Distributed Networks Distributed Networks




Active Directory  «Prev  Next»
Lesson 7 Organizational units
Objective Define an organizational unit.

Active Directory Organizational Units

Like domains, organizational units are areas of organization within the Active Directory.

An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.
Organizational unit','An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.

This is an organizational unit.
This is an organizational unit

You can use OUs to group objects into a logical hierarchy to represent:
  1. An organizational structure based on departmental or geographical boundaries or
  2. A network administrative model based on administrative responsibilities

As you can see above, the OU hierarchy within a domain is independent of the OU hierarchy structure of other domains. In other words, each domain can implement its own OU hierarchy.


Delegating control of OUs

If you need to, you can delegate administrative control over the objects within an OU. This is easier if your system follows a single domain model .
To delegate administrative control of an OU, you grant specific permissions for the OU and the objects that it contains to one or more users and groups.
For an OU, there are two kinds of permissions that you can assign-complete control and limited control. The images below will show you why you might choose one form over the other.

This shows complete permissions.
This shows complete permissions

This shows limited permissions.
This shows limited permissions
As you will come to realize, these permissions options are very useful.
In the next lesson, you will learn about trees and forests in detail.