Active Directory - "Users" Container vs "Organizational Unit"

Posted on 2008-11-18
1 Ratings
Last Modified: 2012-05-05
I'm a little confused between an OU an the default "Users Folder" which is displayed under Active Directory on Windows 2003 Server.  

As far as I can tell, the "Users" folder is not an OU - but a container.  I need some succinct clarification on this point.

The reason I'm asking this is that I see that there are various subfolders under 'USERS', but I am unable to create any new ones.  This is probably because I only have view access, so I double checked this by working on my test envionrment which I have DOMAIN ADMIN access to and I am unable to create a sub-folder or sub-container there either.  Furthermore, I am unable to move a branch from else in the OU...I just get an error stating that I cannot move the object because the parent is not a possible superior.

How can I create a sub folder/container under the Users container (and am I using the correct terminology here)?

Question by:drewberrylicious
    LVL 20

    Accepted Solution

    Containers are considered builtin objects and cannot be altered without altering the AD schema.  Ideally you would not use this container but create as MANY OU's as you want (in an organized structure) and emulate what you want\need for now and for the future.  This is why OU's can be created and manipulated.  You need structure and the builtins just give an out of the box structure and builtin groups/users like administrator, guest, IIS anonymous users, etc...

    An OU is the same thing as a container, but an OU can have group policies, other OU's, permissions, delegates, etc...  Containers are limited to what you see is what you get.


    Author Closing Comment

    Thanks for the fast and succinct answer.
    LVL 3

    Expert Comment

    MightySW is right but you can create subfolders and assign group policy t "USERS" Container..

    Refer and

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    At least once a month I see a Question in one of the Windows Server related Zones asking about Best Practices for GPO Security.  I have been in IT for 20 years, and a Sys Ad for over 15.  I know this will sound cliché, but this is mostly a preferenc…
    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now