Organizational Units
In Active Directory (AD), an organization unit (OU) is a container object used to organize and manage objects (such as users, computers, groups, and other OUs) within a domain. OUs provide a way to group related objects together, making it easier to apply policies, permissions, and settings to specific sets of objects. This hierarchical structure is commonly used to mirror an organization's real-world structure and delegation of administrative tasks.
Key points about Organization Units in Active Directory:
- Hierarchical Structure: OUs create a tree-like structure within a domain, similar to folders in a file system. An OU can contain other OUs, users, groups, computers, and other objects, allowing administrators to manage resources more efficiently.
- Delegation of Administrative Authority OUs enable delegation of administrative authority in Active Directory. Administrators can assign specific permissions to manage objects within an OU to different user accounts or groups.
- Group Policy Application Group Policy Objects (GPOs) can be linked to OUs, allowing administrators to apply various settings, configurations, and restrictions to all objects within that OU. This helps to enforce consistent security and configuration policies throughout the organization.
- Scopes OUs can span multiple domains within an Active Directory forest. This means you can create OUs that are specific to a single domain or ones that apply to the entire forest.
- Distinguished Names (DNs) Each OU is uniquely identified by its distinguished name (DN), which is a string representation of its position within the Active Directory hierarchy.
- Default OUs When you create a new domain, default OUs are automatically created. For example, in a Windows Server Active Directory environment, the "Users" and "Computers" containers are created by default to hold user and computer objects, respectively.
- Renaming and Moving OUs can be renamed or moved within the domain hierarchy as organizational needs change.
General Organizational Units Reports
The "General Organizational Units" report section comprises information concerning organizational units. It includes details about managed and unmanaged organizational units, with or without members, as well as those containing only users, computers, groups, or contacts. Additionally, this section provides reports on the creation, update, or deletion of OUs within the domain, and other related data. The reports available in this section include:
All Organizational Units Report
The "All Organizational Units" report generates a comprehensive list of all organizational units present within the domain.
Managed Organizational Units Report
The "Managed Organizational Units" report provides a list of organizational units that are being actively managed.
Unmanaged Organizational Units Report
The "Unmanaged Organizational Units" report presents a list of organizational units that do not have assigned managers.
Organizational Units With Members Report
The "Organizational Units With Members" report provides a list of organizational units that contain members.
Organizational Units Without Members Report
The "Organizational Units Without Members" report provides a list of organizational units that have no members associated with them.
Users only Organizational Units Report
The "Users only Organizational Units" report generates a list of organizational units that exclusively contain member users.
Computers only Organizational Units Report
The "Computers only Organizational Units" report generates a list of organizational units that exclusively contain member computers.
Groups only Organizational Units Report
The "Groups only Organizational Units" report generates a list of organizational units that exclusively contain member groups.
Contacts only Organizational Units Report
The "Contacts only Organizational Units" report generates a list of organizational units that exclusively contain member contacts.
Organizational Units Created during last XX days Report
The report titled "Organizational Units Created in the Last XX Days" compiles a list of Organizational Units that have been created within the specified time frame of the past XX days. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Organizational Units Created between specified dates Report
The "Organizational Units Created between Specified Dates" report compiles a comprehensive list of Organizational Units that were created during the period defined by the specified dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Organizational Units Changed during last XX days Report
The report titled "Organizational Units Changed in the Last XX Days" compiles a list of Organizational Units that have been updated within the specified time frame of the past XX days. When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Organizational Units Changed between specified dates Report
The "Organizational Units Changed between Specified Dates" report compiles a comprehensive list of Organizational Units that were updated during the period defined by the specified dates. When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."
Deleted Organizational Units Report
The "Deleted Organizational Units" report provides a list of Organizational Units that have been deleted from Active Directory. When an object is deleted from Active Directory, it is not permanently removed immediately. Instead, it remains recoverable for a designated retention period, typically set to 180 days by default. During this period, it is possible to restore the deleted object.
If the Active Directory Recycle Bin is enabled, the restoration process is straightforward. The object, along with its properties, can be easily recovered using appropriate methods. However, if the AD Recycle Bin is not enabled, the deleted object undergoes a stripping process that removes most of its properties. It is then stored as a tombstone container within Active Directory until the retention period expires.
Deleted Organizational Units during last XX days Report
The "Deleted Organizational Units during the past XX days" report resembles the Deleted Organizational Units Report as it provides information on Organizational Units that have been deleted within a specified number of days.
When selecting this report, a pop-up window will appear displaying the number of days, allowing you to modify it according to your requirements. Alternatively, you can access the dialog box by right-clicking on the report and choosing the option "Change Number of Days."
Deleted Organizational Units between specified dates Report
The "Deleted Organizational Units between specified dates" report resembles the Deleted Organizational Units Report as it provides information on Organizational Units that have been deleted within a specified number of days.
When selecting this report, a pop-up will appear with date fields, allowing you to modify the start and end dates according to your requirements. Alternatively, you can access the date range dialog by right-clicking on the report and selecting "Change Date Range."