How to Create OU in Active Directory – Windows Server 2012 R2

How to Create OU in Active Directory – Windows Server 2012 R2

In this post, we’ll learn the steps to create OU in Active Directory. OU is also known as Active Directory.

What is an OU in Active Directory?

What is an OU in Active Direcotry, how often this question is asked in an interview and how comfortable you are in answering this question? Normally this question is understand your level about Active Directory basics.

Before we understand Active Directory OU, do mention in comment your understanding about OU meaning.

If you have already commented then let’s start reading this article and do read it multiple times if you still have doubt.

Active Directory OU is a type of container that you can create in Domain Controller. It can be used to store Users, Computers, Groups and OUs. In simple layman terms it is like a home for all the objects that we have in our Domain.

Organizational Unit can also be used as per your Organizational structure or as per your Organization’s geographical structure.

Let’s take an example to understand it better. Let’s assume that you Organization has offices in different countries now for efficient management you can create OUs for each country and then you can create nested OUs for each state or city, alternatively you can also create nested OUs as per designation.

Organizational Unit can also be used to delegate permissions. Let us take an example, that Helpdesk in your Organization is responsible for password reset, create new user, reset user password, add computer in domain, etc. In that case you can delegate permissions to Helpdesk team so that can perform all the above mentioned tasks without contacting you or senior colleagues.

Creating  Organizational Unit (OU) in Active Directory

1. To create OU in Active Directory, we need to open “Active Directory Users and Computers”. Click on Start button and click administrative tools or you can run “dsa.msc” command in Run.

OUCreationGui

2. In Administrative Tools Window, Click on Active Directory Users and Computers. Active Directory Users and Computers can also be open by clicking on Start, click on down arrow and select “Active Directory User and Computer” or right click on Start, select run and type “DSA.MSC” and hit enter.

OUCreationGui

3. In Active Directory Users and Computers window, right click on Domain. In this example domain name is ABC.COM. Click on “New”, it shows various options for creating new objects. We’ll talk about other options in future posts. To create an OU, click on “Organizational Unit”.

OUCreationGui

4. It will open “New Object-Organizational Unit console”, type OU name in name tab. Select an option “protect the container from accidental deletion”, it will use enhance security and prevent accidental deletion of OU. We’ll cover the steps to delete an OU by removing extra protection in future articles. Click on OK to close the window.

OUCreationGui

5. Here we can see that the Organizational Unit(ou1) is created. Similarly we can create nested OUs by selecting an OU in which we want nested OU to be created.

OUCreationGui

Steps to Create OU Using Command Line

As we have already learned the steps to create OU using Active Directory Users and Computers console now we’ll learn the steps to create OU using command line. It’s always good to know multiple options to create Organizational Unit, it will certainly more impressive in and interviews when you know more than one option and give multiple answers to one question.

DSADD is an versatile command that can be used for multiple purpose. DSADD OU is the magic command that can be used to create an OU in Active Directory. It also helps to give custom patch.

1. To create OU using command line open Command prompt and type dsadd ou “ou=SalesOU,dc=abc,dc=com” and hit enter.

2. In this example SalesOU is the name of an Organizational Unit that will be created in abc.com domain.

3. To create nested Organizational Unit i.e. if you want to create an OU in SalesOU then type the command dsadd ou “ou=Managers,ou=SalesOU,dc=abc,dc=com”. This command will create an nested OU in SalesOU with the name of Managers.

Hope you understood the command we have listed above. Please try this command in your environment and let us know if you are facing any issue while executing it. Besides the command you can also create a script which can be executed in your environment where it is required on regular basis.

Steps to Delete Active Directory OU

1. For deleting an OU with enhanced security, first we have to disable “Protection from accidental deletion”. To disable accidental deletion click on ‘View’ and then select Advanced Features. Please ensure that you disable Advanced Features once you are done with the task.

OUCreationGui

2. After enabling Advanced Features, right click on Organizational Unit (ou1) i.e. the Active Directory OU for which you want to disable “Protection from accidental deletion” and click on Properties.

OUCreationGui

3. In OU1 properties window, click on ‘object’ tab, here we can see an option checked for “Protect object from accidental deletion” option. Uncheck that enhanced security options and click OK. This option will not be visible if Advanced Feature is not enabled (step 6).

OUCreationGui

4. Please ensure that advanced feature is not enable all the time and it’s disabled once you are done with the task. To disable advanced feature click on View and uncheck the Advanced Feature option.

OUCreationGui

5. Now when “Protection from accidental deletion” is disabled, for deleting OU, right click on OU and click on Delete.

OUCreationGui

6. Here, we have to confirm that we want to delete the Organizational Unit named ‘ou1’ by click on YES.

OUCreationGui

7. Now we can verify that Organizational Unit (ou1) is deleted.

OUCreationGui

Hope you understood the steps to create OU in Active Directory using GUI and command line. In addition to that we also learned the steps to delete OU from Domain Controller. Feel free to leave your comments and suggestions in the below mentioned comment section. Let us know the automation that you have introduced in your environment to create OU and how often you are creating it.

3 thoughts on “How to Create OU in Active Directory – Windows Server 2012 R2

  • March 7, 2017 at 4:17 am
    Permalink

    In an interview and interviewer shoot a question to me i.e. What is an OU in active Directory and can we delete Protected OU?

    To answer that I mentioned that OU is home where we create the users and it can also be defined to delegate Permissions. Normally we create OU and nested AD OU to manage the permissions. Organizational Unit in Active Directory is should be designed carefully for ease of management.

    To answer second question, I stated that Yes we can delete delete Protected OU by disabling the enhanced protection option either while creating it or from properties of an existing AD OU.

    Please confirm if my answer was correct or any changes required?

    • April 12, 2017 at 6:11 pm
      Permalink

      Yes, your answer was 100% correct. Hope you cleared that interview ?

  • March 12, 2017 at 3:10 pm
    Permalink

    It could be a stupid question but would appreciate your reply on that. What’s the basic difference between Active Directory Organizational Unit i.e. AD OU and Containers in Active Directory. Are they both same? When do we need to create them and how to manage them?

Comments are closed.