Using Active Directory Security Groups as Hierarchical Tags

Posted by Nathan Hartley on Server Fault See other posts from Server Fault or by Nathan Hartley
Published on 2010-10-19T21:16:43Z Indexed on 2011/01/13 23:55 UTC
Read the original article Hit count: 339

Because active directory security groups can...

I would like to use security groups as hierarchical tags, representing various attributes of a computer or user. I am thinking of (computer centric) tags something like these:

/tag/vendor/vendorName
/tag/system/overallSystemName
/tag/application/vendorsApplicationName
/tag/dependantOn/computerName
/tag/department/departmentName
/tag/updates/Group1

Before fumbling through implementing this, I thought I would seek comments from the community. Specifically in the areas:

  • Does this make sense?
  • Would it work?
  • Has anyone else attempted this?
  • Is there a good reference on the matter I should read?
  • How best to implement the hierarchy?
    • Tag_OU\Type_OU\GroupName (limits quantity in OU, uniqueness not guaranteed)
    • Tag_OU\Type_OU\Tag-Type-GroupName (limits quantity in OU, uniqueness guaranteed, verbose)
  • etc ...

Thanks in advance!

© Server Fault or respective owner

Related posts about Windows

Related posts about windows-server-2008