Technology Toolbox

Your technology Sherpa for the Microsoft platform

Jeremy Jameson - Founder and Principal



Active Directory Domain Structure in the "Jameson Datacenter"

This post originally appeared on my MSDN blog:

Since I no longer work for Microsoft, I have copied it here in case that blog ever goes away.

In a previous post, I provided some details on the "Jameson Datacenter", which is really just my home lab that I use for learning new technologies and improving my skills, as well as actually completing my day-to-day tasks on various customer projects (whenever I am actually able to work from home instead of using my laptop at a customer site).

In this post, I want to share details about how I've configured my Active Directory domain, namely

Technology Toolbox is just a name I came up with about ten years ago before joining Microsoft. At the time, I was considering starting my own company and therefore went looking for an available domain name. (I would have preferred, but that was already taken.) [Don't bother trying to browse to because, honestly, I haven't yet invested the time in actually creating the Web site -- even after almost ten years.]

As you can see in the following figure, I've created a number of organizational units (OUs) which you would typically find in many enterprise organizations.

Jameson Datacenter - Active Directory domain structure
Figure 1: Jameson Datacenter - Active Directory domain structure

Note that I didn't really come up with this structure myself (except for the Admin Accounts OU, which I believe was an "original idea" of mine -- but honestly it's been so long that I can hardly remember). Most of this is based on the prescriptive guidance from TechNet. You can find the latest version of this guidance in the AD DS (Active Directory Domain Services) Design Guide. [I tried to find the original reference material that I used, but I gave up looking for it on TechNet this morning after about 5 minutes.]

As you can see, I created OUs to model organizations such as the Development group, the IT group, and the Sales organization.

The following table summarizes the various OUs in the domain:

Organizational Units in the Domain
Organizational Unit Description
Development Represents the "Development" group within Technology Toolbox (which really just means me, since my wife doesn't do any development and my 3-1/2 year old daughter isn't quite ready for .NET yet)
Development/Groups Contains the groups within the Development organization (such as TECHTOOLBOX\All Developers and TECHTOOLBOX\Development Admins). Delegated administration is used to allow developers to create and manage their own groups.
Development/Resources Container for various resource OUs
Development/Resources/Servers Contains servers for the Development environment (e.g. DOGFOOD, FOOBAR, and FOOBAR2)
Development/Resources/Workstations Contains individual developer workstations (e.g. NIGHTCRAWLER and WOLVERINE).
Development/Service Accounts Contains service accounts for the Development environment (e.g. Service account for SQL Server (DEV) -- TECHTOOLBOX\svc-sql-dev)
Development/Users Contains user accounts for each person in the Development organization (e.g. TECHTOOLBOX\jjameson)
IT Represents the corporate "IT" group (which is really just my alter ego -- TECHTOOLBOX\jjameson-admin) that assumes all responsibility for managing the "Production" environment at Technology Toolbox
IT/Admin Accounts Contains all user accounts that are members of the Domain Admins group. Note that all of these accounts are suffixed with "-admin" in order to easily distinguish them, as well as provide alternate "elevated privilege" accounts (e.g. TECHTOOLBOX\jjameson-admin) corresponding to low-privilege accounts (e.g. TECHTOOLBOX\jjameson)
IT/Groups Contains the groups specific to the IT organization.
IT/Resources Container for various resource OUs
IT/Resources/Servers Contains servers for the "Test" and "Production" environments. Currently this include BANSHEE, BEAST, COLOSSUS, CYCLOPS, DAZZLER, ICEMAN, JUBILEE, and ROGUE.
IT/Resources/Workstations Contains individual workstations for the IT organization. This OU is currently empty.
IT/Service Accounts Contains service accounts for the "Test" and "Production" environments (e.g. Service account for SQL Server (TEST) -- TECHTOOLBOX\svc-sql-test and Service account for SQL Server -- TECHTOOLBOX\svc-sql)
IT/Users Contains user accounts for each person in the IT organization. This OU is currently empty.
Sales Represents the Sales organization within Technology Toolbox. I created this OU primarily for testing (for example, to verify whether I've configured the permissions correctly on a SharePoint site).
The Sales OU contains similar OUs as Development. These are simply not shown in the previous table.

Note that this domain structure, I'm able to use the Group Policy feature of Active Directory to "effortlessly" configure new servers.

For example, this morning I created a new development VM (FOOBAR3) from a SysPrep'ed VHD file. After joining the new VM to the domain, I then moved FOOBAR3 to the Development/Resources/Servers OU. After the VM rebooted (which is required when you join a domain), it was automatically configured with numerous settings, including Windows Update (i.e. to update from my WSUS server -- COLOSSUS) and also to grant the TECHTOOLBOX\Development Admins group administrative access (of which TECHTOOLBOX\jjameson is a member). I was then able to quickly log in with my regular account and start installing SQL Server 2008 (which finished before I actually completed this post). Now it's time to install Visual Studio 2008...

I'll cover my group policy configuration in a separate post.


No comments posted yet.

Add Comment

Optional, but recommended (especially if you have a Gravatar). Note that your email address will not appear with your comment.
If URL is specified, it will be included as a link with your name.

To prevent spam from being submitted, please select the following fruit: Strawberry

Please add 6 and 4 and type the answer here: