Creating and Administering Organizational Units

To create a new OU, the Active Directory Users and Computers console is used. Click on Start. Select Administrative Tools. …and finally, Active Directory Users and Computers.

Use the buttons below to navigate through the lesson

Here the es-net.co.uk domain is displayed. To view the contents of the domain expand es-net.co.uk.  A domain has containers that hold different objects, e.g. The Users container has all the users on the domain. To view the contents of the Users container expand the Users folder.  A list of users and groups on the domain is displayed. To create a new organizational unit, right-click on es-net.co.uk.

Select New……then Organizational Unit. Enter a name for the new OU. Click on OK. OU’s can also be created inside OU’s. To create an OU inside the Managers OU, right-click on Managers. Select New. Select Organizational Unit. Choose a name for the new OU and click OK. The Sales Managers OU can now be seen inside the Managers OU. Any group policies applied at the Sales Managers OU will override any policies applied at the Managers OU level.

Delegating Control

To delegate control of an OU to another user, right-click on the OU. Select Delegate Control. The Delegation of Control Wizard will appear. Click on Next to continue. Click on Add to add a user to whom control will be delegated. Click Advanced to find the required User. In the name box type in an initial or name to find the required User. Next click Find Now to find the required User. Double-click on the “Geoff Prior” user object. Further Users and groups can be added if desired. Click OK to continue. The user Geoff has been selected. Click on Next to continue. From the list, check the relevant checkboxes. Delegation can be configured quite precisely, here. Click on Next to continue. The Summary page will appear. Click on Finish to continue. The User Geoff now has control over any object inside the Managers OU, but he doesn’t have control over other OU’s or objects on the domain.

Placing Objects into OU’s

To move an object into an OU, locate the object. E.g. Click on Users. Right-click on the user object “Mark Heaton”. Select Move. Choose the OU where Mark is to be placed. Expand Office. Highlight Managers. Click on OK to place Mark inside the Managers OU. Any policies that are applied to the Sales Managers OU will be applied to the user Mark Heaton. N.B. This object could be another Organization Unit. OUs can be moved by using the GUI or by using the DSMOVE utility. E.g. you want to move the Managers OU into the office OU…

You would launch a command prompt. And type in the command “dsmove” with the exact location of the OU followed by the –newparent switch followed by the new location. N.B. You cannot type in domain names directory, you have to type in the location as shown above. The above name (distinguished name) is an X500 standard. The OU has now been moved.