Active Directory: Maintaining Organizational Units


General Information

The following is a guide to maintaining organizational units in the LSU ITS Active Directory system. Organizational Units allow organizations on campus to maintain control over their resources, like: computers, servers, printers and file shares. Below are instructions on how to maintain OU's.
 

Creating Objects in an Organizational Unit

By creating additional OU', you can better manage resources like workstations. For example, under your Computer's OU, you may create a 'Lab OU' to contain all computers located in labs and a 'Staff OU' that contains all computers used by departmental staff. That way, the lab machines can be locked down to provide little access, while your staff can have more rights to their local machines.

1. Open Active Directory Users and Computers (under Start, Programs, Administrative Tools, Active Directory Users and Computers).

2. In the management console, under the tree on the left hand side, navigate to the Organizational Unit you want to add a new OU.

3. In the window on the right hand side of the console, right click somewhere that does not contain an object to get a menu.

4. Run the mouse over new and another menu pops out.

5. From this menu, select Organizational Unit.

New and organizational unit
Create an OU 1 - In this example, we are creating a new OU under Computers, which is under CHEM.

 

6. You will be prompted for an OU name.

OU title
Create an OU 2 – Here we name the new OU Labs.

 

7. Click OK.

OU added
Create an OU 3 – Here we see the newly created Labs OU under the Computer OU.



Deleting Objects in an Organizational Unit

Occasionally, you may need to delete objects from an Organizational Unit. All objects within a organization’s OU can be deleted EXCEPT FOR USER ACCOUNTS and the OU itself.
1. Open the Active Directory Users and Computers (Start, Programs, Administrative Tools, Active Directory Users and Computers).

2. You should be in the lsu.edu domain within Active Directory.

3. In the left pane of the Management Console, browse to the Organizational Unit that contains the object you want to delete (you cannot delete User objects).

4. In the right pane of the Management Console, select the object and press the Delete key.

5. If you need to refresh the view, press F5 to make sure that the object has been removed from the Active Directory.

 
1. Deleting an Organizational Unit:
1. Open the Active Directory Users and Computers (Start, Programs, Administrative Tools, Active Directory Users and Computers).

2. You should be in the lsu.edu domain within Active Directory.

3. In the left pane of the Management Console, browse to the Organizational Unit that you want to delete.

4. Right click on the OU and select Delete.

5. Confirm the deletion by clicking Yes.

6. If the OU contains any objects, you will be prompted to confirm their deletion. Just click Yes.

7. If you need to refresh the view, press F5 to make sure that the object has been removed from the Active Directory.
NOTE: If you delete an organizational unit that should not have been deleted, contact the Active Directory Team at: activedir@lsu.edu.
 
2. Moving an Organizational Unit:
1. Open the Active Directory Users and Computers (Start, Programs, Administrative Tools, Active Directory Users and Computers).

2. You should be in the lsu.edu domain within Active Directory.

3. In the left pane of the Management Console, browse to the Organizational Unit that you want to move.

4. Right click on the OU and select Move.

5. Select the new parent for the OU and confirm the move by clicking OK.

 
3. Moving objects in one OU to a different OU:
1. Open the Active Directory Users and Computers (Start, Programs, Administrative Tools, Active Directory Users and Computers).

2. You should be in the lsu.edu domain within Active Directory.

3. In the left pane of the Management Console, browse to the Organizational Unit that contains the objects you wish to move.

4. Select all the objects you want to move in the right pane, right click on the objects, and select MOVE.

5. Navigate to the new container you want to place the objects in and select it.

6. Click OK to confirm the move. You can press F5 on the keyboard to refresh the changes you have made.


Organizational Unit Security:
Organizational Unit administrators should be able to create additional child OU's beyond Computers and Users, but they should not be allowed to create Users or change passwords for current users. In doing so, the organization's OU's are  locked down so that the Admin Group has access to add, change, and remove most of the objects (user objects cannot be changed) within their OU but not on any other OU's in the Active Directory.

 

5269
2/2/2024 4:41:46 PM