Information Technology Reference
In-Depth Information
An
organizational unit (OU)
is an Active Directory container used to organize a network's
users and resources into logical administrative units. An OU contains Active Directory objects,
such as user accounts, groups, computer accounts, printers, shared folders, applications, servers,
and domain controllers. The OU structure often mimics a company's internal administrative
structure, although this structure isn't required. For example, a corporation might create an OU
for each department, but an educational institution might create separate OUs for students, fac-
ulty, and administration or for campus sites. You can use a combination of structures, too,
because OUs can be nested as many levels as necessary. Besides being an organizational tool,
OUs can represent policy boundaries, in which different sets of policies can be applied to objects
in different OUs. Figure 3-1 depicts OUs and the types of objects in them.
Sales-Group
Mkt-Group
Kerri
Computer3
Scott
Computer1
Bruce
Amy
Computer2
Computer4
LaserPrinter1
Color Printer
Mkt-Server1
Sales-Server1
Marketing OU
Sales OU
Figure 3-1
Active Directory organizational units
A
domain
is Active Directory's core structural unit. It contains OUs and represents admin-
istrative, security, and policy boundaries. A small to medium company usually has one domain
with a single administrative group. However, a large company or a company with several loca-
tions might benefit from having multiple domains to separate administration or accommodate
widely differing network policies. For example, a company with major branches in the United
States and Europe might want to divide administrative responsibilities into domains based on
location, such as US.coolgadgets.com and UK.coolgadgets.com domains, each with a separate
administrative group and set of policies. This arrangement addresses possible language and cul-
tural barriers and takes advantage of the benefit of proximity. Figure 3-2 shows the relationship
between domains and OUs.
An Active Directory
tree
is less a container than it is simply a grouping of domains that share
a common naming structure. A tree consists of a parent domain and possibly one or more child
domains that have the same second-level and top-level domain names as the parent domain. For
example, US.coolgadgets.com and UK.coolgadgets.com are both child domains of the parent
domain coolgadgets.com. Furthermore, child domains can have child domains, as in
phoenix.US.coolgadgets.com. Figure 3-3 depicts domains in an Active Directory tree.
Search WWH ::
Custom Search