Professional Documents
Culture Documents
Microsoft Official Course: Designing and Implementing An AD DS Organizational Unit Infrastructure
Microsoft Official Course: Designing and Implementing An AD DS Organizational Unit Infrastructure
Module 7
Model Description
Centralized Central Administration is
responsible for all tasks
Decentralized Multiple administrative entities
with equal rights
Outsourced Infrastructure and data
administration are separate
Centralized with Central infrastructure
Delegation administration with specific
delegations for branches, services,
or application owners
Gathering Information on Current Administrative
Structures
Equally administered
Human Users
resources
resources Groups
“Who is managed”
Permissions required
Best Practices:
• Use personalized, separate accounts for administrative
tasks
• Grant permissions via groups to administrative
accounts
• Put groups and accounts for administrative purposes in
a separate structure in your OU model
• Put regular objects together if they are managed by the
same group
• Always assign the least required privilege
• Always assign permissions at the highest possible level
Considerations for Branch Office Delegation
• Static
• Not static
• Easy to delegate
• Easy to delegate
administration
administration
• Easy to
include/separate
new tenants
How Administrative Permissions Work
• Align OU strategy to
match administrative
requirements, and not
business logic
• Make use of AD DS
native inheritance
behavior
• Plan to accommodate
change
Protecting OUs from Accidental Deletion
Prefix Suffix
• Multidomain forest:
AGUDLP
Considerations for Planning Group
Administration
Logon Information
Virtual machine:
• 20413C-LON-DC1
User name Adatum\Administrator
Password Pa$$w0rd
Review Question(s)
Best Practice
• Common Issues and Troubleshooting Tips