Objects in Active Directory are the building blocks of the network. Typical objects used in Active Directory are users, computers, groups, shared folders, and printers. An OU is a container used to organize the Active Directory objects within a domain into logical administrative groups for purposes such as delegating specific administrative tasks or applying Group Policy. In general, OUs Are independent of the OU structure in other domainseach domain has its own hierarchy. Allow for logically organizing and storing objects within the domain. Are containers within a domain that can house user accounts, groups, computers, printers, applications, file shares, and other OUs from the same domain. Can provide a means for delegating administrative authority. Cannot be made members of security groupsyou cannot grant access because a user belongs to an OU, but must assign a group policy to the OU. There are three primary reasons to have OUs: To allow delegation of administrationTo designate groups of users who have control over users, computers, or other objects in an OU. For application of Group Policies. To restrict visibilityUsers can view only resources to which they have been granted access OUs have the following advantages: Flexibility Users can move between OUs easily, using the move user command in Active Directory Users and Computers. Creating/deleting OUs is easy and straightforward. Administrators can delegate control over network resources and tasks while maintaining the ability to manage them. Similar objects can be grouped for the application of security policies. |