Educause Security Discussion mailing list archives
Active Directory Data Model for University Business
From: William Custer <custerwl () MUOHIO EDU>
Date: Mon, 11 Dec 2006 15:22:12 -0500
Miami University is seeking contact with universities that have successfully implemented Active Directory on a large scale and modelled the Organizational Units and Group Policy classes to successfully fit a university business model. In particular, Active Directory places a User Account in one and only one Organizational Unit, but university personnel frequently hold more that one organizational role. Sub-groups of users can be built as exception lists, policy be associated with multiple groups of this kind, and most importantly, a User Account can be placed in multiple groups. A strategy like this seems to be required and hence makes use of more than one organizational unit for User Accounts largely irrelevant at minimum and beyond that unnecessarily confusing. Has anyone devised an elegant strategy that permits the same User Account to be associated with more than one 'group' and multiple groups to be associated with some policy?
Current thread:
- Active Directory Data Model for University Business William Custer (Dec 11)
- <Possible follow-ups>
- Re: Active Directory Data Model for University Business Brad Judy (Dec 11)