Create Organizational Units in Active Directory

brian

In this post, we will create organizational units within Active Directory.

This post is part four of a home lab that explains how to use Windows Server and Active Directory. In earlier posts, a Windows server was configured to act as a domain controller (DC) and a DHCP server.

Home Lab Series of Posts

  1. Home Lab Introduction: Windows Server and Active Directory
  2. Install Windows Server 2022 using VMware Workstation
  3. Configure Windows Server 2022
  4. DHCP Server Installation and Configuration
  5. Create Organizational Units in Active Directory
  6. Create Users in Active Directory using PowerShell
  7. Group Policy Management in Active Directory
  8. Join Windows 11 Computer to a Domain

Table of Contents This Post

What are Organizational Units?

In Active Directory the resources for a business can be stored into organizational units (OUs) and containers.

Organizational Units (OUs) are used to group users, computers, and other objects for management and security. Administrators can apply specific group policies and delegate administrative tasks within a domain’s OUs.

Containers do not offer the same features as OUs and are used primarily for administrative convenience. For instance, it is not possible to assign security policies or access rights to a specific container.

In production environments OUs are usually organized around policy boundaries like the branch locations or departments in a business. In this lab we will create a basic OU structure based on branch locations.

Creating Organizational Units

To create the OU structure on the DC, click on the Windows icon on the task bar. In the list of applications on the DC, click on “Windows Administrative Tools” and choose “Active Directory Users and Computers” (ADUC).

In ADUC right click on the root domain (e.g., techwayfarer.com) and choose New > Organizational Unit.

We will first create a parent OU (_Branches) that will contain the organizational structure for the business, rather than placing OUs directly under the root domain.

Note that the option “Protect container from accidental deletion” is selected. If an OU is accidentally deleted, all the objects within the OU will be deleted as well.

Now we can create a branch OU for the business. In the ADUC window click on the root domain to view the current OUs and containers. Right click on the _Branches OU and choose New > Organizational Unit. In the “New Object – Organizational Unit” window enter the branch name (e.g., Kansas City).

Click on the new branch name and add the following OUs under the branch: Users, Computers.

Click on the Users OU and add departments (e.g., IT, Finance, Sales).

Repeat the above steps for a second branch location (e.g., San Diego).

Below is an example of a completed OU structure for our lab.

Conclusion

For now, we are done configuring the organizational units for the lab.

In the next post we will create users in Active Directory using PowerShell.

Next Post >> Create Users in Active Directory using PowerShell

from the blog

Featured posts

About

Brian writes about the various technologies you need to know for a career in IT, cloud, and cybersecurity. Read more about him and his writings.

Contact

Call: 619-331-7744

info@techwayfarer.com

Recent Posts

Categories

Tags

AWS Azure cloud

© 2024 Brian Stephens

Terms of Service

Privacy policy