Windows Server 2016 – Organizing your computers with Organizational Units

Initial Server Setup with CentOS 8

AD is the structure in which all of your user, computer, and server accounts reside. As you add new users and computers into your domain, they will be automatically placed into generic storage containers. You could get away with leaving all of your objects in their default locations, but there are a lot of advantages to putting a little time and effort into creating an organizational structure.

In this recipe, we will create some Organizational Units (OUs) inside Active Directory and move our existing objects into these OUs so that we can create some structure.

Getting ready

We will need a DC online for this recipe, which is a Server 2016 machine with the Active Directory Domain Services role installed. Specifically, I will be using the DC1 server that we prepped in the earlier Configuring a combination Domain Controller, DNS server, and DHCP server recipe.

How to do it…

Let’s get comfortable working with OUs by creating some of our own, as follows:

  1. Open Active Directory Users and Computers. This can be launched from the Tools menu inside Server Manager. As you can see, there are some pre-defined containers and OUs in here:

Alternatively, you can also open Active Directory Users and Computers by running dsa.msc from a command prompt or the Start screen.

  1. We can already see that the DC servers have been segmented off into their own OU. If we look in our Computers folder, however, we can see that currently, all of the other systems we have joined to the domain have been lumped together:
  1. Currently, it’s hard to tell which machine accomplishes what purpose. A better naming scheme might help, but what if you are working in an environment where there are hundreds of objects already? We want to break these machines up into appropriate groups so that we have better management over them in the future. Right-click on the name of your domain in the left-hand window pane, then navigate to New | Organizational Unit.
  1. Input a name for your new OU and click OK. I am going to create a few new OUs called Windows 7 Desktops, Windows 7 Laptops, Windows 8 Desktops, Windows 8 Laptops, Windows 10 Desktops, Windows 10 Laptops, Web Servers, and Remote Access Servers:
  1. Now for each object that you want to move, simply find it, right-click on it, and then click on Move…:
  1. Choose which OU you would like this object to move into and click OK.

How it works…

The actual work involved with creating OUs and moving objects around between them isn’t complicated at all. What is much more important about this recipe is prompting you to think about which way works best for you to set up these OUs to make the best organizational sense for your environment. By breaking our computer accounts out into pinpointed groups, we are able, in the future, to easily do things such as discover how many web servers we have running, or do some quick reporting on how many user accounts we have in the sales group. We could even apply different Group Policy settings to different computer sets based on what OU they are contained within. Both reporting and applying settings can be greatly improved upon by making good use of Organizational Units inside AD.

Comments are closed.