Windows Server 2019 - Active Directory Setup
Organization Units
The main task for Active Directory is to group Objects (users, groups, contacts, computers, printers, shared folders, etc.) with Attributes (name, email address, phone number, etc.) into Organization Units (OU) and to manage access rights for each object.
- Organization Unit
- Sub-OU
- Group
- Objects (e.g. Users)
- Group
- Sub-OU
User Account Management
We can now start to map our company structure in units, sub-units and groups inside our active directory:
Every time you create a OU you have the option to Protect it from accindential deletion. If it so happens that you made a mistake and this option was checked, you have to use Powershell to remove that protection before deleting it. In the example below I added a OU instead of a group. To delete it I had to run the following commands:
Get-ADOrganizationalUnit -Identity 'OU=Cloud,OU=INSTAR_Shenzhen,OU=INSTAR,DC=instar,DC=local' | Set-ADObject -ProtectedFromAccidentalDeletion:$false -PassThru | Remove-ADOrganizationalUnit -Confirm:$false
Finish the hirachy by adding groups and users to map structures e.g. based on offices, projects, etc.