Active Directory

As time consuming as auditing Active Directory can be, it needs to be performed on a regular basis. The only sane way to audit Active Directory is to automate as much of this process as possible. Before you get to that point of automating your audits, you have to put some initial legwork into cleaning up your Active Directory environment. This needs to be an agreed upon plan with your team, as it doesn't take long for things to get messy again if everyone doesn't agree on a single approach. Hopefully you have a decent foundation to work with, otherwise you might as well start from scratch because of the headaches existing Group Policies and NTFS/Share Permissions are going to cause you. The preferred approach to organizing active directory is grouping department users and endpoints that are associated with each other.

 
 

servers

     Creating a Server Organization Unit with additional departmental OU's is my preferred approach to organizing servers in Active Directory.  There are many GPO's that are applied to all servers so by creating a tiered approach with your servers you can apply these GPO's in a more sensible way. You can even take this approach further, depending...

 

security groups

Managing Security Groups can be a nightmare, especially if an secure approach to share and NTFS permissions has never been taken into consideration. More than likely a thought out structure was never put into place so my preferred way...

 

endpoints and users

Like servers, a tiered approach to endpoints and users is my preferred way of organizing my Active Directory Environment. I like to start out with general OU like "Departments" then create an OU for each department such as "Finance", "IT", "Engineering", then two OU's per department; one for users and one for workstations. I've found that this approach has always worked really well due to the fact that a...