drewberrylicious
asked on
Active Directory 101 - OU, Branches, Containers
I need some quick help differentiating between a few key concepts within Active Directory.
1) Is a branch essentially the last OU in the hierarchy? For example, let's say we have an OU called "Office", then a child OU called "North East", then a child OU of North East called "Boston" - WOULD this be considered a branch?
2) What about the difference between an "OU" and a "Container"...is there one, or are they two of the same?
3) Can a user (or printer or other resource) belong to MORE THAN ONE OU (I'm guessing the answer is "No" - but would like an expert explanation of this)
Concise and succinct answers would be appreciated.
1) Is a branch essentially the last OU in the hierarchy? For example, let's say we have an OU called "Office", then a child OU called "North East", then a child OU of North East called "Boston" - WOULD this be considered a branch?
2) What about the difference between an "OU" and a "Container"...is there one, or are they two of the same?
3) Can a user (or printer or other resource) belong to MORE THAN ONE OU (I'm guessing the answer is "No" - but would like an expert explanation of this)
Concise and succinct answers would be appreciated.
ASKER
Also (promise this is my last suffix to this question) can you tell me why I can't add a sub-folder to the default 'Users' folder within ADUC? In our PROD environment, we have multiple folders under USERS (which is the out of the box folder - Not an OU from my understanding) - but when I try to create sub "folders" in another test environment, I can't....any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the quick response.
Regarding answer one, I'm not so interested in permissions or delegation - I'm really trying to find out whether my understanding of the terminology is correct. Using the example I provided initially, would it be correct to call the Office > North East > Boston a "AD Branch"?
Regarding answer two, please view this additional question (https://www.experts-exchange.com/questions/23916461/Active-Directory-Users-Container-vs-Organizational-Unit.html) I've posted where you can see that sub-containers can be created....now I just need to find out how.
Regarding answer three - that's what i thought, but needed to hear it from someone else. With thanks mboppe!
Regarding answer one, I'm not so interested in permissions or delegation - I'm really trying to find out whether my understanding of the terminology is correct. Using the example I provided initially, would it be correct to call the Office > North East > Boston a "AD Branch"?
Regarding answer two, please view this additional question (https://www.experts-exchange.com/questions/23916461/Active-Directory-Users-Container-vs-Organizational-Unit.html) I've posted where you can see that sub-containers can be created....now I just need to find out how.
Regarding answer three - that's what i thought, but needed to hear it from someone else. With thanks mboppe!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Rob.
I think I'm now clear about what a branch is..."any OU container which contains sub-OUs" - or at least the way I look at it anyway.
One thing I've not been able to do from your answer to question 4 - is see the OBJECT tab (see image below). This is in my test environment WITHOUT MS Exchange Installed. Can I assume this is the reason I cannot see it?
Regarding your answer to question 5, we have a whole sub-container structure under 'Users' which is apparently a legacy from when we moved from Exchange 2000 to Exchange 2003.
objecttab.png
I think I'm now clear about what a branch is..."any OU container which contains sub-OUs" - or at least the way I look at it anyway.
One thing I've not been able to do from your answer to question 4 - is see the OBJECT tab (see image below). This is in my test environment WITHOUT MS Exchange Installed. Can I assume this is the reason I cannot see it?
Regarding your answer to question 5, we have a whole sub-container structure under 'Users' which is apparently a legacy from when we moved from Exchange 2000 to Exchange 2003.
objecttab.png
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
ASKER