Reaching Others University at Buffalo - The State University of New York
Skip to Content

UB Active Directory (UBAD)

Organizational Unit (OU) Hierarchy Structure

An organizational unit (OU) is a container object that is used to organize objects within a domain. An OU contains objects such as user accounts, groups, computers printers and other OUs. OUs are created in the UBAD to contain objects (user, groups, computers, printers, etc) so they may be managed by OU administrators. OU administrators will assign rights to departmentally controlled resources and grant access privileges.

OU Hierarchy

OUs can be used to group objects into a logical hierarchy that best suits the needs of the organization. OU structure can be based on departmental or administrative boundaries. In UBAD, OUs do not represent any particular organization or hierarchy of the Institution. UBAD’s OU structure does not imply or influence any organization within other directories.

UBAD Accounts Domain

Three first level OUs will be created in the Accounts Domain: People, Groups and ITOrg.   

  • People OU will contain UBIT names populated from the accounts management system.
  • Groups OU will contain groups populated from the account system, as well as, groups created during migration.
  • ITOrg OU will contain departmental OUs consistent with the UBAD naming standard.

UBAD Resource Domain

One first level OU (ITOrg) will be created in the Resource Domain consistent with the UBAD naming standard. The ITOrg OU will contain departmental OUs.

UBAD OU Hierarchy

UBAD is limited to nesting 5 levels of OUs within UBAD Accounts and Resource domains for performance reasons.

  • Within the Accounts Domain, all five levels will be managed by the UBADST
  • Within the Resource Domain, the first three levels will be managed by the UBADST; levels four and five will be managed by the ITOrg OU administrators.
  • The first three level’s of OUs need to match in the Accounts and Resource domains.
  • The third level OU name will be used as the ‘Administrative Prefix’ as described in the UBAD naming standard document.

IT organizations have full permissions within their OUs. Additionally, they have the ability to apply Group Policy to the 2nd and subsequent levels in the Resource Domain.

UBAD Accounts Domain Example


• People, Groups, ITOrg are 1st level OUs
• IT Organizations OUs are in green, 2nd level.
   o SAIT is a department OU, for example
• IT Org prefixes are in blue, 3rd level
   o PUBS is an administrative prefix within the   
      SAIT department OU
• PUBS-Admin is a department sub-OU, for  
   example, 4th level

 

UBAD Resource Domain Example


• ITOrg is 1st level OU (same as Accounts Domain)
• IT Organizations OUs are in green, 2nd level
  (same as Accounts Domain)
• IT Org prefixes are in blue, 3rd level (same as
  Accounts Domain)
• Subsequent levels are named and maintained by
  department OU administrator (orange text)

Did This Page Answer Your Question?

(Required)
 
Email, UBITName or phone number
(Required)
Enter both words below, separated by a space. If either word appears unclear, click 'Get a new challenge' to receive two new words.