This is one of the most common models for large organizations. The OU structure will be based on the geographical location of the branch offices. Each of these branch offices may also have its own IT team. So, the main idea behind this model is to delegate administration control:
In the preceding example, the organization has two branches in Asia and Europe. The first level of the OUs will start based on geographical location and then be further categorized based on the object types. Asia and Europe both have Users and Computers child OUs in their second level. In this model, on most occasions, each geographical location will follow the same structure in its child OUs. This allows you to delegate control for a group of administrators to manage branch office objects easily. This will improve infrastructure management and the productivity of IT operations.
The advantages and disadvantages of the geographical model are listed as follows:
|
Advantages |
Disadvantages |
|
Delegated control: As explained earlier, the core value of this model is easy delegated control. Each object related to each branch is located in one structure, and it provides more control for administrators to delegate control. |
Extensibility: Limited extensibility compared to the object type model. Most of the time, each branch structure should follow predefined standards. Therefore, if structural changes are required, it will have limitations based on these standards. |
|
Repetitive: Most of the time in this model, each branch office will have similar administrative, operational, and security requirements. Therefore, most of the Group Policy settings used in one branch will be able to apply for another branch too. |
Operation limitations: Each branch office IT team will have delegated control to manage the branch office's objects. But these privileges are limited. It is possible that in order to perform certain tasks, they still need to depend on the HQ IT team. |
|
Maintain standards: This model allows you to maintain administrative and security standards across the organization even if it has different branches. Even though branch IT teams have delegate control to perform certain tasks, at any time, privileged administrators can change or revoke these delegated controls. |
N/A |