Have you ever wondered why nearly every Active Directory you have seen has does not use the COMPUTERS and USERS Organizational Unit (folder) for day to day operations?
We had a client that put all 200 of there computers in the COMPUTERS OU in their AD and their staff could not figure out how to assign Group Policies to it. We explained that this is by design because the COMPUTERS “folder” in AD is NOT an Organizational Unit, it is a “Container”.
There are 7 primary CONTAINERS that come default with Active Directory:
If you click VIEW > ADVANCED FEATURES in AD USERS AND COMPUTERS, you will see even more Containers, like NTDS QUOTAS and TPM DEVICES.
These containers are created by default during the installation of Active Directory Domain Services (AD DS) and are not OUs, so you cannot link Group Policy Objects (GPOs) directly to them.
When I took my first Active Directory training at COMDEX Vancouver, in 1999, the Microsoft instructors would get very animated if you called a OU a FOLDER. Personally, after 25 years of working with them, I think MS should have called OU’s folders and containers, containers.
Click on the AD screenshot to the right and notice that CONTAINERS have an icon that looks just like folder in file structure but OU’s have an icon of a folder within a folder.
In Active Directory (AD), containers and Organizational Units (OUs) serve different purposes and have distinct characteristics:
To wrap this up, while containers provide a basic structure for organizing AD objects, OUs offer more advanced features like Group Policy application, security permissions, and administrative delegation, making them more suitable for detailed and flexible management.
This website uses cookies.