Chapter 5. Organizational Units
Introduction
An LDAP directory, such as Active Directory, stores data in a hierarchy of containers and leaf nodes called the directory information tree (DIT). Leaf nodes are end points in the tree, while containers can store other containers and leaf nodes. In Active Directory, the two most common types of containers are organizational units (OUs) and container objects. The container objects are generic containers that do not have any special properties about them other than that they can contain objects. Organizational units, on the other hand, have some special properties, such as being able to be linked to a group policy. In most cases, when designing a hierarchy of objects in Active Directory, especially users and computers, you should use OUs instead of containers. There is nothing you can do with a container that you can’t do with an OU, but the reverse is not true.
The Anatomy of an Organizational Unit
Organizational units can be created anywhere
in a Domain naming context. The one exception is that by default OUs
cannot be added as a child of a container
object.
See Recipe 5.10 for more on how to work
around this. OUs are represented in Active Directory by
organizationalUnit
objects. Table 5-1 contains a list of some interesting attributes
that are available on organizationalUnit
objects.
Table 5-1. Attributes of organizationalUnit objects
Attribute |
Description |
---|---|
|
Textual description of the OU. |
|
List of group policy objects ... |
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.