Using Active Directory Security Groups as Hierarchical Tags
Posted
by
Nathan Hartley
on Server Fault
See other posts from Server Fault
or by Nathan Hartley
Published on 2010-10-19T21:16:43Z
Indexed on
2011/01/13
23:55 UTC
Read the original article
Hit count: 339
Because active directory security groups can...
- hold objects regardless of OU.
- be used for reporting, documentation, inventory, etc.
- be referenced by automated processes (Get-QADGroupMember).
- be used to apply policy
- be used by WSUS
I would like to use security groups as hierarchical tags, representing various attributes of a computer or user. I am thinking of (computer centric) tags something like these:
/tag/vendor/vendorName
/tag/system/overallSystemName
/tag/application/vendorsApplicationName
/tag/dependantOn/computerName
/tag/department/departmentName
/tag/updates/Group1
Before fumbling through implementing this, I thought I would seek comments from the community. Specifically in the areas:
- Does this make sense?
- Would it work?
- Has anyone else attempted this?
- Is there a good reference on the matter I should read?
- How best to implement the hierarchy?
- Tag_OU\Type_OU\GroupName (limits quantity in OU, uniqueness not guaranteed)
- Tag_OU\Type_OU\Tag-Type-GroupName (limits quantity in OU, uniqueness guaranteed, verbose)
- etc ...
Thanks in advance!
© Server Fault or respective owner