Datasheet
Active Directory for Exchange Server 2007
5
Organizational Units
An organizational unit (OU) is a container in which you can place objects such as user
accounts, groups, computers, printers, applications, file shares, and other organizational
units. You can use organizational units to hold groups of objects, such as users and print-
ers, and you can assign specific permissions to them. An organizational unit cannot contain
objects from other domains, and it is the smallest unit to which you can assign or delegate
administrative authority. Organizational units are provided strictly for administrative pur-
poses and convenience. They are transparent to the end user but can be extremely useful to
an administrator when segmenting users and computers within an organization.
You can use organizational units to create containers within a domain that represents
the hierarchical and logical structures within your organization. This enables you to man-
age how accounts and resources are configured and used.
You can also use organizational units to create departmental or geographical boundar-
ies. In addition, you can use them to delegate administrative authority over particular tasks
to particular users. For instance, you can create an OU for all your printers and then assign
full control over the printers to your printer administrator.
Domains
A domain is a group of computers and other resources that are part of a network and share
a common directory database. A domain is organized in levels and is administered as a
unit with common rules and procedures. All objects and organizational units exist within
a domain. Also, all domains are part of a forest, which is a collection of domains.
You create a domain by installing the first domain controller inside it. In Windows
Server 2008, a domain controller is created first by installing the Active Directory Domain
Services role. Once the role has been installed, you can use the Active Directory Domain
Services Installation Wizard to install Active Directory. To install Active Directory on the
first server on a network, that server must have access to a server running as a Domain
Name System (DNS) server. If it does not, the installation wizard will install and configure
the DNS service for you.
A domain can exist in one of five possible domain functional levels, as outlined in the
following list:
Windows 2000 mixed
ßN
: The default domain functional level for all new domains. It
allows for Windows NT 4.0 backup domain controllers (BDCs), Windows 2000 Server
domain controllers, and Windows Server 2003 domain controllers. Local and global
groups are supported, but universal groups are not. Global catalog servers are supported.
Exchange Server 2007 cannot be installed into a domain with this functional level.
Windows 2000 native
ßN
: The minimum domain functional level at which universal groups
become available, along with several other Active Directory features. It allows for
Windows 2000 Server, Windows Server 2003, and Windows Server 2008 domain
controllers. Exchange Server 2007 can be installed in a domain with this functional
level, but some advanced cross-forest features are not available.