Tuesday, February 28, 2012

WD Lesson - 24

Understanding OUs

OU stands for organizational unit (OU). OUs are the containers used for organizing objects into logical administrative groups.
            The Domain Controllers OU is created by default when Active Directory is installed. Addition of one OU to another in a hierarchy is known as nesting of OUs.

Reasons for defining an OU
There are three reasons for defining an OU:
To delegate administration
To administer Group Policy
To hide objects


  1. To delegate administration
The primary reason for defining an OU is to delegate administration. Delegating
administration is the assignment of information technology (IT) management responsibility for a portion of the namespace.
            In the Windows Server 2003 operating system, we can delegate administration for the contents of an OU  specific permissions.

  1. Administration of group policy
Group policy refers to a collection of user and computer configuration settings that can be linked to specify the behaviour of user’s desktops.
            To create a specific configuration for a group of users, we create GPOs to link with OUs that can be applied to user or computers in the OU.

  1. Hiding Directory Objects
Our organization might require that certain domain objects such as obects within an OU or OU itself be hidden from certain users.
            We can hide object in a domain by creating an OU for the users and compiling a set of users who have the list contents permission for that OU.


OU Hierarchy Models for Delegation of Administration
Once we determine the OUs needed for our organization, we can add OUs to other
OUs to form a hierarchy of administrative control.

There are four OU hierarchy models for delegation:
  1. Location hierarchy
  2. Business function hierarchy
  3. Object type hierarchy
  4. Combination hierarchy

i.                    Location hierarchy
This structure is used if administration within a domain is handled by location, as shown below:


ii.                  Business function
This structure is used if the administration within a domain is handled by business function, as shown below:

iii.                Object type hierarchy
This structure might is used if the administration within a domain is handled by the types of objects being managed, as shown below:


iv.                Combination hierarchy
This structure is used if the administration within a domain is
handled by  combinations of the above models, as shown below:


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)