Add an Organizational Unit to the Directory

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

To keep your Active Directory Lightweight Directory Services (AD LDS) users and groups organized, you may want to place users and groups in organizational units (OUs). In Active Directory Domain Services (AD DS) and in AD LDS, as well as in other Lightweight Directory Access Protocol (LDAP)-based directories, OUs are the most commonly used method for keeping users and groups organized.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.

To add an OU to the directory

  1. Open ADSI Edit.

  2. Connect and bind to the directory partition of the AD LDS instance to which you want to add an OU. For more information, see Use ADSI Edit to Manage an AD LDS Instance.

  3. In the console tree, double-click the directory partition, right-click the container to which you want to add the OU, point to New , and then click Object .

  4. In Select a class , click organizationalUnit , and then click Next .

  5. In Value , type a name for the new OU, and then click Next .

  6. If you want to set values for additional attributes, click More attributes .

  7. After you set all desired attributes for the new OU, click Finish .

Additional considerations

  • To open ADSI Edit, on a computer with the AD LDS server role installed, click Start , click Administrative Tools , and then click ADSI Edit .

  • By default, OUs can be added only under OU (OU=) , country/region (C=) , organization (O=) , or domain-DNS (DC=) object classes. For example, you can add an OU to o=Microsoft,c=US. You cannot add an OU to cn=test,o=Microsoft,c=US. You can, however, update the schema definition of the OU object class to allow other superior object classes.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start , click Administrative Tools , and then click Active Directory Module for Windows PowerShell . For more information, see Add an Organizational Unit to the Directory (https://go.microsoft.com/fwlink/?LinkId=137819). For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkID=102372).

Additional references