Computer Performance

Google

Web Search Site

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

How are your OU's configured?

Do your OUs reflect your company structure?

Litmus Test

 

 

Best Practice (Litmus Test)

Professionals: Plan to create lots of Organizational Units

Amateurs: Create all new objects in the Users folder

Organisational Units

Windows Server 2003 (and W2K) feature Organization units, the benefit of OUs is that they allows you to classify users by department or site.  There are two advantages of this arrangement, you can delegate within units, and you can create different Group Policies for each OU.

If you do not create OUs, all your users will be born in the default container, and so you lose a valuable chance to categorize people by department or site. 

Planning Organization Units is a major job.  Firstly do create a top level based on geographic location, or company department?  Also bear in mind that OUs are the main vehicle for Group Policy, my point is that you may want different Group Policies for different users.  So take care designing your OU structure.

Delegation

Delegation is item that has been high on administrator's wish list for many years.  The problem in NT 4.0 is that if you wanted help desk staff to be able to change user's passwords, then you had to make them members of the Account operator's group. There was no half way house they either had full rights over the users or none at all.

With Windows server 2003 you can achieve fine control through delegation.  For example, help desk staff can reset passwords of the sales OU.  Human resources can be delegated to create new users in the manufacturing OU.  Neither group would be allowed to view the audit logs or reset the administrator's password.

To configure, got to \ Active Directory Users and Computer \ <domain> \ organisational unit \ Right Click  Delegate Control.

TrainSignal - Recommended Training VideosActive Directory Training.  As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Active Directory or go for a combination of modules.  See more about Active Directory training

 


Download my Jumbo Litmus Test eBook $5.95

Litmus TestsOver 40 of Guy's litmus tests.  Have fun while you learn about Windows Server 2003.  Stacks of ideas to check your servers, networks and security.

Your eBook has printer friendly pages and lots more screen shots.

 

 

 

Sign up to my new Ezine and get a free Best Practice ebook. 

 

 *

Google

Webcomputerperformance.co.uk

Guy Recommends: SolarWinds Exchange Monitor

Exchange Monitor from SolarWindsHere is a free tool to monitor your Exchange Server

 

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.