A particularly useful type of directory object that is contained within domains is the organizational unit (OU). OUs are Active Directory containers into which you can place users, groups, computers, and other OUs. An OU cannot contain objects from other domains.

An OU is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. Using OUs, you can create containers within a domain that represent the hierarchical, logical structures in your organization. You can then manage the configuration and use of accounts and resources based on your organizational model.

OUs can contain other OUs. You can extend a hierarchy of OUs as necessary to model your organization's hierarchy within a domain. Using OUs helps you minimize the number of domains that are required for your network.

You can use OUs to create an administrative model that you can scale to any size. A user can have administrative authority for all OUs in a domain or for a single OU. An administrator of an OU does not have to have administrative authority for any other OUs in the domain.

Additional references


Table Of Contents