Creating an OU Structure

Published: 06th August 2010
Views: N/A

Each domain can implement its own OU hierarchy. If your enterprise contains several domains, you can create OU structures within each domain, independent of the structures in the other domains. This lesson walks you through the steps for creating an OU structure.
After this lesson, you will be able to
Create OUs Estimated lesson time: 15 minutes
Creating OUs
Use the Active Directory Users And Computers console to create OUs. To create OUs, complete the following steps:
1. Click Start, point to Administrative Tools, and then click Active Directory Users
And Computers.
2. Right-click the location where you want to create this OU, which can be either a
domain or another OU, point to New, and then click Organizational Unit.
3. In the New Object-Organizational Unit dialog box, shown in Figure 6-5, type the
name of the new OU in the Name box, and then click OK.

Off the record You can also use scripts to create, delete, and manage OUs. You can
review some sample scripts for doing so on the Supplemental CD-ROM in the 70-294Labs Chapter OB folder. The CreateLabsOU.vbs script will create an OU named Labs in the con-toso.com domain. The ViewDCMembers.vbs script lists the members of the Domain Controllers OU. Members of that OU are the Serverl and Server2 computer accounts. The DeleteLabsOU.vbs script removes the Labs OU from the contoso.com domain. To view the contents of any script, right-click the script and then click Edit. MCSA

Use the Active Directory Users And Computers console and the Security tab in the Properties dialog box for the OU to create OUs for the purpose of hiding objects. Only users who can modify the ACL on an OU are able to hide objects using this procedure.
To create an OU to hide objects, complete the following steps:
1. Create the OU where you will hide objects, as described in "Creating OUs."
2. Right-click the OU and select Properties.
3. In the Properties dialog box for the OU, click the Security tab.
To view the Security tab in the Properties dialog box for an OU, you must select Advanced Features from the View menu on the Active Directory Users And Computers console.
4. In the Properties dialog box Security tab, shown in Figure 6-6, remove all existing
permissions from the OU. Click Advanced.
5.In the Advanced Security Settings dialog box for the OU, clear the Allow Inheritable Permissions From The Parent To Propagate To This Object And All Child
Objects check box.
6. In the Security message box, click Remove. Click OK.
7. In the Properties dialog box Security tab, identify the groups that you want to have
full control on the OU. Grant those groups full control.
8. Identify the groups that should have generic read access on the OU and its conĀ¬
tents. Grant those groups read access.
9. Identify any other groups that might need specific access, such as the right to create or delete a particular class of objects, on the OU. Grant those groups the specific access. Click OK.
10. Move the objects you want to hide into the OU.
in this practice, you create the OU structure for the contoso.com domain. Exercise 1: Planning an OU Structure. MCSA Exam

In this exercise, you plan an OU structure for Contoso Pharmaceuticals.
Contoso Pharmaceuticals has four locations: Chicago, Kansas City, St. Paul, and Columbus. The organization is divided into two regions, East and West, with Chicago and Columbus in the East region and Kansas City and St. Paul in the West region. The company has one domain, contoso.com. Some administrative decisions are handled by the IT department in each location, and each IT department reports to its regional IT department, which handles larger administrative decisions. Map the OU hierarchy for contoso.com.
Your map should be similar to Figure 6-1.





Report this article Ask About This Article


Loading...
More to Explore