How to Create and Manage Organizational Units in Server 2022

Posted on 17th June 2023

How to Create and Manage Organizational Units in Server 2012

In Server 2012, organizational units (OUs) provide a structure for grouping objects in Active Directory Domain Services (AD DS). You can use OUs to delegate the administration of objects, to apply Group Policy objects (GPOs), and to control the placement of objects in the directory hierarchy. This article describes how to create and manage OUs in Server 2012.

When you create an OU, you can specify the following settings:

The name of the OU.

A description of the OU.

The location of the OU in the directory hierarchy.

The security settings for the OU.

The following procedure describes how to create an OU.

To create an OU

Open the Active Directory Users and Computers snap-in. To open the snap-in, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

In the console tree, right-click the domain, and then click New Organizational Unit.

In the New Object – Organizational Unit dialog box, type a name for the OU in the Name text box, and then click OK.

After you create an OU, you can move objects into the OU and delegate the administration of the OU.

To move an object into an OU

Open the Active Directory Users and Computers snap-in. To open the snap-in, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

In the console tree, click the OU that you want to move the object into.

On the Action menu, click Move.

In the Move dialog box, click the object that you want to move, and then click OK.

To delegate the administration of an OU

Open the Active Directory Users and Computers snap-in. To open the snap-in, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

In the console tree, click the OU that you want to delegate the administration of.

On the Action menu, click Delegate Control.

In the Delegation of Control Wizard, click Next.

On the Users or Groups page, click Add.

In the Select Users or Groups dialog box, type the name of the user or group that you want to delegate control to, and then click OK.

On the Tasks to Delegate page, select the Create, delete, and manage user accounts check box, and then click Next.

On the Completing the Delegation of Control Wizard page, click Finish.

Introduction

An organizational unit (OU) is a logical container within Active Directory Domain Services (AD DS) into which you can place users, groups, computers, and other OUs. By creating OUs and delegating administrative control over those OUs, you can create a hierarchical structure that meets the administrative requirements of your organization.

Creating an OU

You can use the Active Directory Users and Computers snap-in to create an OU. To do this, follow these steps:

  1. Open the Active Directory Users and Computers snap-in.
  2. Click the domain for which you want to create an OU.
  3. On the Action menu, click New, and then click Organizational Unit.
  4. In the New Object-Organizational Unit dialog box, type the name of the new OU in the Name text box, and then click OK.

Delegating Control of an OU

After you have created an OU, you can delegate control over that OU to other users or groups. To do this, follow these steps:

  1. Open the Active Directory Users and Computers snap-in.
  2. Click the OU over which you want to delegate control.
  3. On the Action menu, click Delegate Control.
  4. In the Delegation of Control Wizard, click Next.
  5. On the Users or Groups page, click Add.
  6. In the Select Users or Groups dialog box, type the name of the user or group to whom you want to delegate control, and then click OK.
  7. In the Tasks to Delegate page, select the Create a custom task to delegate check box, and then click Next.
  8. On the Active Directory Object Type page, click Next.
  9. On the Permissions page, select the desired permissions, and then click Next.
  10. On the Completing the Delegation of Control Wizard page, review your selections, and then click Finish.

Modifying an OU

You can use the Active Directory Users and Computers snap-in to modify the properties of an OU. To do this, follow these steps:

  1. Open the Active Directory Users and Computers snap-in.
  2. Click the OU that you want to modify.
  3. On the Action menu, click Properties.
  4. Modify the properties of the OU as desired, and then click OK.

Moving an OU

You can use the Active Directory Users and Computers snap-in to move an OU. To do this, follow these steps:

  1. Open the Active Directory Users and Computers snap-in.
  2. Click the OU that you want to move.
  3. On the Action menu, click Move.
  4. In the Move dialog box, click the location to which you want to move the OU, and then click OK.

Deleting an OU

You can use the Active Directory Users and Computers snap-in to delete an OU. To do this, follow these steps:

  1. Open the Active Directory Users and Computers snap-in.
  2. Click the OU that you want to delete.
  3. On the Action menu, click Delete.
  4. In the Confirm Object Deletion dialog box, click Yes.

When creating an organizational unit, you can specify the parent OU. By default, the new OU will inherit the security settings of its parent OU. You can also specify whether the OU should be protected from accidental deletion.

To create an OU:

1. In Server Manager, click Tools, and then click Active Directory Users and Computers.
2. In the console tree, expand the domain.
3. Right-click the domain, and then click New, Organizational Unit.
4. In the New Object – Organizational Unit dialog box, type a name for the OU.
5. Under Protection from accidental deletion, click Continue.
6. In the Location dialog box, click the OU in which you want to create the new OU, and then click OK.
7. In the New Object – Organizational Unit dialog box, click Finish.

To set the security settings for an OU:

1. In Server Manager, click Tools, and then click Active Directory Users and Computers.
2. In the console tree, expand the domain.
3. Expand the OU in which you want to set the security settings.
4. Right-click the OU, and then click Properties.
5. Click the Security tab.
6. To set the security settings, click Advanced, and then use the Permissions tab.

To delete an OU:

1. In Server Manager, click Tools, and then click Active Directory Users and Computers.
2. In the console tree, expand the domain.
3. Expand the OU that you want to delete.
4. Right-click the OU, and then click Delete.
5. In the Confirm Object Deletion dialog box, click Yes.