Justin's Blog

AD DS Design Document

Published: August 31, 2025

NorthStar Consulting – AD DS Implementation Plan Prepared by: Justin Van Den Hurk Date: 31/08/2025

1. Business Requirements

• Centralized user management (move away from workgroup setup).
• Secure file storage with access based on department.
• Support for growth (up to 50 users in next 3 years).
• Simple Group Policies (passwords, drive mapping, desktop settings).

2. Domain Design

• Domain name: northstar.local
• Forest: Single forest, single domain.
• Domain Controllers:
  • DC1 (Primary – DNS, DHCP, AD DS)
  • (Optional later) DC2 (Redundancy)

3. Organizational Units (OUs)

• Directors
• Consultants
• Reception
• HR
• Marketing
• Accounts
• Shared Resources

4. User & Group Strategy

• Users: One per employee, format firstname.lastname
• Groups:
  • HR_Staff
  • Accounts_Staff
  • Consultants_Staff
  • Marketing_Staff
  • Reception_Staff
• Principle of Least Privilege: Restrict HR/Accounts to department only.

5. File Share Plan

• \\northstar\Public – Everyone
• \\northstar\Consultants – Consultants + Director
• \\northstar\HR – HR + Director
• \\northstar\Accounts – Accounts + Director
• \\northstar\Marketing – Marketing + Director

6. Group Policies (initial)

• Password policy: 8+ characters, complexity, 90-day change.
• Department drive mapping.
• Desktop wallpaper (company logo).
• USB storage blocked for HR + Accounts.

7. Testing & Rollout

• Join test workstation.
• Verify logon, drive mapping, permissions.
• Pilot with HR + Consultant accounts.
• Roll out to rest of staff.

4. User & Group Strategy

• Users: One per employee, format firstname.lastname
• Groups:
  • HR_Staff
  • Accounts_Staff
  • Consultants_Staff
  • Marketing_Staff
  • Reception_Staff
• Principle of Least Privilege: Restrict HR/Accounts to department only.

5. Users & Groups Assignment

6. Visual Diagram