by BFilmFan In reply to Active Directory - Planni ...

Devising one OU per country and one OU per city, may work for you or it may not.

Some nations/confederacies (US, EU, etc) require data security and separation to protect end user data. You should check with your legl departments to see if there are any concerns.

While most believe that the domain is the boundary security model, this is not actually true in Active Directory. Since all domains have a trust automatically between each other, the true security boundary is the forest. Thus, if you have a requirement for physically or logically secure data, you are truly looking at separate forests.

If you do plan to implement multi-language OU capability into the forest, that you do organize by nation and city. However, this may well cause issues in some nations where citizens are multi-lingual. An example would be Canada where both French and English are naturally spoken depending on the area in which you are located. I can see potential issues if a client from the Ontario office visits the Quebec office.

Also, having a deep OU structure will also complicate security modeling. You will need to have a very deep understanding of Group Policy Objects to successfully implement this design. And your support personnel will require training in supporting this design.

Best of luck.

Related Discussions

Related Forums