In Delegated Administration Console, you can use organizational units to organize objects within organizations. An organizational unit is a Microsoft Active Directory container for user accounts, groups, and other organizational units. The administration of an organizational unit and the objects it contains can be delegated to an individual administrator or to a group of administrators.
There are four types of organizational units in Delegated Administration Console. They are as follows:
Hosting organizational unit
This is the top-level container for managing organizations in Delegated Administration Console. It contains information about a service provider organization, such as its user accounts and groups. It also contains all of the reseller organizational units managed by a service provider. The hosting organizational unit is created automatically in Active Directory when you install Delegated Administration Console. By default, the service provider administrator has full administrative control of the hosting organizational unit and all of the organizational units it contains.
Note
This is a container for information about a reseller organization, such as user accounts, groups, and provisioned services. It also contains organizational units for customer organizations that the reseller serves. Reseller organizational units always reside in the hosting organizational unit. By default, the reseller administrator has full administrative control of the reseller organizational unit and all of the organizational units it contains.
Customer organizational unit
This is a container for information about a customer organization, such as user accounts, groups, and provisioned services. It can also contain generic organizational units for organizing information with greater specificity. Customer organizational units always reside within a reseller organizational unit. By default, the customer's organization administrator has full administrative control of the customer organizational unit and all of the generic organizational units it contains.
Generic organizational unit
You can create a generic organizational unit within any other organizational unit to organize information and delegate administration with greater control.
The hierarchy of organizational units in Delegated Administration Console (and Active Directory) is as follows:
Service Provider Domain
You can create a generic organizational unit within any other organizational unit, so generic organizational units can appear at any level in the hierarchy.
For conceptual information about creating organizational units, see Creating organizational units.
For specific procedures on setting up reseller and customer organizational units, see To set up a new reseller organization and To set up a new customer organization. For instructions on deleting reseller and customer organizational units, see To delete a reseller or customer organization. For complete organization administration procedures, see Delegated Administration Console Help.
For more information about the default Delegated Administration Console administrator and security groups, see Understanding roles and privileges.
For more information about how Active Directory and Microsoft Provisioning System work together, see Active Directory implementation architecture. For general information about organizational units and Active Directory, see the Microsoft Windows 2000 Server product documentation at the Microsoft Web site(http://www.microsoft.com/).