Creating an OU Structure
- The Active Directory Users and Computers console is used to create an OU. We can create an OU within a domain OU within another OU.
- If our enterprise contains several domains, we can create OU structure within each domain, independent of the structures in the other domains.
Steps
Involved
1.
Click Start, point to
Administrative Tools, and then click Active Directory Users And Computers.
2.
Right-click the location where you
want to create this OU, which can be either a domain or another OU, point to
New, and then click Organizational Unit.
3. In the New Object–Organizational Unit
dialog box, shown in Figure, type the
name
of the new OU in the Name box, and then click OK.
Creating OUs to Hide Objects
1.
Create the OU where you will hide
objects, as described in “Creating OUs.”
2.
Right-click the OU and select
Properties.
3.
In the Properties dialog box for
the OU, click the Security tab.
4.
In the Properties dialog box
Security tab, shown in Figure 6-6, remove all existing permissions from the OU.
Click Advanced.
5.
In the Advanced Security Settings
dialog box for the OU, clear the Allow Inheritable Permissions From The Parent
To Propagate To This Object And All Child Objects check box.
6.
In the Security message box, click
Remove. Click OK.
7.
In the Properties dialog box
Security tab, identify the groups that you want to have full control on the OU.
Grant those groups full control.
8. Identify the groups that should have
generic read access on the OU and its contents. Grant those groups read access.
9.
Identify any other groups that
might need specific access, such as the right to create or delete a particular
class of objects, on the OU. Grant those groups the specific access. Click OK.
10.
Move the objects you want to hide
into the OU.
No comments:
Post a Comment