Difference between “People” and “Users” OU in Active Directory
In the default Active Directory, there is ou=Users,dc=example,dc=com
and, beneath that, ou=People,ou=Users,dc=example,dc=com
. What is the distinction between the intended purposes of the two?
It seems like maybe ou=Users
would contain service accounts, whereas ou=People
is specifically for real people, but I cannot find any documentation of this. For that matter, is there documentation anywhere on the rationale behind this layout?
active-directory
add a comment |
In the default Active Directory, there is ou=Users,dc=example,dc=com
and, beneath that, ou=People,ou=Users,dc=example,dc=com
. What is the distinction between the intended purposes of the two?
It seems like maybe ou=Users
would contain service accounts, whereas ou=People
is specifically for real people, but I cannot find any documentation of this. For that matter, is there documentation anywhere on the rationale behind this layout?
active-directory
1
People who aren't users can, for example, be contacts, whose contact details (email address etc) are stored in AD. People could be members of a distribution group in AD, but obviously not of a security group.
– Joe
Nov 24 '18 at 16:18
add a comment |
In the default Active Directory, there is ou=Users,dc=example,dc=com
and, beneath that, ou=People,ou=Users,dc=example,dc=com
. What is the distinction between the intended purposes of the two?
It seems like maybe ou=Users
would contain service accounts, whereas ou=People
is specifically for real people, but I cannot find any documentation of this. For that matter, is there documentation anywhere on the rationale behind this layout?
active-directory
In the default Active Directory, there is ou=Users,dc=example,dc=com
and, beneath that, ou=People,ou=Users,dc=example,dc=com
. What is the distinction between the intended purposes of the two?
It seems like maybe ou=Users
would contain service accounts, whereas ou=People
is specifically for real people, but I cannot find any documentation of this. For that matter, is there documentation anywhere on the rationale behind this layout?
active-directory
active-directory
asked Nov 24 '18 at 15:48
Jonathan WilburJonathan Wilbur
1388
1388
1
People who aren't users can, for example, be contacts, whose contact details (email address etc) are stored in AD. People could be members of a distribution group in AD, but obviously not of a security group.
– Joe
Nov 24 '18 at 16:18
add a comment |
1
People who aren't users can, for example, be contacts, whose contact details (email address etc) are stored in AD. People could be members of a distribution group in AD, but obviously not of a security group.
– Joe
Nov 24 '18 at 16:18
1
1
People who aren't users can, for example, be contacts, whose contact details (email address etc) are stored in AD. People could be members of a distribution group in AD, but obviously not of a security group.
– Joe
Nov 24 '18 at 16:18
People who aren't users can, for example, be contacts, whose contact details (email address etc) are stored in AD. People could be members of a distribution group in AD, but obviously not of a security group.
– Joe
Nov 24 '18 at 16:18
add a comment |
1 Answer
1
active
oldest
votes
It's entirely up to the administrators of the domain to decide. There is no standard. There is some documentation about how to organize it here: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-ou-design-concepts
This describes the default containers in Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-default-containers-and-ous
Out of the box, Users
is actually a container, not an OU (CN=Users,DC=example,DC=com
- notice the CN=
). The only difference is that only OUs can have group policies applied to them, but containers cannot.
If yours is actually an OU, that means that someone has already changed that.
To my knowledge (but maybe I'm wrong) there is also no People
OU out of the box, so that must have been added by someone.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53459810%2fdifference-between-people-and-users-ou-in-active-directory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
It's entirely up to the administrators of the domain to decide. There is no standard. There is some documentation about how to organize it here: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-ou-design-concepts
This describes the default containers in Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-default-containers-and-ous
Out of the box, Users
is actually a container, not an OU (CN=Users,DC=example,DC=com
- notice the CN=
). The only difference is that only OUs can have group policies applied to them, but containers cannot.
If yours is actually an OU, that means that someone has already changed that.
To my knowledge (but maybe I'm wrong) there is also no People
OU out of the box, so that must have been added by someone.
add a comment |
It's entirely up to the administrators of the domain to decide. There is no standard. There is some documentation about how to organize it here: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-ou-design-concepts
This describes the default containers in Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-default-containers-and-ous
Out of the box, Users
is actually a container, not an OU (CN=Users,DC=example,DC=com
- notice the CN=
). The only difference is that only OUs can have group policies applied to them, but containers cannot.
If yours is actually an OU, that means that someone has already changed that.
To my knowledge (but maybe I'm wrong) there is also no People
OU out of the box, so that must have been added by someone.
add a comment |
It's entirely up to the administrators of the domain to decide. There is no standard. There is some documentation about how to organize it here: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-ou-design-concepts
This describes the default containers in Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-default-containers-and-ous
Out of the box, Users
is actually a container, not an OU (CN=Users,DC=example,DC=com
- notice the CN=
). The only difference is that only OUs can have group policies applied to them, but containers cannot.
If yours is actually an OU, that means that someone has already changed that.
To my knowledge (but maybe I'm wrong) there is also no People
OU out of the box, so that must have been added by someone.
It's entirely up to the administrators of the domain to decide. There is no standard. There is some documentation about how to organize it here: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-ou-design-concepts
This describes the default containers in Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-default-containers-and-ous
Out of the box, Users
is actually a container, not an OU (CN=Users,DC=example,DC=com
- notice the CN=
). The only difference is that only OUs can have group policies applied to them, but containers cannot.
If yours is actually an OU, that means that someone has already changed that.
To my knowledge (but maybe I'm wrong) there is also no People
OU out of the box, so that must have been added by someone.
edited Nov 24 '18 at 20:32
answered Nov 24 '18 at 18:09
Gabriel LuciGabriel Luci
10.5k11424
10.5k11424
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53459810%2fdifference-between-people-and-users-ou-in-active-directory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
People who aren't users can, for example, be contacts, whose contact details (email address etc) are stored in AD. People could be members of a distribution group in AD, but obviously not of a security group.
– Joe
Nov 24 '18 at 16:18