Two Level Hybrid Location / Resource OU Structure
In this example we see what happens when we combine the two Resource and Location OU structure designs. The decision to make it a Location/Resource or Resource/Location structure would be heavily based on how you configured your computers and users. If you configuration your users fairly consistently across the organisation and there is not much variation in how you configured you computers then you may want to consider a Resource/Location structure. Inversely if you make a lot custom configuration changes based on the location of the user and computer then you should consider using a Location/Resource structure.
| Two Level Hybrid (Location / Resource) | Two Level Hybrid (Resource / Location) |
 |
 |
Two Level Hybrid Organisation / Resource OU Structure
This is similar to this example we saw above (Location / Resource) where we see what happens when we combine both Organisational and Location OU structure designs. The decision to make it a Organisational/Resource or Organisational/Location structure would be heavily based on wither how you configure your computers and users and the chance that you may divest or acquirer other businesses. If you consider there is a high chance of your company selling off or buying a certain department then you should consider using the Two Level Hybrid (Organisation / Resources) model. However if you are physically based in one location then and you think you will mainly apply configuration to all your users and computer consistently and only configured a small number of setting based on the organisation then you may want to consider the Two Level Hybrid (Resources / Organisational) model.
| Two Level Hybrid (Organisation / Resource) | Two Level Hybrid (Resource / Organisational) |
 |
 |
Three Level Hybrid Organisation / Location / Resource OU Structure
The example below is called a Three Level Hybrid (Organisational / Location / Resource) model that would be used for most likely used for large organisation that have many sites and departments all of which have different configuration requirements. It is unlikely that you will want to use this three layer model of design unless you are a very large company with many divisions, locations.
| Three Level Hybrid (Organisation / Location / Resource ) | Three Level Hybrid (Organisation / Location / Resource) |
 |
 |
Mixed-Hybrid OU Structure
This is the most complicated OU model you can deploy in your organisation. The below example shows a Organisational / Location / Resource for the users accounts however it has a two level Resource / Location model for the computers. You may want to have the Organisational / Location / Resource for the user accounts because they have very specific configuration requirements for the organisation. This example also has “Distribution Lists†group OU under the Organisational OU which is absent on the other examples but is shown here to demonstrate that there could be other non-users & non-computer at this bottom level. This would necessitate keeping the bottom third level OU to separate the resource of different types.
The other difference in this example is having the Resource / Workstation as a separate structure. This could be required if you have outsourced the maintenance of these computers to a third-party and you want to easily delegate administration access. This would also allow for the granular delegation to the third-party site based IT support staff without them having access to computers not in their local site.
| Mixed-Hybrid |
 |
Blog Post: Best Practice: Active Directory Structure Guidelines – Part 1 http://bit.ly/bVkygi
Blog Post: Best Practice: Active Directory Structure Guidelines – Part 1 http://bit.ly/bVkygi
Best Practice: Active Directory Structure Guidelines –Part 1 http://bit.ly/cICPDp
RT @xenappblog: Best Practice: Active Directory Structure Guidelines –Part 1 http://bit.ly/cICPDp
RT @xenappblog: Best Practice: Active Directory Structure Guidelines –Part 1 http://bit.ly/cICPDp
OdliÄno Å¡tivo za sve koji su odgovorni za strukturu AD-a! http://fb.me/zUZU5U5w
@Froosh u mean? https://www.grouppolicy.biz/2010/07/best-practice-active-directory-structure-guidelines-part-1/
. @Mixailovich Err, doh, yes that one too 😉 http://bit.ly/cJApsO
Best Practice: Active Directory Structure Guidelines – Part 1 http://bit.ly/9oDQJq
Hi Alan, great article – nice clean overview of this difficult subject.
One question about the different graphic files you created, for example this one: https://www.grouppolicy.biz/wp-content/uploads/2010/07/image_thumb78.png
How did you create it – Visio?
And how did you get the graphic elements used..
Need it to document our network-layout at work.
-Jonas, Denmark
Its 100% Visio 2010…
@thommck There are some great ideas about Active Directory structure (OUs) in this series from @alanburchill. http://bit.ly/ebQlLS
Best Practice: Active Directory Structure Guidelines – Part 1 http://t.co/5A6ak0V via @alanburchill
Good Article
I wanted to include some informtaion about the naming of OUs where it says :”When naming your Organisational Unit make sure the name you are using are short and to the point…” There may be technical limitations that may affect long names.
During binds to the directory, simple LDAP bind operations limit the distinguished name (also known as DN) of the user to 255 total characters. If you attempt a simple LDAP bind with more than 255 characters, you might experience authentication errors
Active Directory Maximum Limits – Scalability
http://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability(WS.10).aspx
Best Practice: Active Directory Structure Guidelines – Part 1 http://t.co/3OBagYfF via @alanburchill
Best Practice: Active Directory Structure Guidelines – Part 1 http://t.co/LDCB4xuI via @alanburchill . useful as I am restructuring our AD.
Best Practice: Active Directory Structure Guidelines
http://t.co/BNi4AcIO
Best Practices al diseñar o reorganizar AD http://t.co/MuCB4uLB
Best Practice: Active Directory Structure Guidelines – Part 1: http://t.co/wVwTezBr
Best Practice: Active Directory Structure Guidelines – Part 1: http://t.co/nTIzr8gs
Thank you this is very much appreciated. I am working on a deployment for a organization with 4 distinct locations that includes a marriage to Apple OpenDirectory as well as FreeBSD OpenLDAP. Having a well thought out explanation like this is fantastic. It has helped me explain the complexities of designing the right solution to all members of the team. I still have not drafted the final plan but it is giving some great ideas so hopefully I can achieve this shortly.
Cheers,
Mikel King
Apple Open Directory?? Don’t go there, it’s a trap! 😉 Recommend to use AD + extend schema to support OS X
I’m new to Active Directory and this is very usefull.
I have a question about the Resource Structure Example image sample above .
I know that it is only an example but :
the Groups OU contains Roles and Resources groups.
What they means?
Does Roles contains groups like Officers, Employees, etc?
Thank you very much.
Hi,
i have configured one domain. i want configure some
group policy by organzation units. i have created ou.and i move some user in that ou. but i dont know how to
link this ou with group policy i did try many times but i did not sucess any one help me…
“you probably have a delegated cretin duties to specific teams”
WTF?
Best Practice: Active Directory Structure Guidelines; Part 1: http://t.co/Lzspv4Kt
Best Practice: Active Directory Structure Guidelines – Part 1: http://t.co/dp4nSVFdUw
Very Nice tanQ grouppolicy http://chatflash.ir/
Very nicely explained. Thank you good sir.