Organizational Unit introduction
Organizational unit is part of domain Physical structure [subdivision] ,which is used to organize Active Directory Object [users , computer , Group , Printer ,,,etc. ] rather than to place all of it in one container
Normally when computer join Active Directory ; it will be placed in container called [ computers]
Also when create users and group , it will be placed in container called [users ]
Now Organizational Unit [referred to OU] provide us with method to organize our objects as per structure
You may ask question : is that every thing ? OU like a folder ?
Absolutely NO
OU also used to assign GPO [ Group Policy Object ] , which will be fully discussed later
Regarding GPO : some built-in OU can’t applied Policy GPO : so we call it just a container
More over : OU also used for delegation à which assign some administrative rights [NOT all rights ] to pacific users on specific OU [NOT whole Active Directory ]
OU vs Group
When talking about OU: the first question will come to place is what the deference between OU and group ? And when to use each one of them ?
The first point that user can be only member of ONE OU [yes ONE NO less NO more ] while the same user could be member of many groups
The second thing that when delete group : the user will NOT be deleted since group is NO more than logical list
But when delete OU : then ALL object inside OU will be deleted like we delete folder with ALL it’s files and sub folders
for that reason Microsoft make extra protection that you can’t delete OU until remove protection on OU
The third point that Group is used for two purpose [assign permissions and send emails ]
While OU used to organizational structure beside of GPO and delegation
Since OU is treated as physical structure of Active Directory: Microsoft add extra protection so OU can’t be deleted until remove protection
Create OU
To create OU :
- Open either [Active Directory users and computers ] or [active directory administrative center ]
- Select domain [in our case Pioneers.lab ] or any organizational unit [OU] that you would like to create OU then new OU
- Please note that we can’t create OU inside container [users] specifically
- but OU could have sub OU [Nested OU]
Delete OU
Deleting OU is critical action which will delete ALL objects inside [users , computers , group , or even sub OU]
So Microsoft provide some protection over deleting OU
So to delete OU
Recover deleted OU
To recover deleted OU [or any deleted object in active directory ] à we can use one of the following method :
· Recycle bin [disabled by default ]
· Ldp.exe
· Power shell
All of above method will be discussed later in separate article
