Only Default OU (Organizational Units) when Active Directory is Installed
The Default Domain Controllers OU is just one OU present when Active Directory is first installed. This OU is used to organize and administer the domain’s domain controllers. Over time, the domain administrator can create an infinite number of OUs for the domain, but having too many OUs might make management difficult.
What is an OU & Container?
- An AD (Active Directory) Object is primarily employed to organize all other AD Objects which are created within that infrastructure.
- OU can be linked to a Group Policy Object (GPO)
- Containers, another form of organizational object found within Active Directory, are different from OUs.
- OU cannot be linked to a Group Policy Object (GPO)
The following objects will be organized mostly using OUs:
- User accounts
- Group accounts
- Computers
Yes, OUs can be used to organize shared folders and printers, however, controlling these items from within an OU isn’t very popular or practical.
Domain Controller OU
Domain controllers’ computer objects are automatically added to the Domain Controller OU when they are added to the domain. This OU has a set of policies that are applied by default. We recommend that you do not move the domain controllers’ computer objects out of this OU to ensure that these policies are applied equally to all domain controllers.
A domain controller’s ability to function properly can be jeopardized if the default policies are not followed. By default, the service administrators control this OU. Do not delegate control of this OU to individuals other than the service administrators.
Other Built-in Containers in Active Directory
A common set of containers and organizational units (OUs) are established during the installation of Active Directory Domain Services in every Active Directory domain (AD DS). The following are some of them:
- Domain container, which acts as the hierarchy’s root container.
- Built-in container, It manages the service administrator accounts by default.
- Users container, where new user accounts and groups are created by default in the domain.
- Computers container, this is the default place for newly formed domain computer accounts.
- Domain Controllers OU, Computer accounts for domain controllers are stored in the default location.
These default containers and OUs are managed by the forest owner.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.