Optimal Active Directory Structure

By

I present to you the optimal Active Directory structure used by many large companies. Sometimes the number of employees worldwide in such companies reaches 10 000. Naturally, in such large companies, the domain tree is divided into continents.

For example:

  • root domain – vmkh.org
    • child domains – europe.vmkh.org and australia.vmh.org

Moreover, the structure of each domain in the tree is the same.

The domain structure is divided into countries:

  • Organizational Unit: AU (Country Australia)

Countries are divided into organizational units by objects:

  • Groups

Groups are divided into organizational units according to the scope of groups:

  • Local – local groups in the domain
  • Global – global groups
  • Universal – universal groups
  • Distribution – distribution groups

Servers are divided into service organizational units:

  • Organizational Unit: Servers (server accounts)
    • Disabled – disconnected and decommissioned servers
    • Exchange – servers where Exchange Server is deployed
    • File – servers with shared and confidential network resources
    • Normal – member servers that do not require a separation of services
    • Print – servers with shared printers

And so on, depending on the need to separate the server by service.

Service accounts are divided into organizational units by role:

  • Organizational Unit: Service (accounts for launching services)
    • Disabled – Disabled Service Accounts
    • Normal – Ordinary Service Accounts

Users are divided into organizational units by role:

  • Organizational Unit: Users (user accounts)
    • Admins – Advanced Accounts
    • Disabled – Disabled User Accounts
    • External – accounts for contractors and other freelancers
    • Normal – Ordinary users who do not require role separation

And so on, depending on the need to separate users by roles.

Workstations are divided into organizational units by user roles:

  • Organizational Unit: Workstations (workstation accounts)
    • Admins – workstations that use accounts with extended rights
    • Disabled – disabled and decommissioned workstations
    • Normal – ordinary workstations that do not require separation by user roles
Author

Hi, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems. On my website, you will find detailed and clear guides for setting up IT solutions. Dive into the ocean, full of positive and technology! For cooperation: callvaldemar@gmail.com

Related Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.