In this post, we will create organizational units within Active Directory. This post is part five of a home lab that explains how to use Windows Server and Active Directory.
Home Lab Series of Posts
- Home Lab Introduction: Windows Server and Active Directory
- Install Windows Server 2022 using VMware Workstation
- Configure Windows Server 2022
- DHCP Server Installation and Configuration
- Create Organizational Units in Active Directory
- Create Users in Active Directory using PowerShell
- Group Policy Management in Active Directory
- Join Windows 11 Computer to a Domain
Table of Contents This Post
What are Organizational Units?
In Active Directory (AD) an organization unit (OU) is a container object used to logically group and manage other objects in a Windows domain such as users, groups, and computers. An OU can be placed inside another OU, much like the folder structure within Windows.
In AD the resources for a business can be stored in OUs and containers. Containers do not offer the same features as OUs and are used primarily for administrative convenience. For instance, it is not possible to assign security policies or access rights to a specific container.
In production environments OUs are usually organized around policy boundaries like the branch locations or departments in a business. Administrators can delegate permissions and apply Group Policy Objects (GPOs) to associated users or computers without affecting the entire domain.
The primary purposes of OUs are as follows:
- Logically organize related objects (users, computers, groups) for easier management.
- Delegate administration rights of an OU to specific users or groups.
- Apply GPOs to the specific users or computers within an OU.
- Place users, servers, and service accounts in separate OUs for easier management of AD.
Creating Organizational Units
To create an OU structure in AD, click on the Windows icon on the task bar. In the list of applications on the DC, click on “Windows Administrative Tools” and choose “Active Directory Users and Computers” (ADUC).
In ADUC right click on the root domain (e.g., techwayfarer.com) and choose New > Organizational Unit.
We will first create a parent OU (_Branches) that will contain the organizational structure for the business, rather than placing OUs directly under the root domain.
Note that the option “Protect container from accidental deletion” is selected. If an OU is accidentally deleted, all the objects within the OU will be deleted as well.
Now we can create a branch OU for the business. In the ADUC window click on the root domain to view the current OUs and containers. Right click on the _Branches OU and choose New > Organizational Unit. In the “New Object – Organizational Unit” window enter a branch name (e.g., Kansas City).
Right click on the new branch name and add the following OUs under the branch: Users, Computers.
Right click on the Users OU and add departments (e.g., IT, Finance, Sales).
Repeat the above steps for a second branch location (e.g., San Diego).
Below is an example of a completed OU structure for our lab.
Conclusion
For now, we are done configuring the organizational units for the lab.
In the next post we will create users in Active Directory using PowerShell.
Next Post >> Create Users in Active Directory using PowerShell
