General discussion

Locked

Active Directory Restructure

By deerek11 ·
Hello All I been giving a project to redo the active directory scheme, right now they have a domain with 62 Groups and 176 Members of the groups but none of the permission are set right some users that shouldn't have certain premission have then because they are part of groups that they are not suppose to my plan is to reduce the groups and add the member to the new groups and delete all the stuff they have now but I have found no easy way to do this right now it a big mess I have ran all types of reports to outline which users are part of what groups and what premission the groups has now I need to consoldate can any one point me in a direction of some iformation that may make this easier on me or a tool or any Help would be appeacited Thanks Also Let me know if you need more ifomation

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Active Directory Restruct ...

Quest Active Roles Server can consolidate your security management onto one platform that can be easily managed. The default natice tools are not easily used and seldom are rights corretly applied.

http://wm.quest.com/products/activerolesserver/

Collapse -

by deerek11 In reply to

Poster rated this answer.

Collapse -

by Gigelul In reply to Active Directory Restruct ...

I think that you will spent a lot of time to understand what are there, who and what are doing or must doing.

Maybe is a good ideea to start to document all (app., departments, shares, users, PCs, servers, printers, policies, etc.), MAKE A GOOD PLAN, ask for aproval to uper management if its necessary and start to make the changes.

If you will build your schema starting from the departments definition, could be easier to migrate one department and test/fix the issues and then change the others. The human resources department can be a good source of information regarding the company organigrama (groups).

For users it is not so important the AD design, but it is very important to have access to their documents, printers, emails, applications.

If you know what you want document all and start the changes.

Collapse -

by deerek11 In reply to

Poster rated this answer.

Collapse -

by CG IT In reply to Active Directory Restruct ...

I don't know if changing the schema is going to help much with shared resource permissions.

I rather think it would be best to identify shared resources and the who actually needs access to those resources, then create groups and place user in those groups, assign the group to the resource and set permissions for the group. It's always easier to delete or add a user account from or to a group than delete groups themselves.

Management should be involved in making the decision of who gets access to what once you know what has access to what. Then they can't boo and throw paper wads as you when your walking down the hallway.

Collapse -

by deerek11 In reply to

Poster rated this answer.

Collapse -

by deerek11 In reply to Active Directory Restruct ...

This question was closed by the author

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums