An organizational unit (OU) is a container object that you use to organize objects within a domain. An OU contains objects, such as user accounts, groups, computers, printers, and other OUs.

OU Hierarchy

You can use OUs to group objects into a logical hierarchy to represent an organization's:

The OU hierarchy within a domain is independent of the OU hierarchy structure of other domains-each domain can implement its own OU hierarchy.

Administrative Control of OUs

You can delegate administrative control over the objects within an OU. To delegate administrative control of an OU, you grant specific permissions for the OU and the objects that it contains to one or more users and groups.

For an OU, you can assign complete administrative control (for example, full control over all objects in the OU) or limited administrative control (for example, the ability to modify e-mail information on user objects in the OU).

OUs and the Single Domain Model

Because an Active Directory domain can contain millions of objects, many companies will be able to convert from a multiple domain model to a single domain model, which simplifies management that must take place at the domain level, such as some security technologies. You can combine domain resources in OUs in an organization that best suits your company's requirements, rather than creating and administering multiple domains. You can easily move objects between OUs within the domain, nest OUs within each other, and create new OUs as the need arises.