Hosting Solution Active Directory Structure

At the top level of the Active Directory hosting structure that Microsoft Provisioning System (MPS) implements is the Hosting OU, which contains all of the Active Directory objects associated with MPS as follows:

  • _private container - Contains objects to determine the role priority number (RPN) of the requesting user account, store information about subscribed services, and determine the organization type of an organizational unit (OU), such as hosting, reseller, or customer.

    • AllUsers@Hosting group

    • AllUsersGroup group

    • AllResellerAdminsGroups group

    • AllResellerCSRAdminsGroups group

  • User accounts - User accounts in the hosting container. For example, user1@Hosting, user2@Hosting, and so on.

  • Groups - Groups in the hosting organization. The preconfigured administration groups are listed next. Groups can also include distribution groups created by service provider administrators and customer service representatives (CSRs).

    • Admins@Hosting group - The security group for service provider administrators. To make a user account a service provider administrator, you make it a member of this group.

    • CSRAdmins@Hosting group - The security group for service provider CSRs. To make a user account a service provider CSR, you make it a member of this group.

  • Reseller OU - Contains all of the Active Directory objects associated with a reseller organization. In this example, the reseller OU is consolidatedmessenger. All reseller OUs are created directly under the hosting OU.

    • _private container - Contains objects that enable MPS to expand Active Directory to greater than 5,000 objects within the reseller OU.

      • AllCustomers@reseller group

      • AllUsers@reseller group

    • User accounts - User accounts in the reseller organization. For example, User1@reseller, User2@reseller, and so on.

    • Groups - Groups in the reseller organization. The preconfigured administration groups are listed next. Groups can also include distribution groups created by administrators and CSRs.

      • Admins@reseller group - The security group for reseller administrators. To make a user account a reseller administrator, you make it a member of this group.

      • CSRAdmins@reseller group - The security group for reseller CSRs. To make a user account a reseller CSR, you make it a member of this group.

    • Customer OU - Contains all of the Active Directory objects associated with a customer organization; for example, contoso. All customer OUs are created directly under a reseller OU.

      • _private container - Contains objects to determine the type of OU, and a collection of objects describing subscribed services for this organization.

        • AllCustomers@Customer1 group or AllCustomers@contoso

        • AllUsers@Customer1 group or AllUsers@contoso

      • User accounts - User accounts in the customer organization. For example, User1@Customer1, User2@Customer1, and so on.

      • Groups - Groups in the customer organization. The preconfigured administration groups are listed next. Groups can also include distribution groups created by administrators and CSRs.

        • Admins@customer group - The security group for organization administrators. To make a user account an organization administrator, you make it a member of this group.

        • CSRAdmins@customer group - The security group for organization CSRs. To make a user account an organization CSR, you make it a member of this group.