General discussion

Locked

Modify Active Directory Infrastructure

By powlboyjr ·
I am hoping to present a plan to my director to completely revamp the Active Directory infrastructure in my organization. Here are some details:

-Company has about 200 users and three IT staff members
-All domain controllers are running Windows Server 2003 SP1
-Current OUs in Active Directory are default OUs.
-All users and computers are part of the Users OU and Computers OU, respectively.
-Auditing is not enabled at all

First of all, my plan is to convert to a Windows Server 2003 domain and forest functional level because all DC's are running Server 2003. I also plan to organize the structure of Active Directory by departments and place users and computers into their appropriate departments.

My director has one problem with moving the users. He said that it has been tried before, and is reluctant to try to change the set up again. I do not see how just moving the users into separate OUs would affect program accessibility if no rights are changed immediately.

Once these OUs are set up correctly, I also want to set up auditing of certain events. I know how to do this, so help is not needed in this area.

My questions is: Should there be any problems related to program access when the users are moved to different OUs?

Thank you for the help and if you need any more details just ask.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Modify Active Directory I ...

There shouldn't be any problems unless applications are provided by Group Policy e.g. advertised or published. Moving users who are in one OU that has this GP applied to another that does not have the GPO linked will result in those uses no longer having access to the programs.

There is also parent to child propogation in nested OUs that you have to look out for.

Collapse -

by powlboyjr In reply to

Thanks for the help. I do not use Group Policy to distribute applications yet, but it is in the works. The major hurdle is convincing my boss that I know what I'm doing without having the credentials on paper. I plan to take a few Server 2003 tests and get my bachelor's in Computer Science within the year.

Collapse -

by lowlands In reply to Modify Active Directory I ...

As long as you don't rely heavily on GPO's for different tasks, you should be able to move your users into as many OU's as you'd like.
But you'll have to think about why you're doing this? What will you gain by implementing a more complex OU structure in AD. With 3 IT staff, I don't think it'll have to do with delegation. And you can enable auditing now if you'd like.

Collapse -

by powlboyjr In reply to

Thank you for the help. As I told CG IT, I do not use Group Policy to distribute applications yet, but it is in the works.

Collapse -

by powlboyjr In reply to Modify Active Directory I ...

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums