Adding student's parents to AD

[disturbedone]

The decision was made by management to run with an externally hosted software package for our school that does many things related to education. Part of that is for student's parents to have user accounts in AD. We've outsourced the installation of Forefront UAG to link this external system to our AD securely.

The AD structure is currently:

domain.local
____SCHOOLNAME
________GROUPS
____________SECURITY
____________DISTRIBUTION
________USERS
____________STAFF
____________STUDENTS
________WORKSTATIONS
____________STAFF
________________DESKTOP
________________LAPTOP
____________STUDENTS
________________DESKTOP
________________LAPTOP

Questions are:
[ol 1]
[li]It would make sense following that structure to have an OU for parents in domain.local\SCHOOLNAME\USERS\PARENTS. Any reasons (security or otherwise) why that should not be the case?[/li]
[li]When creating a new user it defaults to be a member of the Domain Users group. Any reasons (security or otherwise) why that should be removed?[/li]
[/ol]

Parents will not be given an E2010 mailbox. They will just have an AD account to be able to be authenticated. If I add parents to a particular security group they would also be able to join our WiFi for basic, filtered access.

Any other thoughts on this?

 

[58sniper]

Users have to be a member of Domain Users. Without it, they can't login.

All the parents? That's a lot of licenses!

Do you have your Tek-Tips.com Swag? I've got mine!

Stop by the new Tek-Tips group at LinkedIn.

 

[disturbedone]

Educational licensing. I'll have to double check on how that works but it won't be as bad as you might think.

 

[baddos]

They certainly could be given Domain Guests and not Domain Users. Depending upon what they need access to.