An organizational unit (OU) is a container object that is used
to organize objects within a domain. An OU contains objects such as
user accounts, groups, computers printers and other OUs. OUs are
created in the UBAD to contain objects (user, groups, computers,
printers, etc) so they may be managed by OU administrators. OU
administrators will assign rights to departmentally controlled
resources and grant access privileges.
OUs can be used to group objects into a logical hierarchy that
best suits the needs of the organization. OU structure can be based
on departmental or administrative boundaries. In UBAD, OUs do not
represent any particular organization or hierarchy of the
Institution. UBAD’s OU structure does not imply or influence
any organization within other directories.
Three first level OUs will be created in the Accounts Domain: People, Groups and ITOrg.
One first level OU (ITOrg) will be created in the Resource Domain consistent with the UBAD naming standard. The ITOrg OU will contain departmental OUs.
UBAD is limited to nesting 5 levels of OUs within UBAD Accounts and Resource domains for performance reasons.
IT organizations have full permissions within their OUs. Additionally, they have the ability to apply Group Policy to the 2nd and subsequent levels in the Resource Domain.
UBAD Accounts Domain Example
• People, Groups, ITOrg are 1st level OUs
• IT Organizations OUs are in green, 2nd level.
o SAIT is a department OU, for example
• IT Org prefixes are in blue, 3rd level
o PUBS is an administrative prefix within the
SAIT department OU
• PUBS-Admin is a department sub-OU, for
example, 4th level
UBAD Resource Domain Example
• ITOrg is 1st level OU (same as Accounts Domain)
• IT Organizations OUs are in green, 2nd level
(same as Accounts Domain)
• IT Org prefixes are in blue, 3rd level (same as
• Subsequent levels are named and maintained by
department OU administrator (orange text)