Group Policy and Organizational Unit Re-Structuring Template



Similar documents
MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

Managing Windows Environments with Group Policy

Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led

Configuring, Managing and Maintaining Windows Server 2008 Servers

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

R4: Configuring Windows Server 2008 Active Directory

Outline SSC Configuring and Troubleshooting Windows Server 2008 Active Directory

Configuring Managing and Maintaining Windows Server 2008 Servers (6419B)

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Partie Serveur Lab : Implement Group Policy. Create, Edit and Link GPOs. Lab : Explore Group Policy Settings and Features

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

6419: Configuring, Managing, and Maintaining Server 2008

50255: Managing Windows Environments with Group Policy

Admin Report Kit for Active Directory

MOC 6419: Configuring, Managing, and Maintaining Windows Server 2008

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure)

Designing and Implementing a Server Infrastructure

Active Directory. By: Kishor Datar 10/25/2007

Group Policy 21/05/2013

Configuring, Managing and Maintaining Windows Server 2008 Servers

How To Write A Gpmc Script For A Gpc (Windows 2003) On A Windows 2000 (Windows 2000) On Your Computer Or Your Computer (Windows 3) On An Ipad Or Ipad (Windows 2) On The Macbook

Course 6419A: Configuring, Managing and Maintaining Windows Server 2008 Servers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Installing, Configuring, and Managing a Microsoft Active Directory

M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers

These guidelines can dramatically improve logon and startup performance.

Configuring Windows Server 2008 Active Directory

Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure

MS 6419 Configuring, Managing and Maintaining Windows Server 2008-based Servers

Configuring, Managing and Maintaining Windows Server 2008-based Servers

Course 6419B: Configuring, Managing and Maintaining Windows Server 2008-based Servers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Stellar Active Directory Manager

Configuring, Managing and Maintaining Windows Server 2008 Servers

MailStore Outlook Add-in Deployment

20413C: Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure

Designing a Windows Server 2008 Active Directory Infrastructure and Services

COURSE 20413C: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

WINDOWS 2000 Training Division, NIC

Exam : Administrating Windows Server 2012 R2. Course Overview

Designing and Implementing a Server Infrastructure 20413C; 5 days, Instructor-led

Course 20413: Designing and Implementing a Server Infrastructure

Designing and Implementing a Server Infrastructure

Desingning and Implementing a Server Infrastructure

Windows Server 2003 Active Directory MST 887. Course Outline

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Module 5: Implementing Group Policy

Course Outline. Course 6419 : Configuring, Managing and Maintaining Windows Server 2008-based Servers. Duration: 5 Days

Create, Link, or Edit a GPO with Active Directory Users and Computers

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

COURSE 20410C: INSTALLING AND CONFIGURING WINDOWS SERVER 2012

MOC 6436A: Designing Active Directory Infrastructure and Services in Windows Server 2008

COMPLETE COMPUTING, INC.

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Designing and Implementing a Server Infrastructure

6.1.2 Installing AD DS 7:45

How To Configure An Active Directory Domain Services

Active Directory Objectives

6436: Designing a Windows Server 2008 Active Directory Infrastructure and Services (5 Days)

Outline SSS Configuring and Troubleshooting Windows Server 2008 Active Directory

HJ594S. Configuring, Managing and Mantaining Windows Server 2008 Servers (6419)

Managing and Maintaining a Windows Server 2003 Network Environment

TestOut Course Outline for: Windows Server 2008 Active Directory

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

Designing a Windows Server 2008 Active Directory Infrastructure and Services

Designing and Implementing a Server Infrastructure

Course: Configuring and Troubleshooting Windows Server 2008 Active Direct-ory Domain Services

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

M6425a Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Designing and Implementing a Server Infrastructure MOC 20413

Bergen Community College. Information Technology Course Syllabus

Administering Group Policy with Group Policy Management Console

Using LDAP Authentication in a PowerCenter Domain

LDAP Directory Integration with Cisco Unity Connection

ACTIVE DIRECTORY DEPLOYMENT

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Designing and Implementing a Server Infrastructure

NIIT Education and Training, Doha, Qatar - Contact: /1798;

Windows Server 2008 Active Directory Resource Kit

Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

Transcription:

Document Information Document Title: Document Purpose: Group Policy and Organizational Unit Re-Structuring Template This document captures the data required to perform OU and GPO restructuring This document will walk through about the due diligence, risks involved, Operations support and testing. Document Owner Author Sainath K.E.V, Microsoft Most Valuable Professional 1. Introduction Most of System Engineers, Consultants and Architects are aware of Active Directory and Group Policies in length. Group policies are one of the most critical components in any Infrastructure design which acts as security boundary and reduces the need to create additional Active Directory Domains. Most of the Microsoft articles discuss about setting up Group Policies to the internals of them. But I thought of bringing insight about the Organization Unit restructuring due-diligence which is vital part in GPO design. 2. Organization Unit Re-Structuring Due Diligence Collect the scripts, WMI Queries, custom ADM templates configured for the OU. List down all the Group Policies currently configured for the OU and child OU s. List the current scope of management comprising group membership to manage OU and child OU s respectively.

List down the policies configured under Synchronous / Asynchronous List all Block policy inheritance applied at the domain level and on the OU level List all the Enforced policies configured at the OU and child OU s List down the security filtering configured on the OU and child OU s List down the Group Policy preferences configured for the clients List down the disabled Group policies configured under OU and child OU s List down the inaccessible Group Policies configured under the OU s and child OU s List down the group policy precedence order List down the SCCM or SMS collection query pointing to the OU and child OU respectively. List down all the LDAP queries ( DN s ) used in applications pointing to the OU and child OU List down the windows services configured to use the OU and child OU DN Plan for the computer objects and user objects which needs to be moved to new OU structure. Plan the group policy delegation for the OU s and child OU s respectively. Make sure the Domain controllers replication is healthy Create the new OU structure on the healthy domain controller Wait for the OU structure to get replicated across the active directory forest Communicate the new OU structure to support team The above points will ensure the due-diligence is done appropriately. 3. Risks

Risk that scripts ( ADM and WMI ) might fail due to new OU DN structure. Risk that Failure of windows services Risk that SCCM or SMS collection membership might failure Risk that precedence order would change Risk that OU structure is not replicated properly Risk that group membership is assigned inappropriately on OU and child OU level Risk that GPO s are not synchronized properly 4. Operations Checklist Delete the unwanted computer objects and user objects and wait for the domain controllers to get replicate the changes across forest. Delete the redundant group policies configured under the OU and child OU s Delete any blank group policies configured under OU and child OU s Add the new active directory users under security group memberships Move the computer objects and User objects into appropriate OU and child OU s Assign the Group membership to OU and child OU s Link the group policies to OU and child OU s with proper precedence level Enforce the required Group policies at the OU and the Child OU s level

Change the DN / OU path configured under Scripts ( WMI / ADM ) mapping to new OU structure Change the DN / OU path for any application used to retrieve data from the OU and child OU s respectively 5. Post GPO Implementation Checklist Confirm the OU structure in place Ensure that Users and Computer objects are moved appropriately to the OU and child OU s respectively. Ensure the Security membership is configured appropriately Ensure that all the Group policies are configured as per the precedence level Ensure the Support team is provided administrator access to manage the desktops Ensure the OU structure and GPO structure is replicated across the AD forest Ensure the SCCM / SMS collection query are updated to the new OU path Ensure the scripts and services are updated with the new OU path. Ensure all the applications retrieving information from the OU are changed with the new DN path / OU path. 6. Testing

Ensure that users are able to logon to their desktops / laptops Ensure that Group policies are applied successfully on all the desktops / laptops \ Use Group policy utilities to troubleshoot or analyze the data collected Check the applications / scripts for any errors Test for SCCM / SMS collections Conclusion The above document would assist GPO / OU Architects / Engineers in performing valid evaluation of existing environment and migrating to new OU structure.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information