As of now, I'm looking at using RemoteApps to allow RDP oriented access to applications. I would like the applications presented to users to be based on the users Group membership.
Right now, the org is fairly small, and the directory doesn't even have any OUs(organizational or location). I was wondering where I should put these "Application" groups in the directory. I've thought of creating a group right under the domain (contoso.com) but I would rather seek guidance before mauling the directory structure.
This may be a broad question, so any resources about how to architect app access with AD would also be appreciated.
Any help is greatly appreciated.
Put the groups where ever you want. If you want to put them in the default Users container that's fine. If you want to put them in a new OU that's fine too.
Keep it simple. You can always move them to another location later. There's no need to create a convoluted or overly hierarchical structure. As your needs change you can organize things however it suits your management and organizational needs and preferences.