User Groups and Organizational Units are two great ways of keeping your Active

Directory organized and controlled.

Last week I showed you how to create user accounts and user templates. So today, I'm
going to show you how to put all of these users into a group.

Why would we want to do that? Well, let's say for example that we have this one shared
folder on our network that we want only our Sales Department to have access to.
Without groups in your Active Directory, you would have to go to each individual Sales
Department user account and give that account access to that shared folder. That can
take quite some time if you have, let's say ... 200 users in your Sales Department.

Instead, what we are going to do is, take all the Sales Department user accounts and
put them in a Sales User Group. Now when I want to give access to all of my Sales
Users to that shared folder, I just give the entire Sales Group access to it and voila! All
Sales Users now have access to our shared folder!

That's just so much easier, isn't it? You can then take the Sales User Group and put it in
a Sales Organizational Unit. An Organizational Unit is really just a folder for
organizational purpose, to keep your Active Directory nice and clean. You can add
different groups, computers and other resources to an Organizational Unit.

Enough talk, let me show you how you can accomplish all of this in your Windows
Server 2008 Active Directory.

Creating an Organizational Unit

1. Start by opening up your Server Manager, then expand the Rolessection.
2. Next expand the Active Directory Domain Services section and click on Active
Directory Users and Computers.
3. At this point you should be able to see your domain. In our example we are using
the Globomantics domain. Go ahead and expand your domain.
4. Now we need to create an Organizational Unit for a group to live in. In our example
we are going to create an OU for our Ops Team.

To create a new Organization Unit, right-click on your domain name, point to

the New option and then select Organizational Unit.
5. Type in the name of your OU and make sure that the box is checked next to Protect
container from accidental deletion. When done, click OK.
6. We now have a new Organizational Unit in our Active Directory called OpsOU.
Creating a New Group
1. After you create an Organizational Unit in your Active Directory, you are ready to
create your first group. Go ahead and select your OU and then right-click in the blank
area.
2. Next, point to New and then select Group.
3. The next step is to name your Group, select the scope and then select the type.

In this example we are going to name our group OpsUSers. We are also going to leave
the default selections for group scope, which is Global, and group type, which is
Security. When you are ready, click OK.
4. Our new group has been created!
Moving Accounts Into a Group
1. In order to move pre-existing accounts into a group, you need to hold down the
Control key and click on all the User or Computer accounts that you want to move into
that group.
2. Then you need to right-click on any one of those accounts and select Add to a
group.
3. Next, you need to type in the group name and let the machine find it.

In our example, I will type in OpsUsers and then click on the Check names button.

Once the name is verified and group name is found, the text will become underlined and
you can click the OK button. Since we know our group exists, we are going to click OK
without verification.
4. Now all of these accounts are part of our OpsUsers group.

Note: Another way of accomplishing this would be to click on an account, hold it, then
drag and drop it into a particular group. Depending on how much you like to use your
mouse and how much time you have this may or may not be your preferred way of
accomplishing this task.

Ready to test your skills in Active Directory? See how they stack up with this
assessment from Smarterer. Start this Active Directory test now.