/ˌoʊ-ˈjuː/

n. “A folder for organizing users and computers in Active Directory.”

OU, short for Organizational Unit, is a container within Active Directory used to organize users, groups, computers, and other OUs. It provides a hierarchical structure that helps administrators manage objects efficiently, delegate permissions, and apply GPOs (Group Policy Objects) selectively.

Key characteristics of an OU include:

  • Hierarchical Organization: OUs can contain other OUs, creating a tree-like structure that mirrors the company’s departments, locations, or functional units.
  • Delegation: Administrative rights can be delegated at the OU level, allowing specific teams to manage their own users or computers without giving full domain-level access.
  • Policy Application: GPOs can be linked to OUs to enforce settings for the objects within them.
  • Flexibility: OUs are logical containers; moving an object from one OU to another changes its policy and administrative scope without altering the object itself.

For example, a company might have an OU structure like this:

Company.com
├─ OU=Engineering
│   ├─ OU=Developers
│   └─ OU=QA
├─ OU=HR
└─ OU=IT

In this hierarchy, policies and permissions can be applied specifically to Engineering or HR, and administrators can delegate control over Developers or QA independently.

In essence, an OU is a flexible organizational folder in Active Directory that helps IT teams manage objects, apply policies, and delegate authority efficiently within a large network.

Directory
Structure
Management