Here’s a look at the Active Directory OU Structure I designed for the emeneye.ac.uk domain in my lab. As I explained before it is intended for a fictional university which is modeled along the lines of my previous work place.
And here’s the OU structure in Active Directory Users and Computers
The three principles that helped in designing the structure are Group Policy, delegation and object administration.
A few notes with regards to the structure:
- I came across this really good tip online about creating a master OU in AD and creating the OU structure and sub-OUs below the Master OU, which makes the structure a lot cleaner and easier on the eyes
- A wide but shallow structure means log on times should be faster due to the fact that fewer group policies will need to be processed as opposed to a deep structure
- Some OU names have been shortened into abbreviations – SoA, for example, is “School of Arts”
- The structure supports GPO inheritance
- Is designed to be flexible – I only have just the one server, the domain controller, at the moment, but will expand with NAS and WSUS in future, hence the sub-OUs under Servers
- Desktops and laptops have been separated into their own OUs to enable me to apply different settings on them without needing WMI scripts/queries to determine the form factor of the computers