PlayUKlottery.com - win up to 42 million Pounds
Lesson 1: Creating Organizational Units

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 1: Creating Organizational Units

Organizational units (OUs) are objects (containers) that can contain other objects, such as user accounts, groups, computer accounts, and other OUs. OUs cannot contain objects from other domains. OUs can be employed to organize the objects in Active Directory directory services that represent your network resources. Employing OUs to contain and organize the objects in Active Directory directory services is similar to using folders to contain and organize other folders and files.

After this lesson, you will be able to

  • Create organizational units.

  • Move Active Directory objects.

Estimated lesson time: 15 minutes

Hierarchical Structure

OUs can contain other OUs, so you can create a logical hierarchy that represents your company's organizational structure or administrative needs. If you create a hierarchical structure to represent your company's organizational structure, you can base it on your company's departmental or geographical boundaries. For example, if your company has divisions in Brussels, Hong Kong, and New York, you could create a separate OU for each location.

Setting up an OU hierarchy allows you to delegate administrative control over a number of user accounts, groups, or other resources. You delegate administrative control by assigning specific permissions for OUs, and the objects that they contain, to other individuals and groups. By setting up an OU for each division in your company, you could then easily manage and delegate control of each division.

You can also base your OU hierarchy on your company's network administrative model. For example, at your company there might be one administrator who is responsible for all user accounts and a different administrator who is responsible for all printers. In this case, you would create an OU for users and a different OU for printers.

Permissions

You must have Read, List Contents, and Create Organizational Unit Objects permissions on the parent container (domain or OU) to create OUs within that container. List Contents is not specifically required to create an OU, but you cannot view the newly created OU without it. By default, members of the Administrators group have the permissions to create OUs anywhere. To create an OU, you would dothe following:

  1. Open Active Directory Users And Computers from the Administrative Tools menu.

    2. The Active Directory Users And Computers window displays several default containers directly beneath the domain. Users, Computers, and Builtin are containers that are not OUs. Because you cannot create OUs within these containers, or apply Group Policy to them, you should create different OUs to contain your users and computers.

NOTE
You may need to expand your domain, by clicking the plus sign to the left of the domain in the console pane, to see the default containers.

  1. Right-click the container (domain or OU) in which you want to create a new OU.

  2. Point to New, and click Organizational Unit.

  3. Type in the name of the OU, and click OK.

Practice: Creating Organizational Units

In this practice, you will create four OUs: Sales, Administration, Production, and Servers. Later in this chapter you will create four user accounts in the Sales OU, and then you will move two of these user accounts into the Administration OU.

Exercise 1: Creating an Organizational Unit

In this exercise, you will create four organizational units.

  • To create an organizational unit

    1. Log on as Administrator.

    2. Click Start, point to Programs, point to Administrative Tools, and click Active Directory Users And Computers.

    3. In the console tree, right-click domain.com, point to New on the shortcut menu, and then click Organizational Unit.

      4. The New Object - Organizational Unit dialog box appears.

    NOTE
    When you create an OU, the only required information is the name. The dialog box indicates the location where the object will be created.

    1. In the Name box, type Sales, and then click OK.

    2. Repeat steps 3 and 4 to create an Administration OU, a Production OU, and a Servers OU.

    3. Leave the Active Directory Users And Computers window open.

    Lesson Summary

    Organizational units (OUs) can be used to organize the objects in Active Directory directory services that represent your network resources. OUs contain objects, including other OUs, so you can create a logical hierarchy of OUs to represent your company's organizational structure or administrative needs. Setting up an OU hierarchy allows you to delegate administrative control over user accounts, groups, or other resources, by assigning specific permissions for OUs, and the objects that they contain, to other individuals and groups.

    You must have Read, List Contents, and Create Organizational Unit Objects permissions on the parent container (domain or OU) to create OUs within that container. List Contents is not specifically required to create an OU, but you cannot view the newly created OU without it. By default, members of the Administrators group have the permissions to create OUs anywhere.