Information Technology Reference
In-Depth Information
An OU contains objects only from within the domain in which it resides. As you'll see in
the section “Delegating Administrative Control” later in this chapter, the OU is the finest
level of granularity used for group policies and other administrative settings.
Benefits of OUs
There are many benefits to using OUs throughout your network environment.
■
OUs are the smallest unit to which you can assign directory permissions.
■
You can easily change the OU structure, and it is more flexible than the domain structure.
■
The OU structure can support many different levels of hierarchy.
■
Child objects can inherit OU settings.
■
You can set Group Policy settings on OUs.
■
You can easily delegate the administration of OUs and the objects within them to the
appropriate users and groups.
Now that you have a good idea of why you should use OUs, take a look at some general
practices you can use to plan the OU structure.
Planning the OU Structure
One of the key benefits of Active Directory is the way in which it can bring organization to
complex network environments. Before you can begin to implement OUs in various con-
figurations, you must plan a structure that is compatible with business and technical needs.
In this section, you'll learn about several factors that you should consider when planning
for the structure of OUs.
Logical Grouping of Resources
The fundamental purpose of using OUs is to group resources (which exist within Active
Directory) hierarchically. Fortunately, hierarchical groups are quite intuitive and widely
used in most businesses. For example, a typical manufacturing business might divide its
various operations into different departments as follows:
■
Sales
■
Marketing
■
Engineering
■
Research and Development
■
Support
■
Information Technology (IT)
Search WWH ::
Custom Search