Recommended practices – Part-7: Resource management via Active Directory

This is a multi-part series on recommended IT practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

Active Directory is an integral component of Microsoft Windows Server; it is a powerful utility to manage both end-users and shared resources on a network.

It can scale to match the needs of any organization, from small to Enterprise size.

User management via Active Directory was discussed in January 2015 Bryley Tips and Information at Resource management is reviewed below.

Resources (servers, computers, folders, printers, scanners, etc.) should be located strategically to provide capabilities where needed.  They can be setup to support either groups of computers (IE:  all counter-based PCs in a retail store) or groups of users (IE:  all tellers at a specific branch office of a bank).

Resources are published within Active Directory to assign access.  For example, these are the basic steps to publish a new printer for a group of computers:

  • Create a new Group Policy within the appropriate Container*
  • Select the desired Computer Configuration settings
  • Setup Location Tracking (as needed)

*Active Directory uses Containers to provide segmentation and organizational structure; Containers are usually Forest, Tree, Sites, Organizational Units, orDomains.

If you prefer to setup access for a group of users rather than a group of computers, you would select User Configuration rather than Computer Configuration when publishing a resource.

Once published, resources within Active Directory need periodic attention to adjust access as needs change and to remove decommissioned resources.

Active Directory has a well-established set of best practices; these can be enforced through the Active Directory Best Practices Analyzer, which identifies and reports deviations from best practices.

William R. Stanek provides an overview on Active Directory features and capabilities in his article Using Active Directory Service from Chapter 5 of theMicrosoft Windows 2000 Administrator’s Pocket Consultant.