Active Directory Structures for Small and Medium sized Businesses

By ServerWatch Staff (Send Email)
Posted Dec 10, 2000


by Michael Day One big advantage of Windows 2000 Active Directory is the ability to store all type of information into a single searchable structure...

By storing all these resources in the Active Directory your users will be able to search for everything they need to access in just one location. You can also use Organizational Units to organize these resources based on who really needs to see those items. 

For Example you could create a share point for Sales reports and then add it to the Sales Organization Unit so only the users in the Sales Organizational Unit can find that folder since they are the only ones who need to access those files.

Design Elements

Active Directory Sites

Sites are defined by TCP/IP subnets and are used to define which server your Active Directory Enabled clients log on to. By default they will try to log on to the Domain controller located in the same site they are located in. Active Directory Enabled Clients are Windows 2000 Machines as well and Windows 9X and NT Machines with the Active Directory Client installed (This client is available on the Microsoft Website).

When creating sites most people need just one unless there is a low speed WAN link(56Kbps or less) and then one for each branch office that has a Domain Controller.  Check the WAN layout if you dont have a server in each branch. We have one in the head office that serves all the branches except the one that has its own server because our WAN links all go to head office.

 Organizational Units

Organizational Units are optional structures for organizing the layout of your users and machines. The structure that works for my network is based on the physical locations of the branches and then SubOrganizational Units dividing them by departments (sales, service, office, i.e.). The only exception to this structure is the IT Organizational Unit which is separate from all the others because we have specific Group Policies required for the IT Department. 

The biggest thing to remember about Organizational Units is that they are optional and not required for the operation of a Windows 2000 structure.  You can easily upgrade your existing Windows NT Domains to a Windows 2000 Domain and not do any reorganization of the users and it will work just as well as if you created Organizational Units for everything.  The biggest use for Organizational Units is to enable you to have different policies for each branch, department, or whatever other method you can think of to organize your network (IE Countries (Canada, US)).

Windows 2000 Domain User Accounts (Personal Rant)

User Accounts in Windows 2000 contain far too much information if you fill all the fields in.  All that is missing is marital status and fields to add personal gossip it appears.  I can see the addition of department, office, phone numbers and email address but all the other data is just extraneous information that really has no bearing on businesses. Please note that this is just my personal opinion.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.