AD is the structure in which all of your user, computer, and server accounts reside. As you add new users and computers into your domain, they will be automatically placed into generic storage containers. You could get away with leaving all of your objects in their default locations, but there are a lot of advantages to putting a little time and effort into creating an organizational structure.
In this recipe, we will create some Organizational Units (OUs) inside Active Directory and move our existing objects into these OUs so that we can create some structure.
We will need a DC online for this recipe, which is a Server 2016 machine with the Active Directory Domain Services role installed. Specifically, I will be using the DC1 server that we prepped in the earlier Configuring a combination Domain Controller, DNS server, and DHCP server recipe.
Let's get comfortable working with OUs by creating some of our own, as follows:
Computers
folder, however, we can see that currently, all of the other systems we have joined to the domain have been lumped together:
Windows 7 Desktops
, Windows 7 Laptops
, Windows 8 Desktops
, Windows 8 Laptops
, Windows 10 Desktops
, Windows 10 Laptops
, Web Servers
, and Remote Access Servers
.
The actual work involved with creating OUs and moving objects around between them isn't complicated at all. What is much more important about this recipe is prompting you to think about which way works best for you to set up these OUs to make the best organizational sense for your environment. By breaking our computer accounts out into pinpointed groups, we are able, in the future, to easily do things such as discover how many web servers we have running, or do some quick reporting on how many user accounts we have in the sales group. We could even apply different Group Policy settings to different computer sets based on what OU they are contained within. Both reporting and applying settings can be greatly improved upon by making good use of Organizational Units inside AD.
52.15.130.113