ORGANISATION UNIT (OU)
OU is the smallest unit in a
domain network that can contain users, computers, groups, shared folders, printers
and group policy objects.
domain network that can contain users, computers, groups, shared folders, printers
and group policy objects.
In
simple words, OU means departments like sales dept., accounts dept. etc in a
company.
simple words, OU means departments like sales dept., accounts dept. etc in a
company.
OU can be used to apply
different security policies to computers and users in the different
departments. OU also helps in dividing administration among different
administrators. For example, sales dept. can have a different administrator
managing only computers and users of sales dept.
different security policies to computers and users in the different
departments. OU also helps in dividing administration among different
administrators. For example, sales dept. can have a different administrator
managing only computers and users of sales dept.
APPLYING GROUP POLICY OR SECURITY USING OU
1.
Make some client computers member of the domain.
Make some client computers member of the domain.
2.
Now go to your DC and open ‘Active Directory Users and Computers’.
Now go to your DC and open ‘Active Directory Users and Computers’.
3.
Right-click on domain-name (e.g., sony.com) > new > organization unit.
Right-click on domain-name (e.g., sony.com) > new > organization unit.
4.
In the Name, type Sales Dept. > O.K.
In the Name, type Sales Dept. > O.K.
5.
Click on the ‘computers’ and right-click on the computer names by selecting the
computers which are of sales dept. > move > select ‘sales dept. > O.K.
Click on the ‘computers’ and right-click on the computer names by selecting the
computers which are of sales dept. > move > select ‘sales dept. > O.K.
6.
Click on ‘Users’ and move some users to the sales dept. OU.
Click on ‘Users’ and move some users to the sales dept. OU.
7.
Now right-click on the Sales Dept. OU > properties > Group Policy.
Now right-click on the Sales Dept. OU > properties > Group Policy.
8.
Click on New and click on Edit.
Click on New and click on Edit.
9.
Group Policy Object Editor will open.
Group Policy Object Editor will open.
10.
Edit your policies and close the Editor.
Edit your policies and close the Editor.
11.
Click on Options and select ‘no override’.
Click on Options and select ‘no override’.
12.
Select ‘Block Policy Inheritance’.
Select ‘Block Policy Inheritance’.
13.
Click Apply & O.K.
Click Apply & O.K.
14.
Create one more OU named as ‘Accounts Dept’.
Create one more OU named as ‘Accounts Dept’.
15.
Similarly move computers and users to the Accounts Dept. OU and apply group
policy.
Similarly move computers and users to the Accounts Dept. OU and apply group
policy.
16.
Finally give the command:
Finally give the command:
Gpupdate
17.
Restart your client computers.
Restart your client computers.