Today, in this Article you will learn How to Create & Manage Active Directory Organizational Units (OUs). You will learn 3 different Methods of Creating Organizational Units (OUs). After you create the Organizational Unit (OU) I will be showing you what is Delegation and How to Deploy Delegation on the Organizational Unit (OU).
When you first install Active Directory Domain Services, there is only one OU in the domain, by default: The Domain Controllers OU. All other OUs must be created by an AD administrator. Here are the perfect two reasons for creating OUs on a Server.
- One of the main reasons for creating an OU is to assign different Group Policy settings to a particular collection of objects.
- Creating OUs enables you to implement a decentralized administration model, in which others manage portions of the AD DS hierarchy, without affecting the rest of the structure.
Create & Manage Active Directory Organizational Units (OUs)
Method #1:
Create OU Using the Active Directory Users & Computers
Step 1. Open Server Manager, on the Tools menu, select Active Directory Users and Computers to open the Active Directory Users and Computers console, or open run dialog box and type Dsa.msc and Press Enter. This Will open the Active Directory Users and Computers.
Step 2. When the Active Directory Users and Computers opens, right click on the Domain and select New, after that select Organizational Unit.
Step 3. Give a Name for the OU and when you are done click ok.
Note: If you want more editing’s after you clicked ok, you can edit the settings once again. just, right click on the OU and select the Properties and add the Information which you will need.
Method #2:
Create OU Using the Active Directory Administrative Center
Step 1. Open Server Manager, on the Tools menu, select Active Directory Administrative Center to open the Active Directory Administrative Center console, or open run dialog box and type Dsac.exe and Press Enter. This Will open the Active Directory Administrative Center console.
Step 2. Select Your Domain, the select New at the right pane at the right side, after selecting New Select Organization Unit.
Step 3. Now you are on the New Organizational Unit Wizard, give a Name for the OU and add any optional information you desire. When you are done with giving the information click ok.
Note: If you want more editing’s after you clicked ok, you can edit the settings once again. just, right click on the OU and select the Properties and add the Information which you will need.
Note 2: You can also edit Multiple OUs at once. Just select the Multiples OUs by Holding the Ctrl+ Click and then select Properties. You can edit also all the Information for the OUs except for the name.
Method #3:
Create OU Using the PowerShell
Step 1. Open PowerShell.
Step 2. Type New-ADOrganizationalUnit -Name “Technical Lab” –Path “DC=Techroze,dc=com” -ProtectedFromAccidentalDeletion $true -Server “Ghulam.Techroze.com” command.
Note: If you want to give more Information to the OU, you can type Get-Help New-ADOrganizationalUnit command.
Delegating Administrative Control Over an OU
Delegating can grant a user permission to manage the users, groups, computers and organizational Units and the other Projects restored in the Active Directory Domain Services. Or in a simple word I can say: Delegating will help administrators to set an admin for the OU.
These are some of the tasks which will help be specified by the Server Administrator while Delegating the User for the OU.
- Create, Delete and Manage Users accounts.
- Reset user Passwords.
- Read All User Information.
- Create, Delete and Manage Groups.
- Modify the membership of the Groups.
- Manage Group Policy links.
- Generate a Resultant set of Policy.
To delegate administrative control over an OU, use the following procedure:
Step 1. Open Server Manager, and from tools select the Active Directory Users and Computers. Or You Open Run dialog box and type their dsa.msc and Press Enter.
Step 2. Right click on the OU and select Delegate control.
Step 3. When the delegation wizard opens, click next on the welcome screen of Delegating.
Step 4. Select add then add the users or the Groups which you want to delegate them for the OU.
Step 5. Select the tasks which you want to the delegated user or group. I will select all the tasks and when I am done I will click next. Don’t Forget you can also add the custom tasks by your own.
Step 6. Before clicking Finish, once review the information and when you are done Click Finish to close the Delegation Wizard.
Summary
- Create an OU with any of the methods which you desire.
- Create a delegated user with Active Directory Users and Computes.
That’s all, I hope this article helped you Create & Manage Active Directory Organizational Units (OUs) on Windows Server 2016. If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.