Overclock.net › Forums › Specialty Builds › Servers › MS Sys Admins: Organizing my AD structure
New Posts  All Forums:Forum Nav:

MS Sys Admins: Organizing my AD structure

post #1 of 2
Thread Starter 
Hi guys,

I am a software developer and am setting up a more formal environment for my home business use. I currently have a server with Server 2008 R2 on it and have it set up as a domain controller. Unfortunately, I don't have the money to purchase another server as an application server and a database server, so everything is sorta crammed on here (sql server 2008 exp, all my Atlassian development tools).

Anyhow, my big question is how I am going to set up my organization. I'd like to create roles for the various levels of authorization users will need. Here are the basic roles there are:
  • Subversion: access to repositories. Varies from no access, to read-only access, to full commit access.
  • Databases: access to the server instance itself. Also, need to be able to set up roles for specific databases, and within that, differentiate between various levels of SELECT, INSERT, etc. privs
  • JIRA: (An Atlassian support tool) Need to list some people as contributors
  • Fisheye/Crucible/Bamboo: (More Atlassian software) Need to also delegate privs here.

Basically, I don't have a good idea on what conventions are for setting up OUs and Roles to fit my needs. Could anyone offer some suggestions, or maybe point me somewhere that has various 'design patterns' of AD schemas that are used in business?
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7 920 @ 4Ghz Rampage II GENE PNY GTX 680 G.Skill Sniper (12GB) 
Hard DriveOptical DriveCoolingOS
Seagate Momentus XT SATA Optical Drive Kuhler 920 Windows 7 Ultimate 
MonitorKeyboardPowerCase
Dell U2410 Logitech G11  Silverstone ST75 750W Antec Mini P180B 
MouseMouse PadOther
Logitech MX518 Steelpad G19 Gaming Headset 
  hide details  
Reply
post #2 of 2
Really it depends upon your organization. Here is an example of a department made up of fairly separate units.

You would have a container for each, then in that container OU's for the employee's accounts, container for security groups, container for NTFS groups (the "Domain Local" Groups applied to the folder ACL's), then an OU for the workstations.

It would look like this:

Human Resources
Accounts
Service accounts
Security groups
NTFS Groups
Workstations
Laptops
Servers

For the SQL service accounts you make, you would us the "Service Accounts".
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Servers
Overclock.net › Forums › Specialty Builds › Servers › MS Sys Admins: Organizing my AD structure