What I know about AD design could be written on the back of a stamp...so brace yourselves.. I am building a Citrix farm which will exist in its very own autonomous AD forest which will be bolted next to a customers existing forest....don't ask...its a long story.. The result is, that the users for this farm will come from a totally seperate AD forest. What would be the best AD design for this particular configuration...my thoughts are :- an overall OU called FARM1, within the FARM1 OU, are additional OU's 1 for domain controllers, 1 for Nfuse servers and 1 for the farm XPE servers My questions are these 1. when the users enter the farm from an external forest, what group would they come under? i.e. where would I apply the AD GPO in order to restrict them... I'm guessing that the GPO being applied to the XPe servers would restrict these users?? 2. what sort of GPO would I apply to the domain controllers? 3. what sort of GPO would I apply to the nfuse servers? I think I'd better read the AD book again...boohoohoo Brian Lilley Systems Integration m +44 (0)7929 002501 t +44 (0)1249 665421 e brian.lilley@xxxxxxxxxxxxxx ********************************************************************** The information contained in this e-mail message is intended only for the individuals named above. If you are not the intended recipient, you should be aware that any dissemination, distribution, forwarding or other duplication of this communication is strictly prohibited. The views expressed in this e-mail are those of the individual author and not necessarily those of Vivista Limited. Prior to taking any action based upon this e-mail message you should seek appropriate confirmation of its authenticity. If you have received this e-mail in error, please immediately notify the sender by using the e-mail reply facility. ********************************************************************** _____________________________________________________________________ This message has been checked for all known viruses on behalf of Vivista by MessageLabs. http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx Vivista formerly Securicor Information Systems for further information http://www.vivista.co.uk ******************************************************** This Week's Sponsor: ThinPrint http://www.thinprint.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm