Difference between revisions of "Active Directory/Documentation/Default OU"
Jump to navigation
Jump to search
(No difference)
|
Revision as of 16:28, 22 September 2007
The following is created using the script located at https://www.wolftech.ncsu.edu/pgmurphy/phpAD/create_departmental_ou.php. Please notice the Manual Steps at the end.
Default Setup
Organizational Units
OU | Description |
---|---|
<Root OU> | The departmental root OU is the top level OU delegated to the department or college. This OU should be named using the organization's common abbreviation. For example, the Department of Electrical and Computer Engineering uses the abbreviation, ECE, so its root OU should be named ECE.
The managedBy property should be set to the primary OU Admin. |
<Root OU>\Departmental Users | |
<Root OU>\Departmental Users\Class Accounts | |
<Root OU>\Departmental Users\OU Admins | |
<Root OU>\Departmental Users\Other Users | |
<Root OU>\Departmental Users\Service Accounts | |
<Root OU>\Faculty | |
<Root OU>\Faculty\Desktops | |
<Root OU>\Faculty\Laptops | |
<Root OU>\Research Labs | |
<Root OU>\Research Labs\Sample RLab | |
<Root OU>\Research Labs\Sample RLab\Destops | |
<Root OU>\Research Labs\Sample RLab\Laptops | |
<Root OU>\Servers | |
<Root OU>\Software Packages | |
<Root OU>\Software Packages\Freeware | |
<Root OU>\Software Packages\NCSU Software | |
<Root OU>\Software Packages\<Root OU> Software | |
<Root OU>\Software Packages\<Parent OU> Software | |
<Root OU>\Staff | |
<Root OU>\Staff\Desktops | |
<Root OU>\Staff\Laptops | |
<Root OU>\Teaching Labs | |
<Root OU>\Teaching Labs\Sample Tlab | |
<Root OU>\Teaching Labs\Sample Tlab\Desktops | |
<Root OU>\Teaching Labs\Sample Tlab\Laptops | |
<Root OU>\Unassigned |
Users
User | Description |
---|---|
<Root OU>\Departmental Users\OU Admins\<unityid>.admin | Create an Administrator account for each desired IT staff member in the department. The account should be created in the <Root OU>\Departmental Users\OU Admins OU. These accounts will be given Administrator priveleges in the departmental OU and local administrator on all computers in the departmental OU. |
Groups
Group | Description |
---|---|
<Root OU>\<Root OU>-ACS Users | |
<Root OU>\<Root OU>-Allow RIS | |
<Root OU>\<Root OU>-Computer Admins | |
<Root OU>\<Root OU>-Computers | |
<Root OU>\<Root OU>-Desktops | |
<Root OU>\<Root OU>-Enable Remote Assistance | |
<Root OU>\<Root OU>-Enable Remote Desktop | |
<Root OU>\<Root OU>-Laptops | |
<Root OU>\<Root OU>-OU Admins | |
<Root OU>\<Root OU>-Remote Assistants | |
<Root OU>\<Root OU>-Users | |
<Root OU>\Faculty\<Root OU>-Faculty | |
<Root OU>\Faculty\<Root OU>-Faculty.Computers | |
<Root OU>\Faculty\<Root OU>-Faculty.Desktops | |
<Root OU>\Faculty\<Root OU>-Faculty.Laptops | |
<Root OU>\Research Labs\<Root OU>-Research Labs.Computers | |
<Root OU>\Research Labs\<Root OU>-Research Labs.Desktops | |
<Root OU>\Research Labs\<Root OU>-Research Labs.Laptops | |
<Root OU>\Research Labs\<Root OU>-Research Labs.Users | |
<Root OU>\Research Labs\Sample Rlab\<Root OU>-Sample Rlab.Administrators | |
<Root OU>\Research Labs\Sample Rlab\<Root OU>-Sample Rlab.Computers | |
<Root OU>\Research Labs\Sample Rlab\<Root OU>-Sample Rlab.Desktops | |
<Root OU>\Research Labs\Sample Rlab\<Root OU>-Sample Rlab.Laptops | |
<Root OU>\Research Labs\Sample Rlab\<Root OU>-Sample Rlab.Users | |
<Root OU>\Staff\<Root OU>-Staff | |
<Root OU>\Staff\<Root OU>-Staff.Computers | |
<Root OU>\Staff\<Root OU>-Staff.Desktops | |
<Root OU>\Staff\<Root OU>-Staff.Laptops | |
<Root OU>\Teaching Labs\<Root OU>-Teaching Labs.Computers | |
<Root OU>\Teaching Labs\<Root OU>-Teaching Labs.Desktops | |
<Root OU>\Teaching Labs\<Root OU>-Teaching Labs.Laptops | |
<Root OU>\Teaching Labs\<Root OU>-Teaching Labs.Users | |
<Root OU>\Teaching Labs\Sample Tlab\<Root OU>-Sample Tlab.Administrators | |
<Root OU>\Teaching Labs\Sample Tlab\<Root OU>-Sample Tlab.Computers | |
<Root OU>\Teaching Labs\Sample Tlab\<Root OU>-Sample Tlab.Desktops | |
<Root OU>\Teaching Labs\Sample Tlab\<Root OU>-Sample Tlab.Laptops | |
<Root OU>\Teaching Labs\Sample Tlab\<Root OU>-Sample Tlab.Users | |
Group Memberships
Group Membership | Description |
---|---|
<Root OU>-ACS Users --> <Parent OU>-ACS Users | |
<Root OU>-Allow RIS --> <Parent OU>-Allow RIS | |
<Root OU>-Computer Admins --> <Root OU>-Allow RIS | |
<Root OU>-Computer Admins --> <Root OU>-Remote Assistants | |
<Root OU>-Desktops --> <Parent OU>-Desktops | |
<Root OU>-Desktops --> <Root OU>-Computers | |
<Root OU>-Laptops --> <Parent OU>-Laptops | |
<Root OU>-Laptops --> <Root OU>-Computers | |
<Root OU>-OU Admins --> <Parent OU>-Departmental OU Admins | |
<Root OU>-OU Admins --> <Root OU>-Allow RIS | |
<Root OU>-Users --> <Parent OU>-Users | |
<unityid>.admin --> <Root OU>-Computer Admins | |
<unityid>.admin --> <Root OU>-OU Admins | |
<Root OU>-Faculty --> <Root OU>-Users | |
<Root OU>-Faculty.Desktops --> <Root OU>-Desktops | |
<Root OU>-Faculty.Desktops --> <Root OU>-Faculty.Computers | |
<Root OU>-Faculty.Laptops --> <Root OU>-Laptops | |
<Root OU>-Faculty.Laptops --> <Root OU>-Faculty.Computers | |
<Root OU>-Research Labs.Users --> <Root OU>-Users | |
<Root OU>-Research Labs.Desktops --> <Root OU>-Desktops | |
<Root OU>-Research Labs.Desktops --> <Root OU>-Research Labs.Computers | |
<Root OU>-Research Labs.Laptops --> <Root OU>-Laptops | |
<Root OU>-Research Labs.Laptops --> <Root OU>-Research Labs.Computers | |
<Root OU>-Sample Rlab.Administrators --> <Root OU>-Sample Rlab.Users | |
<Root OU>-Sample Rlab.Desktops --> <Root OU>-Research Labs.Desktops | |
<Root OU>-Sample Rlab.Desktops --> <Root OU>-Sample Rlab.Computers | |
<Root OU>-Sample Rlab.Laptops --> <Root OU>-Research Labs.Laptops | |
<Root OU>-Sample Rlab.Laptops --> <Root OU>-Sample Rlab.Computers | |
<Root OU>-Sample Rlab.Users --> <Root OU>-Research Labs.Users | |
<Root OU>-Staff --> <Root OU>-Users | |
<Root OU>-Staff.Desktops --> <Root OU>-Desktops | |
<Root OU>-Staff.Desktops --> <Root OU>-Staff.Computers | |
<Root OU>-Staff.Laptops --> <Root OU>-Laptops | |
<Root OU>-Staff.Laptops --> <Root OU>-Staff.Computers | |
<Root OU>-Teaching Labs.Users --> <Root OU>-Users | |
<Root OU>-Teaching Labs.Desktops --> <Root OU>-Desktops | |
<Root OU>-Teaching Labs.Desktops --> <Root OU>-Teaching Labs.Computers | |
<Root OU>-Teaching Labs.Laptops --> <Root OU>-Laptops | |
<Root OU>-Teaching Labs.Laptops --> <Root OU>-Teaching Labs.Computers | |
<Root OU>-Sample Tlab.Administrators --> <Root OU>-Sample Tlab.Users | |
<Root OU>-Sample Tlab.Desktops --> <Root OU>-Teaching Labs.Desktops | |
<Root OU>-Sample Tlab.Desktops --> <Root OU>-Sample Tlab.Computers | |
<Root OU>-Sample Tlab.Laptops --> <Root OU>-Teaching Labs.Laptops | |
<Root OU>-Sample Tlab.Laptops --> <Root OU>-Sample Tlab.Computers | |
<Root OU>-Sample Tlab.Users --> <Root OU>-Teaching Labs.Users |
Group Policies
Group Policy | Description |
---|---|
<Root OU>-OU Policy | |
<Root OU>-Enable Remote Assistance | |
<Root OU>-Enable Remote Desktop |
Manual Steps
Step | Description |
---|---|
Delegate: <Root OU> --> <Root OU>-OU Admins | |
Managed By: <Root OU> --> <unityid>.admin | |
Add in additonal OU admins | |
Copy: <Root OU>-OU Policy | |
Copy: <Root OU>-Enable Remote Assistance | |
Copy: <Root OU>-Enable Remote Desktop | |
Link: <Root OU>-OU Policy --> <Root OU> | |
Link: <Root OU>-Enable Remote Assistance --> <Root OU> | |
Link: <Root OU>-Enable Remote Desktop --> <Root OU> | |
Filter: <Root OU>-Enable Remote Assistance --> <Root OU>-Enable Remote Assistance | |
Filter: <Root OU>-Enable Remote Desktop --> <Root OU>-Enable Remote Desktop | |
Delegate: <Root OU>-OU Policy --> <Root OU>-OU Admins | |
Delegate: <Root OU>-Enable Remote Assistance --> <Root OU>-OU Admins | |
Delegate: <Root OU>-Enable Remote Desktop --> <Root OU>-OU Admins | |
Edit GPO: <Root OU>-OU Policy | |
Edit GPO: <Root OU>-Enable Remote Assistance | |
Configure software group replication | |
Special group descriptions | |
Add OU admins to departmental_ou_admins table. | |
Add OU to departmental_ous table. | |
Setup user account creation. | |
Authorize DNS domain name in msDS-AllowedDNSSuffixes. |
Basic Setup
Organizational Units
OU | Description |
---|---|
<Root OU> | The departmental root OU is the top level OU delegated to the department or college. This OU should be named using the organization's common abbreviation. For example, the Department of Electrical and Computer Engineering uses the abbreviation, ECE, so its root OU should be named ECE.
This OU should be placed under the NCSU OU hierarchy corresponding to its place within NCSU's organizational hierarchy. For example, the Department of Electrical and Computer Engineering is part of the College of Engineering, so the Department of Electrical and Computer Engineering's OU should be created under the College of Engineering's OU. |
<Root OU>\Departmental Users | |
<Root OU>\Departmental Users\OU Admins | |
<Root OU>\Software Packages | |
<Root OU>\Software Packages\Freeware | |
<Root OU>\Software Packages\NCSU Software | |
<Root OU>\Software Packages\<Root OU> Software | |
<Root OU>\Software Packages\<Parent OU> Software |
Users
User | Description |
---|---|
<Root OU>\Departmental Users\OU Admins\<unityid>.admin | Create an Administrator account for each desired IT staff member in the department. The account should be created in the <Root OU>\Departmental Users\OU Admins OU. These accounts will be given Administrator priveleges in the departmental OU and local administrator on all computers in the departmental OU. |
Groups
Group | Description |
---|---|
<Root OU>\<Root OU>-ACS Users | |
<Root OU>\<Root OU>-Allow RIS | |
<Root OU>\<Root OU>-Computer Admins | |
<Root OU>\<Root OU>-Computers | |
<Root OU>\<Root OU>-Desktops | |
<Root OU>\<Root OU>-Laptops | |
<Root OU>\<Root OU>-OU Admins | |
<Root OU>\<Root OU>-Users |
Group Memberships
Group Membership | Description |
---|---|
<Root OU>-ACS Users --> <Parent OU>-ACS Users | |
<Root OU>-Allow RIS --> <Parent OU-Allow RIS | |
<Root OU>-Computer Admins --> <Root OU>-Allow RIS | |
<Root OU>-Desktops --> <Parent OU>-Desktops | |
<Root OU>-Desktops --> <Root OU>-Computers | |
<Root OU>-Laptops --> <Parent OU>-Laptops | |
<Root OU>-Laptops --> <Root OU>-Computers | |
<Root OU>-OU Admins --> <Parent OU>-Departmental OU Admins | |
<Root OU>-OU Admins --> <Root OU>-Allow RIS | |
<Root OU>-Users --> <Parent OU>-Users | |
<unityid>.admin --> <Root OU>-Computer Admins | |
<unityid>.admin --> <Root OU>-OU Admins |
Group Policies
Group Policy | Description |
---|---|
<Root OU>-OU Policy |
Manual Steps
Step | Description |
---|---|
Delegate: <Root OU> --> <Root OU>-OU Admins | |
Managed By: <Root OU> --> <unityid>.admin | |
Add in additonal OU admins | |
Copy: <Root OU>-OU Policy | |
Link: <Root OU>-OU Policy --> <Root OU> | |
Delegate: <Root OU>-OU Policy --> <Root OU>-OU Admins | |
Edit GPO: <Root OU>-OU Policy | |
Configure software group replication | |
Special group descriptions | |
Add OU admins to departmental_ou_admins table. | |
Add OU to departmental_ous table. | |
Setup user account creation. | |
Authorize DNS domain name in msDS-AllowedDNSSuffixes. |