+ Reply to Thread
Results 1 to 2 of 2

Thread: OU structure

  1. I got mail I got mail Yea brewoz40's Avatar
    Join Date
    Jul 2008
    Location
    San Diego
    Posts
    56

    Certifications
    A+, N+, CCNA, MCSA, AA Comp Science
    #1

    Default OU structure

    We are redesigning our AD OU structure and just wanted to get some feedback. Our structure/environment is fairly simple and straight forward, were just trying to clean it up some. We are a health organization that offers a software package to private practices, basically getting them on an electronic health record system. We have a colocation and we publish all required apps via citrix and all practices are connected through a vpn tunnel to the colo. Not all practices need access to all 3 apps we offer, some only need one while others require all 3. Right now we have an OU named ‘Practices’ with each practice nested underneath in its own OU named after the practice, with nothing but user accounts in each. What we want to accomplish with the restructuring is ease of administration and app/printer access. We have security groups created for access to the various apps, example citrix PM, or citrix EHR. Then we just add the various users from all the practices to give access. What we are thinking is to create security groups within each practices OU, then adding the users to the required security groups within the OU, then adding the group to the higher level security group. Also thinking adding to OU’s under each practice, one for ‘users’ and one for ‘groups’, just for visibility and separation from users/groups. Any feedback or suggestions? Is it bad idea/practice to nest security groups within each OU for the practice?
    Reply With Quote Quote  

  2. CLI Junkie DragonNOA1's Avatar
    Join Date
    Jul 2006
    Location
    Na Pali Haven
    Posts
    148

    Certifications
    A+, Network+, Security+, MCSE:S 2003
    #2
    What you are suggesting sounds perfectly fine.

    If you delegate control by practice and hence by OU, then whoever manages that practice/OU would also be able to manage the groups associated with the practice. The way you suggest seems to be the most optimal way to manage everything.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks