AD Structure and Security Groups

The small stuff!

I was going to leave this bit out, or go over it briefly but we may as well cover it in its entirety. While creating our Lab we could have gone down the route of using one administrator account to install everything, or Bind LDAP Policies, or use as our SQL Service account, the list goes on. For someone who is new to this, I’d image that is what they would do, I mean I did do it also. As we are a little bit wiser and know a bit better, we can go down the route of replicating how a Customers Environment may look and feel, although I still see administrator accounts used as service accounts in live environments to this day!

RDP to our DC, open up Active Directory Users and Computers.

We want to create our own Organisation Unit (OU) and possibly some additional OUs to split up the environment and keep things looking nice a clean. This is how i have designed mine:

adou

So we have a location for our Security groups, and application groups. Our infrastructure servers, either production like  our DC, or a maintenance Server, Our PVS Maintenance image. Then we have Service accounts, standard user accounts and lastly administrator accounts. So when trying to find something, or if someone else is trying to find something they are able to without breaking a sweat 🙂

So start with a standard domain user:

stndrduser

An Administrator user:

adminuser

Here is a small collection of Security Groups you will need. We will add more later but for now lets get these created. Use your own naming convention if you wish:

ourownusergoups

Add our new Administrator user to the groups also add him to the Domain Administrators group and these:

usergroups

Lastly we want to create out Service Accounts. I’ve gone for 3 for now, we will add more as and when we need them:

serviceaccounts

Add the generic groups to those users for PVS and SQL. We will be using the adsvc account to bind our LDAP policy to our domain on the netscaler. But that is much later down the road.

This is pretty much it, let me know if you have any questions regarding the information in this post.

Thanks

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s