2.1 DSfW Unit of Administration

An organizational unit (OU) is the fundamental unit of administration in a DSfW environment/directory structure. Administrative powers are commonly allotted at the OU level. Granular delegation can be performed on individual objects or attributes. An OU can contain other objects, including other OUs, which are also referred to as container objects. An OU can be nested to 10 levels to organize the directory and allow the creation of subdomains.For efficient directory access, you can limit nesting to three or four levels. The OUs should be arranged to facilitate group policy application and administrative delegation. The Organizational Unit object usually represents a department, which holds a set of objects that commonly need access to each other.

A typical example is a set of users, along with the printers, volumes, and applications that those users need. At the highest level of Organizational Unit objects, each Organizational Unit can represent each site (separated by WAN links) in the network.

An OU forms an administrative boundary, and a tree forms the true security boundary.

For more information on the eDirectory structure, see Understanding NetIQ eDirectory in the NetIQ eDirectory Administration Guide.