How to Create OU in Active Directory – Windows Server 2012 R2

How to Create OU in Active Directory – Windows Server 2012 R2

In this post, we’ll learn the steps to create OU in Active Directory. OU (Organizational Unit) is a type of container that you can create in Domain Controller. It can be used to store Users, Computers, Groups and OUs. Organizational Unit can also be used as per your Organizational structure or as per your Organization’s geographical structure.

Organizational Unit can also be used to delegate permissions. Let us take an example, that Helpdesk in your Organization is responsible for password reset, create new user, reset user password, add computer in domain, etc. In that case you can delegate permissions to Helpdesk team so that can perform all the above mentioned tasks without contacting you or senior colleagues.

Creating  Organizational Unit (OU) in Active Directory

1. To create OU in Active Directory, we need to open “Active Directory Users and Computers”. Click on Start button and click administrative tools or you can use “dsa.msc” command in Run.

OUCreationGui

2. In Administrative Tools Window, Click on Active Directory Users and Computers. Active Directory Users and Computers can also be open by clicking on Start, click on down arrow and select “Active Directory User and Computer” or right click on Start, select run and type “DSA.MSC” and hit enter.

OUCreationGui

3. In Active Directory Users and Computers window, right click on Domain. In this example domain name is ABC.COM. Click on “New”, it shows various options for creating new objects. We’ll talk about other options in future posts. To create an OU, click on “Organizational Unit”.

OUCreationGui

4. It will open “New Object-Organizational Unit console”, type OU name in name tab. Select an option “protect the container from accidental deletion”, it will use enhance security and prevent accidental deletion of OU. We’ll cover the steps to delete an OU by removing extra protection in future articles. Click on OK to close the window.

OUCreationGui

5. Here we can see that the Organizational Unit(ou1) is created. Similarly we can create nested OUs by selecting an OU in which we want nested OU to be created.

OUCreationGui

6. For deleting an OU with enhanced security, first we have to disable “Protection from accidental deletion”. To disable accidental deletion click on ‘View’ and then select Advanced Features.

OUCreationGui

7. After enabling Advanced Features, right click on Organizational Unit (ou1) and click on Properties.

OUCreationGui

8. In OU1 properties window, click on ‘object’ tab, here we can see checked “Protect object from accidental deletion” option. Uncheck that enhanced security options and click OK. This option will not be visible if Advanced Feature is not enabled (step 6).

OUCreationGui

9. Please ensure that advanced feature is not enable all the time. To disable advanced feature click on View and uncheck the Advanced Feature option.

OUCreationGui

10. For deleting OU, right click on OU and click on Delete.

OUCreationGui

11. Here, we have to confirm that we want to delete the Organizational Unit named ‘ou1’ by click on YES.

OUCreationGui

12. Now we can verify that Organizational Unit (ou1) is deleted.

OUCreationGui

Hope you understood the steps to create OU in Active Directory and steps to delete OU from Domain Controller.

Share this post:

3 thoughts on “How to Create OU in Active Directory – Windows Server 2012 R2

  • March 7, 2017 at 4:17 am
    Permalink

    In an interview and interviewer shoot a question to me i.e. What is an OU in active Directory and can we delete Protected OU?

    To answer that I mentioned that OU is home where we create the users and it can also be defined to delegate Permissions. Normally we create OU and nested AD OU to manage the permissions. Organizational Unit in Active Directory is should be designed carefully for ease of management.

    To answer second question, I stated that Yes we can delete delete Protected OU by disabling the enhanced protection option either while creating it or from properties of an existing AD OU.

    Please confirm if my answer was correct or any changes required?

    • April 12, 2017 at 6:11 pm
      Permalink

      Yes, your answer was 100% correct. Hope you cleared that interview ?

  • March 12, 2017 at 3:10 pm
    Permalink

    It could be a stupid question but would appreciate your reply on that. What’s the basic difference between Active Directory Organizational Unit i.e. AD OU and Containers in Active Directory. Are they both same? When do we need to create them and how to manage them?

Comments are closed.