Example user OUs and GPO enforcement [closed]

active-directory
  • the owner of the org, who needs to have the keys to the kingdom, and primarily the one who will add user accounts going forward (after all is implemented and live)

If he only needs to add and manage users/groups on AD, use delegation to give his account this (and possibly other) rights. See Implementing Active Directory Delegation of Administration. If what he needs are indeed "the keys to the kingdom", no need to create a group, just add him to the Domain Admins built-in group. Other built-in groups (ie Account Operators) may fit your needs.

  • administrator(s), including me, to perform all the tech supp

Again, Domain Admins group is the place. Should you want to secure administrator accounts, follow this guide

  • and any random dept OU based on which I can divide users under marketing, operations, etc

You will mainly need AD groups to enforce GPOs and access rights to shared folders. You should group users depending on those needs. With only 20 users to manage, I wouldn't bother about anything else. Keep it as slim as possible, i.e. create Dept OUs only if you are really going to need them.

Related

choosing network interface based on network purpose [closed]
Which Linux distribution is suitable for serverside development and somewhat easy to use? [closed]
DNS Configuration and Domain Controllers on Home Network [closed]
Adding secondary groups and running processes
MySQL server crashes at least 2 times a week
process user differently using ssh key
How to change name server and have least downtime?
How to prevent a symlink from being removed?
How do I trade in Rimworld?
Is there a price difference between buying and selling through the Captain's Cabin or the shops
Is there a list of which Steam games support Oculus Rift?
Are there different platform materials besides wood?