Active Directory Basics

Step 4 — Create Organizational Units

In this step, you will create a realistic Organizational Unit (OU) structure based on branch location.

This mirrors how Active Directory is commonly structured in production environments, especially in banks and multi-site organizations.

How OUs are used in the real world

In production, OUs are designed around policy and delegation boundaries — not just object type. Location-based OUs make it easier to apply Group Policy, troubleshoot issues, and delegate access.

1. Open Active Directory Users and Computers

  • Log into the domain controller
  • Open the Start Menu
  • Search for and open Active Directory Users and Computers

2. Locate the Domain Root

  • In the left pane, expand your domain (e.g., lab.local)
  • This top-level container is the domain root

You will create a top-level OU to represent organizational structure, rather than placing objects directly at the root.

3. Create the _Branches OU

  1. Right-click the domain root
  2. Select New → Organizational Unit
  3. Name the OU _Branches
  4. Ensure Protect container from accidental deletion is checked
  5. Select OK

4. Create a Branch OU

You will now create an OU for a specific branch. In a real environment, each physical location would have its own OU.

  1. Right-click the _Branches OU
  2. Select New → Organizational Unit
  3. Name the OU after a branch (e.g., Houston)
  4. Ensure Protect container from accidental deletion is checked
  5. Select OK

5. Create Sub-OUs for the Branch

Within each branch, separate users and devices to allow targeted policy and easier troubleshooting.

  1. Right-click the branch OU (e.g., Houston)
  2. Select New → Organizational Unit
  3. Name the OU Users
  4. Repeat to create Workstations and Laptops
  5. Ensure accidental deletion protection is enabled on each OU

6. Verify the OU Structure

  • Confirm the OUs exist and are nested correctly
  • Your structure should look similar to this:
_Branches
 └── Houston
     ├── Users
     ├── Workstations
     └── Laptops

Why Not _Users or _Computers?

In small labs, you may see flat OUs like _Users or_Computers. In production environments, OUs are almost always organized around policy boundaries such as branch location.

This approach scales better and reflects how Active Directory is managed in real organizations.

Important Notes

  • Avoid placing users or computers in default containers
  • Group Policy is applied at the OU level, not containers
  • This structure will be used heavily in upcoming steps

Checkpoint

  • _Branches OU exists at the domain root
  • A branch OU (e.g., Houston) exists
  • Users, Workstations, and Laptops sub-OUs exist
  • Accidental deletion protection is enabled

If this looks correct, you’re ready to start creating users and joining machines to the domain.