Microsoft Exchange - Active Directory

ColemontHD

Banned
Oct 4, 2006
477
0
0
Hey gang. I am here with a rather long post. I need as much help, information, and suggestions as possible. We are in the process of re-vamping our Active Directory setup. We currently have a "working" way, but it is not setup correctly and could soon lead to some problems.

Here is what we have. We are currently running Windows Server 2000. We are in the process of getting everything switched over to 2003, but in the mean time, we need to setup what we have correctly, then switch it over. We are waiting due to contracts and what not with Microsoft. We are billion dollar company with around 500 total users.. We have offices here in Dallas, Fresno, San Francisco, Sacramento, Solvang(Cali), Phoenix, Chicago, Hartford, Atlanta, Nashville, and Florida. We also have roughly 100 users over seas that just use webmail, but are part of our active directory.

Now, this is how we have it setup.

Domain
*Office OU's
**Sub Offices, Users, Computers, Printers.

From within Corporate OU we have the overseas users(remember, they just have webmail access).

As of right now, we have NO Group Policies. As of right now, I know very little about group policies, but that is why I am here. We are wanting to create a way that when a new employee comes along, we have policies in place that automatically sets them up according to their office, group, team and what not. I should explain that my company is an insurance brokerage group so we have Brokers, Office Managers, Supervisors, admins, interns, and pretty much the corporate setup here.

I am here to ask what you guys suggest we do. I would like to know if there is a link I can go to with a list of what policies I can use, scripts, policies, whatever. Please if you can, be throughout with your postings. I am here for suggestions, ideas, and implementations, NOT comments, rude opinions, or anything negative in any way. Thank you for your time.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
I would suggest hiring an MS admin, who knows this in and out. If you are a billion doller company, you need real IT who is trained and certified in doing this. They will find/fix/prevent much more then GPO stuff.
 

ColemontHD

Banned
Oct 4, 2006
477
0
0
Thank you. However, we have a strong team. I am going to be part of the ongoing process of keeping up with the active directory. I understand what you are saying, but that is not the option here.
 

skace

Lifer
Jan 23, 2001
14,488
7
81
There isn't much to know about group policies. Create a new policy from scratch and go through every option, run each option against your team and at what level you'd like to set it at. I'm sure the business already has specific ideas for what needs to happen. Whether everyone globally has a 15 minute password or whether each site has their own logon script.

You can organize the groups and machines however you want, I wouldn't make it too complicated though, only as much as is needed to cover whatever GPOs you need setup. Someone is still going to have to run a new user batch file, this isn't an automatic step. But you could create batch files depending on what site they are at, and have the commands add them to the proper OUs.

Look into commands such as netdom for automation.

Last but not least... the resultant set of policy (RSoP) snapin is your friend:
http://technet2.microsoft.com/WindowsSe...12-b5d9-e73d4bdc94911033.mspx?mfr=true
 

stash

Diamond Member
Jun 22, 2000
5,468
0
0
Do I understand your post correctly, and you are in the process of getting a Microsoft Premier contract? If so, I would highly recommend you wait for that to be finalized. The last thing you want to do is burn a bunch of cases on your new contract to have them fix things that you set up incorrectly.
 

ColemontHD

Banned
Oct 4, 2006
477
0
0
Originally posted by: skace
There isn't much to know about group policies. Create a new policy from scratch and go through every option, run each option against your team and at what level you'd like to set it at. I'm sure the business already has specific ideas for what needs to happen. Whether everyone globally has a 15 minute password or whether each site has their own logon script.

You can organize the groups and machines however you want, I wouldn't make it too complicated though, only as much as is needed to cover whatever GPOs you need setup. Someone is still going to have to run a new user batch file, this isn't an automatic step. But you could create batch files depending on what site they are at, and have the commands add them to the proper OUs.

Look into commands such as netdom for automation.

Last but not least... the resultant set of policy (RSoP) snapin is your friend:
http://technet2.microsoft.com/WindowsSe...12-b5d9-e73d4bdc94911033.mspx?mfr=true

Thank you for that link. I have been reading through it and it is almost exactly what I was looking for.