So far in our series of best practice implementation for your school network we have had a look at how to use the administrative accounts securely, service accounts, computer naming schemes and server naming schemes. Over the next few posts we are going to look into Active Directory, Exchange and then SQL Server and how we can make some simple changes to the structure that can help your job a lot easier in supporting the users and managing your environment.
In this post we are going to look at Active Directory and I already know that a lot of you are going to see this post and think ‘doesn’t everyone already do this’. You’ll be surprised in the number of ICT Support team who implement this simple Active Directory structure for there school and then keep it up to date.
There are 3 main different types of objects for you to manage for your school. These are users, groups and computers.
I’ve seen some very well implemented and up to date Active Directory and I’ve also seem some that have no implementation through at all and the update ones also have the right structure to support their user base. I connected to a school recently that kept all their users in the built in User Organisation Unit in Active Directory with all their groups. The school was around 1,100 students and they had over 3,000 accounts.
The best way to separate your users is to use Organisational Units also know as OUs, they have been designed for you to separate your organisation into what ever structure that suits you.
I always start with a top level Organisation Unit that is the school name or some kind of Prefix of the school. I now know that everything is below this OU and I can easily find it.
Create 3 new OUs called Users, Groups and Computers.
In any school we have teachers and students, again separate these by create to new OUs under Users. You may also have other users in your network to all parents/family members and governors, create an OU for each of these.
You can separate your staff into different organisation if you want such as teaching staff, admin staff for example but that’s for you to decide and how you want to manage those groups. For now we’ll continue with students.
We now need to split our students into different OUs which will be the year they join the school in year 7. This is most common in schools I visit. When a new students starts in Year 9 they are still added to the OU that presents the year they would have started in Year 7. Create an OU for each year group.
You may think there are only a few groups needed in your school and depending on the other services you offer in the school you may be right but we still need to manage these. Under your Groups OU you will want to create OUs to separate students groups and teaching groups such as departmental groups so each department have a group, each year will have a group and of course an all staff group.
Your All Student groups doesn’t have to have each student in it. Instead add all the year groups in instead so you only have to manage one group for each user instead of two.
Groups Policies play an important part in your security and configuration of your network. Some use it to deploy software to computers but to do this you need to be able to manage licenses so creating OUs for each classroom can help. Consider this part to be a break down of your school by location. If you have two builders start off with these and break it down to floors and rooms.
3rd Party Tool
I’m very proud to have worked with SalamanderSoft in the past on the Learning Gateway Conference. They have a tool that can manage all this for you, create security groups based on your timetable and add and remove students and staff as and when they leave the school. I highly recommended this product. http://www.salamandersoft.co.uk/. The product doesn’t do Computers but it will save you a lot of time with managing user accounts and groups.