Information Technology Reference
In-Depth Information
Schema classes
Active Directory objects
Schema attributes
Computer account object
Domain controller object
Group object
User account object
OU object
Domain object
.
.
.
Computer name
DNS name
Description
.
.
Computer account
User logon name
First name
Last name
Password
.
.
.
User account
Figure 3-6
Schema classes, schema attributes, and Active Directory objects
Site
Folder
Organizational
unit (OU)
Domain
Computer
Group
User
Figure 3-7
Icons in Active Directory Users and Computers
A container object, as the name implies, contains other objects. Container objects are used to
organize and manage users and resources in a network. They can also act as administrative and
security boundaries or a way to group objects for applying policies. Three container objects,
explained in the following sections, are used in Active Directory Users and Computers: OU,
folder, and domain.
Organizational Units
An OU is the primary container object for organizing and manag-
ing resources in a domain. Administrators can use OUs to organize objects into logical adminis-
trative groups, which makes it possible to apply policies to the OU that affect all objects in it.
For example, you could apply a policy that prohibits access to Control Panel for all users in that
OU. In addition, you can delegate administrative authority for an OU to a user, thereby allow-
ing that user to manage objects in the OU without giving the user wider authority. Object types
typically found in an OU include user accounts, group accounts, computer accounts, shared fold-
ers, shared printers, published applications, and other OUs. By nesting OUs, administrators can
build a hierarchical Active Directory structure that mimics the corporate structure for easier
object management.
In Active Directory Users and Computers, an OU is represented by a folder with a book
inside, as shown previously in Figure 3-7. When Active Directory is first installed, a single OU
called Domain Controllers is created and contains a computer object representing the domain
controller. When a new DC is installed in the domain, a new computer object representing it
is placed in the Domain Controllers OU by default. A GPO is linked to the Domain
Controllers OU and can be used to set security and administrative policies that apply to all
DCs in the domain.
Search WWH ::
Custom Search