stackoom
  简体   繁体   中英

Active Directory Structure Performance OU / Groups?

 原文  2021-12-27 15:08:28       active-directory/ active-directory-group/ organizational-unit

Question

I'm planning on creating around 6000 departmental groups in AD. There are around 1000 departments, and each department will have around 6 groups, resulting in ~6000 groups.

I have two ways to do this:

  • either I put all 6000 groups in one root OU
  • or create 1000 sub OUs for every department in root OU, and put the 6 groups inside the according department OU

Example:

root OU:

  • sales_group1
  • sales_group2
  • it_group1
  • it_group2

or

root OU:

sales_OU:

  • sales_group1
  • sales_group2

it_OU:

  • it_group1
  • it_group2

Is there going to be any difference in production performance? I don't mind what takes longer to create, but what will be more efficient for production?

Thanks for your advice - Tortellini

1 answers

solution1
 0  2021-12-28 12:38:00

• Creating 6000 groups in the default root OU will be very easier than creating 1000 OUs and then adding 6 groups to every OU as it will less time consuming, and less effortless. You can directly create those groups in a single command execution. But creating them this way will make their individual management very hectic and without any track of parent department or delegation of resources/permissions to them.

• And creating 1000 OUs and then adding 6 groups to each of them is more time consuming and quite complicated as it requires editing the script accordingly and the excel CSV file which contains the list and details of those OUs, then executing the script for importing them accordingly in the AD. But once these OUs are imported and the groups are created under these OUs, you can manage these departments individually by delegating appropriate permissions/applications/resources to each one of them.

• Also, please take into account that performance is not hampered or effected by any of the methods since all these records are stored in a secured directory table structure in a '.dit' file, ie, Directory Information Tree file and for using them in AD environment, the DN or distinguished name of each object is referenced or used and mapped accordingly in the database due to which performance isn't hampered in any way in both the scenarios.

Please find the below link for your reference: -

https://docs.microsoft.com/en-us/windows-server/administration/performance-tuning/role/active-directory-server/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Not getting all the groups when searching by OU in Active Directory Too many Active Directory groups a performance issue? Return OU in active directory search Active Directory List OU's Active Directory OU Tree to jqTree Search a user in the OU Active directory Add new OU to Active Directory Move Object to an OU in Active Directory How to get list of groups with no ManageBy from a specific OU in Active Directory with Powershell Active Directory move a user to a different OU
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM