Like domains, organizational units are areas of organization within the Active Directory.
An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.
Organizational unit','An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.
You can use OUs to group objects into a logical hierarchy to represent:
An organizational structure based on departmental or geographical boundaries or
A network administrative model based on administrative responsibilities
As you can see above, the OU hierarchy within a domain is independent of the OU hierarchy structure of other domains. In other words, each domain can implement its own OU hierarchy.
Delegating control of OUs
If you need to, you can delegate administrative control over the objects within an OU. This is easier if your system follows a single domain model .
To delegate administrative control of an OU, you grant specific permissions for the OU and the objects that it contains to one or more users and groups.
For an OU, there are two kinds of permissions that you can assign-complete control and limited control. The images below will show you why you might choose one form over the other.
As you will come to realize, these permissions options are very useful. In the next lesson, you will learn about trees and forests in detail.