In this lecture, I will be giving you an introduction to Active Directory Organizational Units and Containers.I am logged into my domain controller SADC01 and we are going to launch Active Directory Users and Computers by selecting from Server Manager > Tools Active Directory Users and Computers.

Once our console comes up we are going to see our domain name on the left pane: ad.serveracademy.com. Click to expand it to show the contents.

We will talk about the Containers or folders as you might call them. We will explain what they are, what they are used for so that you have a good understanding of what’s going on here.These folders are here by default and are of different types. We have one BuiltinDomain, an Organizational Unit, and some Container folders.

 The Container folders are structural objects that are included by default within Active Directory. The most common difference between a Container and an Organizational Unit is that an Organizational Unit can receive Group Policies. You cannot apply Group Policies to Container objects and you cannot deploy them to the builtinDomain folder.IMPORTANT: Group Policy Objects do apply to containers, but they cannot be LINKED to containers.

The way in which you would apply the Group Policies configuration to this default folder is if you assign it to the domain ad.serveracademy.com. We will be mainly creating, editing, and deleting Organizational Units and not Containers, although it is possible to create Container objects.

We have different Containers:

Computers Container: This is the default location for new computers that join the domain.

ForeingSecurityPrincipals Container: This holds proxy objects for security principals from other trusted domains. This could be a security group, or a user account, and things like that. This comes into play when you establish an Active Directory Trust between this current domain and another domain. It is empty by default.

Managed Service Accounts Container: Holds accounts that are used to run services or applications. These MSAs are only supposed to be used by services.

You don’t need to do things like managing the passwords or reset passwords as you would do with a regular Active Directory User account. That also means you would not be login with these Managed Service Accounts. This one is empty by default.

Users Container: It contains the Administrator account and several Domain Groups that are required in order for your domain to function.This Administrator account is the same account that we used to install the operating system, and when we promoted the server to a Domain Controller it becomes a Domain Administrator account.

Builtin Container: Contains all the actual groups that are required by your domain to operate.

If you try to delete one of these groups you’ll see that you cannot do that. There’s no delete option from the context menu. That’s because these are built into your domain.

That’s all we need to talk about for Organizational Units (OUs) and Containers.

Server Academy Members Only

Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..

Sign In Sign Up Free