Organizational Unit (OU) is a container object in an Active Directory Domain Services (AD DS) contains group of objects such as user accounts, service accounts and computer accounts. OU in Active Directory let you logically group different objects or resources of the same AD domain.
Benefits of Creating an Organizational Unit (OU) in AD
- Group Policy β You can assign Group Policy (GPO) to logical group of all objects ( users, service account and computers) in OU
- Delegation β You can assign administrators to specific OU for delegation of administrators tasks and management
- Active Directory OU structure β You can manage and visually organize active directory OU structure.
In this tutorial, I will explain about step by step guide to create OU in Active Directory using ADUC ( Active Directory Users and Computers) and create Active directory organization unit (OU) using PowerShell way.
How to Create OU in Active Directory using ADUC?
To create OU in Active Directory , user must be a member of Domain Control Administrators group or user has been delegated administrative privileges over OU ( organizational unit).
In this section, I will explain you how to use Active Directory Users and Computers (ADUC) tool to create active directory OU (organizational unit).
Active Directory Users and Computers (ADUC) in Active Directory is Microsoft console snap-in, help you to create and manage AD objects, create OU, delegates permissions to users to manage group policy and so onβ¦
Follow below steps to create OU in active directory
Open ADUC mmc snap-in
You can open Active Directory Users and Computer mmc snap-in using either dsa.msc command or Server manager in Window Servers (2012 ,2016 or 2019 server)
Go to Start menu, open run and type dsa.msc and click ok
It will open Active Directory Users and Computer mmc snap-in as below
Select Domain to Create OU
Select Domain container in ADUC and right click on to open sub menu.
Click on New option to open further submenu and click on Organization Unit to create OU.
In the above ADUC mmc snap-in, I have SHELLPRO.LOCAL as domain container. Right click on it to open menu. Select New option to open sub menu. Select Organization Unit to add OU.
Enter OU name to create new object β Organization Unit
On New-Object dialog to create organizational unit, enter the name as per active directory OU structure and click ok.
In above dialog, I have entered OU name as SALES, click on button to create OU. It will successful create OU and it will be available in the root of domain container.
Protect container from accidental deletion option is by default enabled to prevent accidental deletion of OU.
However, if you want to delete OU, you need to uncheck this option to confirm delete action for specific OU in active directory.
Cool Tip: how to get-aduser using userprincipalname in PowerShell!
How to Create Active Directory OU using PowerShell?
To create active directory OU using PowerShell, you must be member of domain control administrator group or have granted permission to manage OU.
Server must have Active Directory module installed to use active directory related commands.
We will use PowerShell New-ADOrganizationalUnit cmdlet of Active Directory module to create Active Directory Organizational Unit.
You need to specify commonly used OU properties in New-ADOrganizational cmdlet to create OU.
Letβs consider an example to create new OU in active directory.
New-ADOrganizationalUnit -Name "HR" -Path "DC=SHELLPRO,DC=LOCAL"
In the above PowerShell script, it will create HR organization unit in root domain of active directory.
Newly created organizational unit will have Protect container from accidental deletion option enabled as default and will be available in root of domain in active directory.
Refer below image, where it displays list of all organizational units created using ADUC and PowerShell ( marked in red )
Cool Tip: How to use Get-ADOrganizationalUnit in PowerShell!
Conclusion
I hope above step by step guide about how to create OU in active directory using Active Directory Users and Computers mmc snap-in and New-ADOrganizationUnit cmdlet in PowerShell helpful to you.
Before you create Active Directory OU, you must be members of domain controllers administrators group or have privileges to manage organizational unit.
Cool Tip: How to add upn suffix in active directory using ADUC!
You should have idea Active Directory OU structure before you create organizational unit in active directory.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.