Setting Up Organizational Units in Active Directory

Now that we have setup active directory on our Windows Server 2003 VM machine is time to do some customization on our active directory OU structure. Each admin customize active directory according to his organization need; so, feel free to add whatever you think is necessary to your active directory, after all, this is a testing server right!

Read about our last post on this series ” Windows 2003 Active Directory Setup:dcpromo

According to Microsoft, organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. OU are the smallest units to which you can assign group policy settings, or delegate administrative authority. This concept is derived from the Lightweight Directory Access Protocol (LDAP) standard which active directory was built upon.

As soon as you open Active Directory Users and Computers, you will notice some default folders, users, computers, etc :

Active Directory Users and Computers

Technically the default folders are not Organizational Units, rather they are defined as container class objects, and they do not behave the same way organizational units do, so if you want to setup functions such as group policies it is recommended to move users to an organizational unit structure.

The Organization Unit structure we will setup will be:

  • Computers
  • Distribution Groups ( for Exchange Users)
  • Security Groups
  • Servers
  • Domain Users
  • Special Accounts

Creating an Organizational Unit Folder is simple, just right click on the domain name and go to New then select Organization Unit:

Creating Organization units folders

The Organization unit creation window will pop-up:

New Object-Organization units

Type the name of the organization unit you want to create, and click OK.  Now the folder should show up on your Active Directory Users and Computer structure.

Leave a Reply