TABLE OF CONTENTS OUs are the smallest container objects in Active Directory. OUs provide organization, as the name implies, as well as administrative delegation capabilities. In the following sections, we will explore the various applications of OUs and discuss the best practice for their execution.
Just like the larger containers of forests and domains, best practice for OU design follows a few designated models. (The various OU design models were discussed in greater detail in Chapter 2, which presents a more concise look at the various OU designs available.) Now, let's begin by looking at the benefit of using OUs to delegate.
One of the greatest benefits OUs provide is delegation. In this section we will analyze the three major OU models in practical use and discuss the best-practice design of each. With OU delegation providing such a large benefit to Active Directory administration, we will place most of the emphasis on that topic.
Microsoft recommends three scenarios in which OU creation is beneficial:
For delegation of administrative tasks
For division of users with unlike policy requirements
For simplified resource administration
We will see one of the three standard models for OUs in Active Directory, which organizes by function. The next section provides an analysis of OUs organized geographically. Finally, we will look at OUs organized by object type.
Delegating by function provides an Active Directory design that closely mimics the organization's hierarchical structure. Each department in the organization becomes an OU in this...
