I am hoping to present a plan to my director to completely revamp the Active Directory infrastructure in my organization. Here are some details:
-Company has about 200 users and three IT staff members
-All domain controllers are running Windows Server 2003 SP1
-Current OUs in Active Directory are default OUs.
-All users and computers are part of the Users OU and Computers OU, respectively.
-Auditing is not enabled at all
First of all, my plan is to convert to a Windows Server 2003 domain and forest functional level because all DC’s are running Server 2003. I also plan to organize the structure of Active Directory by departments and place users and computers into their appropriate departments.
My director has one problem with moving the users. He said that it has been tried before, and is reluctant to try to change the set up again. I do not see how just moving the users into separate OUs would affect program accessibility if no rights are changed immediately.
Once these OUs are set up correctly, I also want to set up auditing of certain events. I know how to do this, so help is not needed in this area.
My questions is: Should there be any problems related to program access when the users are moved to different OUs?
Thank you for the help and if you need any more details just ask.
