An organizational unit (OU) is a container object that is used
to organize objects within a domain. An OU contains objects such as
user accounts, groups, computers printers and other OUs. OUs are
created in the UBAD to contain objects (user, groups, computers,
printers, etc) so they may be managed by OU administrators. OU
administrators will assign rights to departmentally controlled
resources and grant access privileges.
OUs can be used to group objects into a logical hierarchy that
best suits the needs of the organization. OU structure can be based
on departmental or administrative boundaries. In UBAD, OUs do not
represent any particular organization or hierarchy of the
Institution. UBAD’s OU structure does not imply or influence
any organization within other directories.
Three first level OUs will be created in the Accounts Domain:
People, Groups and
- People OU will contain UBIT names populated from the
accounts management system.
- Groups OU will contain groups populated from the account
system, as well as, groups created during migration.
- ITOrg OU will contain departmental OUs consistent with
the UBAD naming standard.
One first level OU (ITOrg) will be created in the Resource
Domain consistent with the UBAD naming standard. The ITOrg OU will
contain departmental OUs.
UBAD is limited to nesting 5 levels of OUs within UBAD Accounts
and Resource domains for performance reasons.
- Within the Accounts Domain, all five levels will be managed by
- Within the Resource Domain, the first three levels will be
managed by the UBADST; levels four and five will be managed by the
ITOrg OU administrators.
- The first three level’s of OUs need to match in the
Accounts and Resource domains.
- The third level OU name will be used as the
‘Administrative Prefix’ as described in the UBAD naming
IT organizations have full permissions within their OUs.
Additionally, they have the ability to apply Group Policy to the
2nd and subsequent levels in the Resource Domain.