Manage Organizational Units

Learn On Demand
Learn On Demand Pro Series

The Manage Organizational Units, an IT Pro Challenges hands-on virtual lab, introduces learners to skills creating, managing, and deleting organizational units (OUs) through the Active Directory user interface and PowerShell. System and Windows Server Administrators, among other IT professionals, gain essential knowledge on how to use OUs.

Time
1 hour
Difficulty
Beginner
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

This one-hour virtual lab guides learners in working with organizational units through Microsoft’s Active Directory User Interface, a GUI, and PowerShell, a scripting tool. Upon starting this lab, learners use a Windows Server 2016 domain controller with software to run the Active Directory Domain Services (AD DS) environment. Participants get hands-on experience in initiating several Organizational Units (OUs), assigning users to specific OU groups, deleting OUs, and modifying delegation tasks within the user groups.

Helpful hints and knowledge bytes prompt the learner towards completing the exercises and checking his or her knowledge. Links to Microsoft documentation provides additional depth towards understanding OUs concepts.

OUs allow IT to delegate everyday tasks, like granting users access to create and save documents, resetting passwords, or adding users from the group, to a person or a department responsible for that task. As a result, IT resources free-up for fixes and enhancements. The assigned delegate/s, by IT, control only their group resources, and IT can step in and troubleshoot as needed. Also, IT controls who has what type of administrative privileges for his or her group.

UNDERSTANDING THE SCENARIO

Create an OU Structure by Using Active Directory Users and Computers:

Learners set-up several organizational units, through Active Directory Users and Computers, and learn standards and strategies to plan and implement an OU structure. The Lab Guide describes a default Windows 2016 setting to prevent accidental deletion of an OU and how to change this setting. Also, learners receive recommendations on documenting and implementing OU design for a business.

Manage an OU Structure by Using Active Directory Users and Computers:

In this exercise, users move corporate users to assigned OUs in addition to configuring permissions using the Delegation Control Wizard. The section spells out the settings needed to allow administrators or others to move users between OUs. Furthermore, the lab participant gets an overview as to what types of permissions can be assigned to streamline daily IT tasks. The learner can access further details, from the lab, by linking to the Delegating Administration by Using OU Objects documentation.

Create OUs by using Windows PowerShell:

Learners, who run this virtual lab portion, get scripting hints and knowledge about PowerShell cmdlets to create OUs and verify the resulting groups. The instructions contain links to documentation about each cmdlet used, e.g., ‘New-ADOrganizationalUnit.’ From the link, learners receive information about how to form each cmdlet, what each cmdlet does, examples using the command and parameters to string with the cmdlet. Learning how to use this valuable reference gives users a troubleshooting technique when writing their automated code.

Manage OUs by using Windows PowerShell:

Like in the Create OU’s by Using Windows PowerShell, this lab portion introduces cmdlets used to manage ous and links to more details, a reference guide for future scripting. Lab instructions further explain standard practices with the cmdlet. For example, the Rename-ADObject cmdlet acts upon a Lightweight Directory Access Protocol (LDAP) entity. Also, to delete an OU, the parameter -ProtectedFromAccidentalDeletion must be set to $False.

Summary:

At the end of this hands-on virtual lab challenge, participants become familiar and skilled in creating and managing organizational units (OUs). Users also gain two different approaches in their toolset: using Active Directory Users and Computers and scripting in Windows PowerShell.

Those that want to extend their knowledge about Active Directory users and groups may wish to consider other virtual labs.

    • GUIDED CHALLENGE: Manage Active Directory Groups
    • GUIDED CHALLENGE: Manage Active Directory Users
    • ADVANCED CHALLENGE: Can You Create and Manage Active Directory Users and Groups?