As I had mentioned in the past post regarding the re-defining of security groups for computers, I have spent a significant part of the weekend completing, so that you all can have fresh a start on Monday with the new system and the new tool ready to go.
I have also updated the PreStaging tool to add the functionality of assigning group membership to the computers you are creating, streamlined within the process, so the whole process will still only require one step. Hopefully this will alleviate from the inconvenience this may otherwise cause to your regular process.
Following is a screenshot of what the PreStaging tool now looks like. It is still the same method to use it, you now just need to specify which Group Membership group to add it to. It is very easy to figure out which group to choose, as the groups are named after the OUs in which the computers reside. I have also included the description and the full DN, if you are unsure when picking the OU.
If you are one that does a lot of computer creation, please take the time to browse around AD, to see how things have changed. One notable change, in any of the School OUs, is the fact that no workstations reside in the "Workstations" OU anymore. If they don't match an existing OU that makes sense, please place the in the corresponding: "Miscellaneous" OU and Group for that site.
If you are involved in creating GPOs, please take note of the existing GPOs which I have re-scoped, and understand how things are setup now. If the GPO are not scoped to target a security group, the GPO will simply not apply. So, adding the scope to the GPO is mandatory. The exception to this, are some GPOs which are global, to which the scope is still just "Authenticated Users".
If I get a lot of questions about this, it may be useful for us to have a Q&A on our Friday meeting, so that I can clarify any confusions that you may have.
By doing this, we are now one step closer to having better control over Active Directory, and the objects within it.
Please remember, if you do create a new OU, please talk to me or shoot me an email, so that I can incorporate that into the tool, and add the appropriate computer security groups that go with that.
- This change was made on 10/20/2012
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.