Creating Organizational Units

The simplest way to add a new organizational unit container is to use the Active Directory Users and Computers MMC snap-in. This method was demonstrated in Chapter 8. Let's take a look at how the same task can be achieved using command line:

dsadd ou ou=Queensland,dc=flexecom,dc=local dsadd ou ou=Ontario,dc=flexecom,dc=local

These two commands create Queensland and Ontario organizational units at the top of the OU structure in the flexecom.local domain.

dsrm ou=TestOU,dc=flexecom,dc=local -subtree

This command will remove TestOU from the structure, including all subcontainers.

n t h Note that you will not be able to create new containers in most of the built-in

(jo b containers. If you take a look at an OU structure using ADSIedit.msc, you will see that there is a difference between built-in containers and organizational units; built-in containers bear cn= in the name, whereas OUs start with ou=.

Once the organizational unit structure has been put in place, you can use the OU property page to assign attribute values and manage security. Figure 9-1 shows the General tab of the property pages. Windows Server 2003 administrators will note that there is no Group Policy tab, and that has to do with the fact that Group Policy Management (GPMC console) is now an integral part of AD DS and all GPO management tasks have been taken out of dsa.msc (although you can still link GPO objects via the Attribute Editor tab, by modifying gPlink value; but this is way too inefficient).

Built-in Domain Containers

When you create a domain, it is automatically populated with a few containers (all of which you can see by switching on the Advanced Features in the ADUC View menu):

■ Builtin All built-in groups and users go in this container.

■ Computers By default, all domain computers that are not maintaining the infrastructure (they are not domain controllers) are added here.


Managing OU properties

■ Domain Controllers This container holds all domain controller objects.

■ Users When you create a new user or group, Users is the default container for these objects.

■ LostAndFound This container holds orphaned objects. It is conceivable, although unlikely, that a new object could be added to a container that is being removed from the system on another domain controller. This object will be placed into the LostAndFound container when the deleted container state finally gets across to all of the domain controllers.

■ System This contains domain settings and configuration of some infrastructure services such as Active Directory-integrated DNS, domain DFS, and FRS.

■ Program Data This container is used by default for application partition information storage.

■ NTDS Quotas and ForeignSecurityPrincipals These two containers store quota specifications and SIDs associated with external trust links, respectively.

These containers cannot be used as firstlevel containers in your custom OU structure, and generally it is not recommended to expose them through the use of the Advanced Features option.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


  • Gabriele
    What is the program data container in active directory?
    9 years ago
  • alan sinclair
    How to manage win server 2003 organisation unit?
    9 years ago
  • Sandra
    How to create organizational units from command line in windows 2008 server?
    9 years ago
  • tiegan
    How to structure object containers in server 2008 active directory?
    9 years ago
    How to create an organizational unit in windows 2008?
    5 months ago

Post a comment