Information Technology Reference
In-Depth Information
When naming OUs for your organization, you should keep several considerations and
limitations in mind:
Keep the Names and Descriptions Simple
The purpose of OUs is to make administering
and using resources simple. Therefore, it's always a good idea to keep the names of your
objects simple and descriptive. Sometimes, finding a balance between these two goals can
be a challenge. For example, although a printer name like “The LaserJet located near Bob's
cube” might seem descriptive, it is certainly difficult to type. Also, imagine the naming
changes that you might have to make if Bob moves (or leaves the company)!
Pay Attention to Limitations
The maximum length for the name of an OU is 64 char-
acters. In most cases, this should adequately describe the OU. Remember, the name of
an OU does not have to describe the object uniquely because the OU is generally refer-
enced only as part of the overall hierarchy. For example, you can choose to create an OU
named “IT” within two different parent OUs. Even though the OUs have the same name,
users and administrators are able to distinguish between them based on their complete
pathname.
Pay Attention to the Hierarchical Consistency
The fundamental basis of an OU structure
is its position in a hierarchy. From a design standpoint, this means you cannot have two
OUs with the same name at the same level. However, you can have OUs with the same
name at different levels. For example, you could create an OU named “Corporate” within
the North America OU and another one within the South America OU. This is because the
fully qualified domain name includes information about the hierarchy. When an adminis-
trator tries to access resources in a Corporate OU, they must specify which Corporate OU
they mean.
For example, if you create a North America OU, the Canada OU should logically fit
under it. If you decide that you want to separate the North America and Canada OUs
into completely different containers, then you might want to use other, more appropriate
names. For example, you could change North America to “U.S.” Users and administrators
depend on the hierarchy of OUs within the domain, so make sure that it remains logically
consistent.
Based on these considerations, you should have a good idea of how best to organize the
OU structure for your domain.
Understanding OU Inheritance
When you rearrange OUs within the structure of Active Directory, you can change several
settings. When they are moving and reorganizing OUs, system administrators must pay
careful attention to automatic and unforeseen changes in security permissions and other
configuration options. By default, OUs inherit the permissions of their new parent con-
tainer when they are moved.
By using the built-in tools provided with Windows Server 2012 R2 and Active Direc-
tory, you can move or copy OUs only within the same domain. You cannot use the Active
Search WWH ::
Custom Search