For scalability you should use an Authorisation Group -> Resource Group strategy.
Your AGs are based on teams or departments. Your RGs are assigned to the ACLs for each resource. You put your AGs into your RGs. This makes provisioning/deprovisioning simple. Your RGs probably shouldn't have the server name embedded. You use DFS-N right? So, the RG can be based on the share name and the type of access. For really small environments your strategy can work, but it won't scale. Cheers Ken -----Original Message----- From: David Lum [mailto:david....@nwea.org] Sent: Monday, 30 August 2010 11:48 PM To: NT System Admin Issues Subject: RE: Finding unused/dead groups? In no environment (of six that I manage) have I moved servers outright where this would be an issue, replacement file servers (quite rare in fact) inherit the same name and new servers get new groups. Having said that, you do bring up a good point to consider going forward. Is it possible to script changing AD group names in bulk? If I had 20 group names that started SERVER1_ change them to SERVER2_ ? If not server names, what do you use for an AD group name used to accessing file shares? Dave -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, August 18, 2010 3:08 PM To: NT System Admin Issues Subject: Re: Finding unused/dead groups? On Wed, Aug 18, 2010 at 5:54 PM, David Lum <david....@nwea.org> wrote: > Not to mention our group name itself is in the form of > <Server>_<Share>_<RWXD> I don't like that because it means if you move servers your group names either change or become misleading. But we otherwise do something similar. Things like "QMS Doc Editors" and "QMS Doc Readers". -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: k...@adopenstatic.com. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=4624534.8cf8ec89c55b059d3d64e25ae6780307&n=T&l=ntsysadmin&o=9079448 or send a blank email to leave-9079448-4624534.8cf8ec89c55b059d3d64e25ae6780...@lyris.sunbelt-software.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: arch...@mail-archive.com. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9079464 or send a blank email to leave-9079464-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
