In this Blogs, We will discuss about what is Active Directory Organizational Unit and how to create Active Directory Organizational Unit.
What is OU(Organizational Unit)?
An OU is the smallest container Object that represents a logical grouping of resources that have similar security or Administrative guidelines.
The main benefits of OU are Delegation of control and applying separately security policy on Different OUs.
If any OU you want to apply Group policy separately from Delegation of control you can apply separately policy to each OU.
What is Delegation of control ?
Delegation of control is a feature of Active Directory objects that grant users to given permissions of Active Directory objects. Like Users, Groups, OU, etc.
Delegation of Control some common following task-
- Create, manage, and, delete user accounts.
- Reset User passwords and force password change at next login.
- Read all user information.
- Modify a membership of the group.
- Manage Group Policy Links.
- Generate a resultant set of policy(Planning).
- Generate a resultant set of policy(Logging).
- Manage Group Policy Link.
- Create, Delete, and manage InetOrgPerson accounts.
- Read all InetOrgPerson information.
How to create an Active Directory Organizational Unit
Table of Contents
- Open Active Directory Users and Computers from Dashboard.
2. Select the Domain< Right click on Domain< New< and Select Organizational Unit.
3. Now, Type OU name and Click on OK.
How to create an Active Directory Organizational Unit using Powershell
For creating OU from power powershell you need to used console utility dsadd.
Example- dsadd ou “ou=IT,dc=conceptsall,dc=com”
On the above example, you can see that dsadd is console utility and OU name is IT and the Domain name is conceptsall.com
For CMDlet command you can easily create the OU.
Example-
New-ADOrganizationalUnit -Name “Development”
If you want to add OU in existing container you need to used following command-
New-ADOrganizationalUnit -Name Hardware -Path “OU=IT,DC=Conceptsall,DC=com” -Description “Delhi city” –PassThru
How to manage Active Directory Organizational Unit using Powershell
You can managed your OU using Powershell like rename, Modify, delete etc. If you want to rename OU you need to used following commands-
Rename-ADObject -Identity “OU=IT,DC=conceptsall,DC=COM” -NewName EDP
If you want to remove any OU, you need to used following commands-
Get-ADOrganizationalUnit -filter “Name -eq ‘HR'”| Remove-ADOrganizationalUnit
if you want to move several users from text file you need to follow following commands-
$computers = Get-Content C:\PS\MoveComputerListnew.txt
$TargetOU = “OU=Computers,OU=IT,OU=HR,DC=conceptsall,DC=com”
ForEach($computer in $computers){
Get-ADComputer $computer | Move-ADObject -TargetPath $TargetOU
}
How to Delegate Active Directory permissions to Organizational Unit
- Select the OU, right click and select delegate Control.
- Click on Next.
3. Now, Select users and groups-
Add and next.
4. Now select Task to Delegate that you required.
and Click on Next.
5. You read information and click on
Finish.
Thanks For Reading
You may also read-
Good👍
Nice…
Thnx to share this
good very helpful.
IT’S REALLY HELPFUL
thanks bhai