i am in the process of restructuring the hierarchical structure of the local active directory server of the institution i am working for. I was wondering if anyone knew of any place i could find best practices for this task. For example if it is better to have machines and users in separate OUs etc or if there are any sites with examples i could have a look at to get ideas.
e.g.
- domain.local
- computers
- users
- CompanyComputers
- Servers
- Workstations
- Accounting
- IT
- Administration
- CompanyUsers
- Administration
- Accounting
- IT
Thank you
Best Answer
The term "best-practices" when referring to the structure of your Active Directory is very open ended. There are a variety of factors that will determine what will make the most sense for you in your environment, and Microsoft identifies that what works for one enterprise will not necessarily work for another one.
That said, Microsoft recommends that you organize your AD structure in a logical manner, grouping objects together that have similar properties and that should share similar administrative properties.
These items that you may want to group together can include (but is certainly not limited to) the following
It will be up to you to decide what structure works best for you. The 70-640 exam is exclusively for Active Directory administration and may prove to be a valuable asset to you in the structuring of your organization
EDIT : To reflect what Zoredache has pointed out, but flexibility is an important part of the AD structure. Companies are dynamic and you should plan your AD to be flexible. The key is the find a nice balance between functionality and flexibility.