What is an ou in active directory

An OU (Organizational Unit) in Active Directory is a container-like object within the directory that is used to store other directory objects. OUs are the basic element within which administrators can manage objects and apply security policies. OUs can contain users, groups, computers, and other OUs. Users and objects within the OU can be managed collectively from a single point.

Structure of OUs #

In Active Directory, OUs can be structured in a hierarchical tree-like fashion to facilitate a logical separation of directory objects. While there is no requirement for OU structure other than to have a domain at the root of the tree, best practices typically involve establishing highly structured OUs below the root that divide objects based on organizational units (e.g., departments) or roles.

Uses for OUs #

OUs can be used to organize directory objects to facilitate management of objects in the directory. OUs also allow administrators to apply Group Policy Objects to selectively apply local settings and policies to groups of users or computers; objects in the OU can inherit the settings and policies of the OU.

Managing OUs #

OUs can be managed like any other object in the directory. The built-in Active Directory Users and Computers snap-in to the Microsoft Management Console (MMC) provides the primary interface for managing objects in the directory, including creating or deleting OUs, or managing permissions on them.