0

Based on a Technet article published by Microsoft in 2016, there are recommendations to what may be considered to be best practices.

Given that these may vary between organizations, what are the determining factors in measuring the efficacy of an organizational structure in Active Directory.

For example, an example of an organizational structure may be as follows;

  • Resources --> Servers --> Mail
  • Resources --> Servers --> Print
  • Resources --> Workstations --> Windows 8
  • Resources --> Workstations --> Windows 10
  • Users --> Privileged
  • Users --> Non-Privileged

Another example may be as follows;

  • Development --> Servers --> Mail
  • Production --> Servers --> Mail

Another example may be as follows;

  • Accounting --> Users --> Privileged
  • Servers --> Mail

Taking into account principles such as separation of concerns, principles of least privilege, segmentation, delegation, etc, how can these be measured to ensure the structures are effective?

Improve this question
6
  • They can't. Whenever it's effective or not depends on your business and what you need to do and how you want to do it.
    – Seth
    Commented Feb 20, 2019 at 7:14
  • @Seth - What are the factors that drive the dependency on the type of business? Additionally, what are examples of the needs? I would have though that these could be normalized to examples of patterns that could be used as references.
    – Motivated
    Commented Feb 20, 2019 at 16:33
  • Do you have legal requirements that need to be fulfilled? What kind of users categories do you have? How are departments organized? Do you have centralized services or not? How do you want to handle GPOs? What products are you using? Do you actually have staging and/or development environments? Do you want to separate them or not? Do you have 10 or 10000 users? There are a lot more questions you could ask and each one potentially could influence how you organize your AD.
    – Seth
    Commented Feb 21, 2019 at 6:49
  • @Seth - I am curious to understand as to the influences legal requirements may have to an Active Directory design. As to user categories do you mean Finance, Legal, etc? If yes, how does this differ to departments? As to centralized services, do you mean printing as an example? My understanding is that GPOs should be handled an organizational level so i am unsure to the nature of your question. What do you mean by products? Yes, the organization has a SDLC framework e.g. dev, uat, etc that separates environments today (not AD albeit).
    – Motivated
    Commented Feb 21, 2019 at 16:25
  • @Seth - My understanding of the benefits of Active Directory is when the number of resources e.g. computers, users, etc exceeds 50 or greater so in the context of your question, i am unclear as to the impact it would have to the organizational units if these users for example belong to specific business units. I would be keen to understand how these could be normalized to define a reference model that could then be measured in efficacy.
    – Motivated
    Commented Feb 21, 2019 at 16:27

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .