1. | What type of OU structure should be used to efficiently administer the active directory objects?
|
|
2. | Who should be identified as the OU owners ?
|
|
3. | Who should be identified as the OU administrators? (Choose all that apply.)
|
|
4. | Insane Systems has chosen to use a single domain design. The Accounting department is only going to be located at the corporate headquarters. Some of the objects that Accounting has access to should not be seen by other users within the company. Is this single domain structure still the best design, or should another option be considered ?
|
|
5. | When designing the OU structure, you will want to create a design that will be efficient for the administrative staff. Using the following diagram, place the appropriate labels on the OUs according to the OU structure that best meets the needs of Insane Systems (there may be labels or OUs that are not required to complete this). |
|
6. | When migrating accounts from the existing Windows NT 4.0 domain, where in the hierarchy should they be migrated (there may be labels or OUs that are not required to complete this question)? |
|
Answers
1. | A. Location-based will be the most appropriate structure because the administrative structure is set up to take advantage of administrators at each location having control over their own resources. |
2. | A. The corporate administrators will have the ability to control all of the objects within the new Active Directory design. They will be able to control the OU structure as well as have complete control over the users, groups, and resource objects. |
3. | A, B, C, D. Those users who have been identified as resource administrators for each location will be added to a group that has been delegated the authority to work with the resource objects. Although the corporate administrators were defined as the OU owners, OU owners have the ability to provide administrative control over the objects, which they do provide to the corporate resources. |
4. | A. The single domain option is still the most efficient for Insane Systems. The OUs can be used to control administrative delegation over the appropriate objects, and if the Accounting department needs to control what objects are available for users, another OU could be created with the accounting objects organized within it. The accounting users could then be granted the List Contents permission and any other appropriate permission to the objects so that they can find them within Active Directory. |
5. | Insane Systems design should take advantage of the location-based OU structure, so the top-level OUs will be based on the locations of their branches. Beneath each of the location OUs, an OU should be created for the user and group objects and another for the objects that represent the resources at each location. This allows the user accounts to be organized based on their location; the OU owners for each location can maintain the user and group objects. The resource objects can be placed in the resource OUs where inheritance will allow the OU owners to still have control of them, but the OU administrators can be delegated the ability to maintain the resource objects if necessary. |
6. | The user and group accounts within the existing domain represent the corporate accounts that are used in the Chicago location. Migrating these users and groups to the Users and Groups OU within the Chicago OU will keep them organized correctly. Moving the computer accounts to the Resources OU within the Chicago OU will allow the administrative staff to control the resources as they currently do. |