# windows # active-directory

    Optimal Active Directory Structure

    I present to your attention the optimal structure of Active Directory, which is used by many large companies. Sometimes the number of employees around the world in such companies reaches 10,000 people. Naturally, such large companies use a domain tree divided into countries or continents.

    For example:

    • Root domain - heyvaldemar.net
    • Child domain - canada.heyvaldemar.net and ireland.heyvaldemar.net

    Moreover, the structure of each domain in the tree is the same.

    Optimal Active Directory Structure

    The domain structure is divided into cities:

    • Toronto - City of Toronto

    Cities are divided into organizational units by objects:

    • Groups - groups
    • Servers - servers
    • Service - accounts to run services
    • Users - user accounts
    • Workstations - workstations

    Groups are divided into organizational units according to the scope of the groups:

    • Local - local groups in the domain
    • Global - global groups
    • Universal - universal groups
    • Distribution - distribution groups

    Servers are divided into organizational units by service:

    • Disabled - disabled and decommissioned servers
    • Exchange - servers on which Exchange Server is deployed
    • File - servers with shared and confidential network resources
    • Normal - member servers that do not require separation by services
    • Print - servers with shared printers

    And so on, depending on the need to separate the servers by services.

    Service accounts are divided into organizational units by role:

    • Disabled - disabled service accounts
    • Normal - ordinary service accounts

    Users are divided into organizational units by role:

    • Admins - accounts with extended rights
    • Disabled - disabled user accounts
    • External - accounts for contractors and other freelancers
    • Normal - ordinary users who do not require separation by roles

    And so on, depending on the need to divide users by roles.

    Workstations are divided into organizational units based on user roles:

    • Admins - workstations that use accounts with extended rights
    • Disabled - disabled and decommissioned workstations
    • Normal - ordinary workstations that do not require separation by user roles

    Author

    Vladimir Mikhalev
    hey, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems.

    Recent Posts

    1
    Install Rocket.Chat on Ubuntu Server
    2
    Install Rocket.Chat with Docker Compose
    3
    What is DevOps?

    Educational Streams