Organizational Unit

E707752
Active Directory object class directory container

An Organizational Unit is a subdivision within an Active Directory domain used to logically group and manage users, computers, and other resources for administrative control and policy application.

Jump to: Statements Referenced by

Statements (48)

Predicate Object
instanceOf Active Directory object class
directory container
abbreviation OU
belongsTo single domain only
canBeCreatedWith Active Directory Users and Computers NERFINISHED
PowerShell cmdlets
dsadd command
ldifde
canBeProtectedFrom accidental deletion
canContain policy-specific objects
service accounts
canDelegateTo specific administrators
canHave Group Policy Object links
cannotSpan multiple domains
contains computer accounts
groups
other Organizational Units
printers
shared folders
user accounts
definedIn Active Directory schema NERFINISHED
differentFrom Active Directory container CN=Users
Active Directory domain
Active Directory site NERFINISHED
distinguishedNameAttribute ou
enables granular Group Policy targeting
granular administrative delegation
hasLDAPClassName organizationalUnit
managedBy domain administrators
partOf Active Directory domain NERFINISHED
purpose to apply Group Policy
to delegate administrative control
to logically group directory objects
representedBy ou attribute in LDAP
scopeOf Group Policy inheritance
supports access control lists on the container
blocking Group Policy inheritance
enforced Group Policy links
hierarchical directory design
nesting
security filtering of Group Policy via group membership
usedBy domain controllers for policy scoping
usedFor separating departments
separating different administrative roles
separating locations
separating production and test objects
usedIn Active Directory Domain Services NERFINISHED
visibleIn Active Directory administrative tools NERFINISHED

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

Group Policy processingOrder Organizational Unit