UEU-co logo


Previous Page Next Page

Using Organizational Units

Hour 8, “Understanding and Configuring Active Directory Domain Service,” covered the logical hierarchy provided by Active Directory Domain Services when working in networking environments that embrace multiple domains in trees or forests. You can actually add additional compartmentalization to your Windows Server 2008 domains using Organizational Units. An Organizational Unit (OU) is an Active Directory object that serves as a domain container. This container can be used to hold users, groups, computers, and other OUs.

OUs basically provide a container environment that enables you to refine the logical grouping of Active Directory objects (such as users or groups) within the domain. You can apply Group Policy settings to OUs, enabling you to refine policies and security settings at a level below the domain level. OUs provide you with a domain container that can be used to mimic the hierarchical structure of your business. For example, within the domain, you could create an OU for each company department, such as Accounting, Receiving, and so on. Policies and security settings could then be applied on the OU level. This also provides you with a way to logically group employees (at a higher level than with actual groups).

Creating OUs is very straightforward:

1. In the Active Directory Users and Computers snap-in with the Active Directory Users and Computers node expanded. Right-click on your domain node (the icon named for your domain). Then point at New on the shortcut menu and select Organizational Unit. The New Object – Organizational Unit dialog box opens (see Figure 9.6).

Figure 9.6. Create an Organizational Unit.

2. Supply a name for the OU and then click OK. The new OU appears in the snap-in tree.

Did you Know?

You can also create OUs inside other OUs. Right-click the OU in the Active Directory Users and Computers tree, point at New on the shortcut menu, and then select Organizational Unit. Create the new OU as you would a new OU that lives at the domain level (such as one created in the steps in this section).

3. To add users, groups, or other Active Directory objects to the OU, drag the items from their current location (such as the Users node). Remember that you can select and drag multiple items from one location to another (use Ctrl+click for objects that are not adjacent). A mouse click and then Shift+click allows you to select a series of adjacent objects.

4. You also control the properties associated with an OU. OU properties include information such as the OU’s location, description, and group policies that have been set for the OU. To open the Properties dialog box for an OU, right-click the OU and then click Properties. The Properties dialog box opens (see Figure 9.7).

Figure 9.7. The OU’s Properties dialog box.

The OU’s Properties dialog box includes three tabs:

When you have completed setting the properties for the OU, click OK. You are returned to the Active Directory Users and Computers snap-in.

By the Way

You can also view additional tabs on the OU Properties dialog box. Select the View menu and then Advanced Features. Three additional tabs, Object, Security and Attribute Editor, are provided. The Security tab can be used to step through the permissions for the OU. Use the Security permissions only if you want to set specific permissions for another user or group.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_now Pepperstone Group Limited