For some reason I must not be Googling this correctly. I am looking for advice on how to best design and create Acitve Directory (AD) groups to use as the basis for Windows logins in SQL Server 2008 R2, with the emphasis on design
I have found many links that discuss the technical ways to create AD groups and make logins in SQL Server, but nothing that addresses a methodology for how to design the groups in the first place. For example, should I create separate organizational units (OUs) for each server, or one OU pertaining to databases and then groups under that for each server's type of required access? I feel like I am engaging in rookie behavior when there is a tested method out there somewhere.
- I want to know *whether* I should ask our systems folks for multiple OUs before I do so.
- I don't know whether to arrange AD groups by server, such as a group name with the server name prefix, or by application, or some combination. I thought about DBSERVER_AppName_Admins, for example, but not sure if that is on the right track - perhaps just AppName_Admins under an OU of DBSERVER.
Thanks in advance for any help.
"I love spending twice as long and working twice as hard to get half as much done!" – Nobody ever.
"Operator! Give me the number for 911!" - Homer Simpson
"A SQL query walks into a bar and sees two tables. He walks up to them and says 'Can I join you?'"