The integration of Active Directory & impact with the current Ken 7 Windows Limited environment is that all new users will be created within Active Directory at the Local Group Policy Object (GPO) level. They are assigned to Site GPO’s, Domain GPO’s, & an overall Organizational Unit GPO. The Organizational GPO would be “Ken 7 Windows Limited”, the Domain would be manager (level of authority), Site GPO would be location (state if national, country if international). The last level would be the Local GPO, where each users’ ...view middle of the document...
With the use of the levels of GPO’s described above, the lower level (user account) takes precedence over the higher level. If you want a specific manger or individual user to have privileges to something that the others in that GPO (Local, Site, or Domain) don’t, you have authorize that individual the privilege.
It makes the management of privileges and security much easier to track, and not have to worry about mistakes being made. If they happen to be made, they can quickly be fixed or corrected.
The last thing I want to cover is the use of SID’s (Security ID’s). Under Active Directory each user is assigned a SID, which travels with them no matter where they are logged-in from (eg. A different computer at the same site/location to one in another state or country). This allows easier access via the correct privileges through Active Directory. The current way SID’s are managed is having to do this on each individual computer the user has to access (eg. Whether this is locally, nationally, or globally). This is something that may work for a single site/location, but gets extremely costly if travel is needed. It also can get difficult to manage if you are requiring other sites to manage (eg. Not their responsibility).