You want to create an OU.
126.96.36.199 Using a graphical user interface
Open the Active Directory Users and Computers (ADUC) snap-in.
If you need to change domains, right-click on the Active Directory Users and Computers label in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, browse to the parent container of the new OU, right-click on it, and select New Organizational Unit.
Enter the name of the OU and click OK.
To enter a description for the new OU, right-click on the OU in the left pane and select Properties.
Click OK after you are done.
188.8.131.52 Using a command-line interface
> dsadd ou "<OrgUnitDN>" -desc "<Description>"
184.108.40.206 Using VBScript
' This code creates an OU ' ------ SCRIPT CONFIGURATION ------ strOrgUnit = "<OUName>" ' e.g. Tools strOrgUnitParent = "<ParentDN>" ' e.g. ou=Engineering,dc=rallencorp,dc=com strOrgUnitDescr = "<Description>" ' e.g. Tools Users ' ------ END CONFIGURATION --------- set objDomain = GetObject("LDAP://" & strOrgUnitParent) set objOU = objDomain.Create("organizationalUnit", "OU=" & strOrgUnit) objOU.Put "description", strOrgUnitDescr objOU.SetInfo WScript.Echo "Successfully created " & objOU.Name
OUs are used to structure data within Active Directory. Typically, there are four reasons why you would need to create an OU:
- Segregate objects
It is common practice to group related data into an OU. For example, user objects and computer objects are typically stored in separate OUs (in fact, that is the default configuration with Active Directory). One reason for this is to make searching the directory easier.
- Delegate administration
Perhaps the most often used reason for creating an OU is to delegate administration. With OUs you can give a person or group of people rights to do certain functions on objects within the OU.
- Apply a GPO
An OU is the smallest unit that a GPO can be applied to. If you have different types of users within your organization that need to apply different GPOs, the easiest way to set that up is to store the users in different OUs and apply GPOs accordingly.
- Controlling visibility of objects
You can use OUs as a way to restrict what users can see in the directory.
In each solution, the description attribute was set. It is not a mandatory attribute, but it is good practice to set it so that others browsing the directory have a general understanding of the purpose of the OU. Also, consider setting the managedBy attribute to reference a user or group that is the owner of the OU.
5.1.4 See Also
MS KB 308194 (HOW TO: How to Create Organizational Units in a Windows 2000 Domain)