Archive

Posts Tagged ‘ou’

Technology Policies/Guest Users

We’re starting a new series on Monday called “Policy Monday” to help share common technology policies. This week we’ll start with Adding Guest Accounts to the Network.

The following is a general guideline for creating guest user accounts on Active Directory based Windows network.

  1. Create a new Guest Organizational Unit
  2. Create the guest account:
    1. If it is a role account (several temps performing the same job) then create a “role based” username
    2. If it is restricted to a single user for a short period of time, then create a “real name” based username
  3. Set the account expiry to something reasonable
  4. Set the change password on next logon and assist the user with their first logon to the desktop.
Advertisements
Tags: , , , ,

Microsoft SBS Wizard Troubleshooting

3d human with a red exclamation markToday I have resolved my fourth SBS Wizard related problem this year. The symptoms are the same on both SBS 2003 and SBS 2008 – when attempting to use the Wizards to create a user or computer, the wizard works all the way until the last step and then fails with an error.

The problem in all four cases this year have been because someone treated an SBS server like a Windows Standard Server. And the reality is that while it is based upon standard server, it really is not. There have been major tweaks and adjustments to permit it to work the way it does. Among them is various restrictions on changes to Active Directory. Basically, unless you understand exactly how the SBS Wizards leverage Active Directory, it is best not to do anything through the standard Active Director Users and Computers console. The Wizards require that users, computer and other data are placed in very specific Organization Units, with very specific names. Renaming OUs or moving users into a more “logical” place will prevent the wizards from working properly.

The people who get themselves into too much trouble are often IT consultants who think they know better – but really don’t. The reason is that a newbie administrator will actually read the documentation that comes with SBS and/or pickup a great reference book, which all say the same thing — use the wizards for absolutely everything, don’t make any changes to Active Directory outside of a wizard. The only exception being would be documentation which specifically takes SBS into account. A Microsoft Technet page will specifically call out that it works with SBS; if it just mentions Standard Server, beware! Remember that SBS is made for oranizations of 75 users or less, and in these environments, rarely will you need a complex OU scheme.

In all four cases this year, it has been because someone has renamed or deleted the default SBS OUs which are created automatically. A quick rename of the OUs back to what they were origionally named, will resolve your problems. That’s it, no big changes, registry adjustments, etc. Simply put the OUs back to where they were automatically created and you should be all set.

Remember, SBS 2003/2008 is not Standard Server, nor is it Exchange Standard — it is a (for lack of better terms) hacked version of Server Standard and Exchange Standard – they are ment to be managed nearly 100% by the wizard and SBS consoles.

70-294 Concepts: Orangization Units Design

graduationWhen designing your 0rganizational units within a domain:

  • Design first based on administrative needs
  • Layout using consistant hierarchy:
    • Nested/layered/Hybrid design okay (Physical site/business units; bu/site; etc)
    • Avoid hybrid designs on the same level (PS/BU at the same level, hierachial, okay)
    • If using sites for OU’s, avoid a design which omits a site (same with Business units)
  • Use OU’s with Delegation of authority instead of child domains when possible (q89)
  • When mutiple administrators are working in AD, and one moved objects into an OU, just deleted by another admin (but neither DC has replicated yet), the contents of the deleted OU go to the LostandFound folder.
  • If you delete an OU, the contents of the OU go as well (except per above)
  • Replication occours at the feature level in 2000; vs value level in 2003 – reducing replication collissions resulting in latest-takes-precident
Tags: , , ,