Today I have performed a few changes to Active Directory, mostly in the spirit of organization which would make the structure more friendly for patching with KACE, and overall organization.
The changes that I made today are currently on the CVUSD domain, but am considering making those same ones on the STUDENT and STUDENT2 domain.
All changes made today are applied to computer objects, and not user objects.
Old Model: The computer objects used to reside in an OU called "Workstations" under each department and/or schools.
Example:
Under District Office OU:
New Model: The computer objects are divided up into OUs under a parent OU called "Computers" within the main OU Trees.
Example:
Under District Office OU:
I have not quite gotten to the final decision as to the grouping within the "Computers --> Department" OU. There is a chance that the computers would get divided up by laptops and desktops. If this ends up being the route taken, I will update all with that information. The above is definitely the direction though.
In addition, I have managed to move about 90% of all computers in the directory root "Computers" OU into the corresponding OUs. This was fairly easy for the computers that were named correctly. However, that remaining 10% was a bit tough, as the naming was still compliant with the computers for the schools that are closed. I have ran a report on that OU for computers that have not been logged in in the past 60 days, and have disabled those computers accounts and placed them into the Tombstoned OU.
For the rest, I would like to spend some time on the Friday meeting to go through the remaining computers in the list, and figure out if we can allocate those to the correct OUs.
From this point forward, I would appreciate it if we can keep tabs on all the computers that we add or change and move them to their corresponding OUs. If you don't have access to it or don't know how, please don't hesitate to ask me, or shoot me an email with the list of computers.
Another note: I have noticed that a bunch of laptops are named with the :schoolnumber:-TCH-## and others, within the same school are named with :schoolnumber:-TCH-:firstinitial::lastname:.
I don't mind either format, ideally, ending with ## , given that we have so many computer shuffles at the district. I'd much rather have us enter the detailed information regarding the owner in the "Description" field of the computer object in AD. Currently, This is not used at all, and we can probably make use of it.
If you have any questions and/or concerns. Please let me know.
The changes that I made today are currently on the CVUSD domain, but am considering making those same ones on the STUDENT and STUDENT2 domain.
All changes made today are applied to computer objects, and not user objects.
Old Model: The computer objects used to reside in an OU called "Workstations" under each department and/or schools.
Example:
Under District Office OU:
- District Office --> Business Services --> Workstations
- District Office --> Human Resources --> Workstations
- Schools --> Anna Borba Fundamental --> Workstations
- Schools --> Anna Borba Fundamental --> Workstations --> Room 32 Lab
- Schools --> Ayala HS --> Workstations
New Model: The computer objects are divided up into OUs under a parent OU called "Computers" within the main OU Trees.
Example:
Under District Office OU:
- District Office --> Computers --> Business Services
- District Office --> Computers --> Human Resources
- Schools --> Computers --> Anna Borba Fundamental
- Schools --> Computers --> Anna Borba Fundamental --> Room 32 Lab
- Schools --> Computers --> Ayala HS
I have not quite gotten to the final decision as to the grouping within the "Computers --> Department" OU. There is a chance that the computers would get divided up by laptops and desktops. If this ends up being the route taken, I will update all with that information. The above is definitely the direction though.
In addition, I have managed to move about 90% of all computers in the directory root "Computers" OU into the corresponding OUs. This was fairly easy for the computers that were named correctly. However, that remaining 10% was a bit tough, as the naming was still compliant with the computers for the schools that are closed. I have ran a report on that OU for computers that have not been logged in in the past 60 days, and have disabled those computers accounts and placed them into the Tombstoned OU.
For the rest, I would like to spend some time on the Friday meeting to go through the remaining computers in the list, and figure out if we can allocate those to the correct OUs.
From this point forward, I would appreciate it if we can keep tabs on all the computers that we add or change and move them to their corresponding OUs. If you don't have access to it or don't know how, please don't hesitate to ask me, or shoot me an email with the list of computers.
Another note: I have noticed that a bunch of laptops are named with the :schoolnumber:-TCH-## and others, within the same school are named with :schoolnumber:-TCH-:firstinitial::lastname:.
I don't mind either format, ideally, ending with ## , given that we have so many computer shuffles at the district. I'd much rather have us enter the detailed information regarding the owner in the "Description" field of the computer object in AD. Currently, This is not used at all, and we can probably make use of it.
If you have any questions and/or concerns. Please let me know.
- This change was made on 05/24/2011
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.