Importance of OU in Active directory

[Srinivas Acharya]

Hi All,
Could any body of you please tell me what is the importance
of OU in active directory. How it is going to help in
easing the administration. If you give some practical
examples, it helps me lot.


Regards,
Srinivas Acharya

 

[Simon Geary]

There are two main reasons for creating OU's: For delegation of
administration and application of Group Policy.

Say you have three offices in your company, Office1, Office2 and Office3.
You work at Office1 and are the domain admin but you don't have time to
create new user accounts at the other two offices. If you have separate OU's
containing the respective users for each office you can delegate the right
to create users for someone in each office. So the admin in Office2 can
create accounts in Office2, but not in offices 1 or 3.

 

[Tomasz Onyszko]

Hi All,
Could any body of you please tell me what is the importance
of OU in active directory. How it is going to help in
easing the administration. If you give some practical
examples, it helps me lot.

You can treat OU as a box in which You can keep objects and other boxes.
In this Ou you can group objects (like users and computers) with
similiar needs in term of configuration. When You group this similiar"
objects You can create settings template (GPO) which will be applied to
all this objects grouped into the OU.

 

[Jimmy Andersson [MVP]]

To add to the excellent answers from Simon and Tomasz.

Let's say you got a bunch of servers like Exchange, SQL, IIS etc... If you
create OU's for each type of server (messaging, database and so forth) you
can set a GPO with security settings and other configurations on each OU and
if you need to add another server, for instance SQL, you install the server
and then drag it to the database OU and it will automatically get all
settings that it should have.
This is one really good reason besides user administration that will save
you a lot of time in the long run.

Remember to design your OU structure to ease your administration tasks.

Regards,
/Jimmy

 

[Srinivas Acharya]

Hi,
What are the other responsibilities that can be delegated?.
I am at office1 and I want some body to administer all the
PCs without being in the domain admins group and local
admins group. Can I delegate these admin previleges at the
OU level?.

Regards,
Srinivas Acharya

 

[ptwilliams]

You could either delegate lots of control, or you could probably use the
Restricted Groups feature to add a group to the local admins or local power
users groups of the PCs in that OU.

(I can't remember if this is only a global setting - I don't think it is)

Or, if there are few machines per OU, you could manually add a domain group
to the local admins on the current machines and incorporate that into the
standard image for future machines.

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Hi,
What are the other responsibilities that can be delegated?.
I am at office1 and I want some body to administer all the
PCs without being in the domain admins group and local
admins group. Can I delegate these admin previleges at the
OU level?.

Regards,
Srinivas Acharya

 

[Srinivas Acharya]

Hi,
I thank you for replying. I think you didn't get my
question. I create OU at the DC and add so many PCs and
delegate the control to one person who is not in local
admin group and he is also not a member of domain admins
group. I just wanted to know whether he can administer
those PCs???



Regards,
Srinivas Acharya

 

[Shenan Stanley]

I thank you for replying. I think you didn't get my
question. I create OU at the DC and add so many PCs and
delegate the control to one person who is not in local
admin group and he is also not a member of domain admins
group. I just wanted to know whether he can administer
those PCs???

Yes - if you set the permissions on the OU and his group membership
correctly.