Network Administration: Active Directory Organization Units - dummies

Network Administration: Active Directory Organization Units

Within Active Directory, organizational units (OU) can simplify the task of managing large domains by dividing users, groups, and other objects into manageable collections. By default, Active Directory domains include several useful OUs. For example, the Domain Controllers OU contains all of the domain controllers for the domain.

If you want to create additional organizational units to help manage a domain, follow these steps:

  1. Choose Start→Administrative Tools→Active Directory Users and Computers.

    The Active Directory Users and Computers console appears, as shown below.


  2. Right-click the domain you want to add the OU to and choose New→Organizational Unit.

    The New Object — Organizational Unit dialog box appears, as shown below.


  3. Type a name for the new organization unit.

  4. Click OK.

    You’re done!

Here are just a few more thoughts about OUs to ponder as you drift off to sleep:

  • You can delegate administrative authority for an OU to another user by right-clicking the OU and choosing Select Delegate Control. Then you can select the user or group that will have administrative authority over the OU. You can also choose which administrative tasks will be assigned to the selected user or group.

  • Remember that OUs are not the same as groups. Groups are security principals, which means that you can assign them rights. Then, when you assign a user to a group, the user is given the rights of the group. In contrast, an OU is merely an administrative tool that lets you control how user and group accounts are managed.

  • For more information about how to create user and group accounts as well as other Active Directory objects, turn to the next chapter.