deployment issue

[user]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi All

I would like to maintain multiple OUs under one domain in fact one directory
server. But will this create a name crash problem even if people with the
same name actually exists under different OUs, or is there a way to tell the
system to address / identify users down to OU level, say the login account
is John@ou1.xxx.com instead of John@xxx.com ?

TIA

--

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The path to the location of the object is what makes that object unique.
This is called a DN. It is the full name of the object. However,
regardless of logical structure, you cannot have a duplicate of the
sAMAccountName (Pre-Windows 2000 User name).

People with the same name is not an issue. You can have 1,000,000 John Does
as long as their sAMAccountName is different. In a live environment with a
large number of users, chances are there will be several people with the
same names. However, the name fields are informational. AD doesn't need
them.

However, in your example you use UPNs. You can create multiple UPN suffixes
and create different user names based on these. But the Pre-Windows 2000
name will have to be different. There are additional rules enforced on this
for backward compatibility.

Create as many OUs as you like. Although the actual design principles
dictate that you mainly create them for policy application or delegation.
However, in complex environments, it's often easier on the administrator to
segregate objects into logical groups.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/