Designing the OU structure
In Active Directory, there are different types of objects, such as user accounts, groups, and devices. It is important to manage them effectively. OUs can group objects that have similar administrative and security requirements within the domain. Organizational units are also used to delegate the administration of objects and apply group policies.
OU design changes are less complex compared to domain and forest level structure changes. When you move objects from one OU to another, they will inherit the security settings and group policies that are applied to the destination OU. Moving an object will not move any settings it has at the source OU level.
The domain administrators can delegate permission to users to become OU administrators. OU administrators can manage objects and manage policies within the OU. They can also create child OUs and delegate permissions to another user/users to manage child OU objects. OU administrators will not have control...
