Offer

News We Recently Launched AD Migrator and AD Reporter.

How to Create an Organizational Unit in Active Directory in 3+ Ways

  author
Written By Mohit Jha
Anuraag Singh
Approved By Anuraag Singh  
Published On October 4th, 2024
Reading Time 6 Minutes Reading

All admins who are currently struggling as they dont know how to create an organizational unit in Active Directory can feel at ease. We have culminated multiple different strategies for OU creation in AD in this write-up. Learn to use the native GUI portals or deploy code-based alternatives. However, before we get to know the methods let’s understand why exactly is OU creation done in an Active Directory.

Reasons to Create and Use Organizational Units in AD

There are primarily two reasons which push for the need for OU creation:

  • OUs allow administrators to delegate permissions at a granular level.
  • OUs help organize and manage resources (users, computers, groups) by department, location, or function.

Now that we know why OU creation is done let us start with the most basic way first.

Use ADUC and Create an Organizational Unit in Active Directory

  • Open the Users and Computer Portal.
  • Right-click on your Domain.
  • In the context menu select New.
  • Then tap on Organizational Unit.
  • Inside the popup add a Name and click OK.

You can get to the same position by going to the Action tab > New > Organizational unit. Or simply by clicking the New OU icon present in the ADUC toolbar. However, do so with caution as it is not easy to move OU’s post creation.

Regarding the setting during OU creation in ADUC, there are not many things that the admin needs to configure. As there is only one other optional option along with the OU name. Which is if admins want to protect OU from accidental deletion. Choose the name carefully otherwise, you will face many issues if you try to find the OU of the user at any time in the future.

By default, it is pre-selected but you can unmark it just remember when you try to delete an OU with no protection you won’t receive any warning.

Like the Users and computer portal there is another GUI-based OU creation portal built in your Active Directory environment. So let’s see what it is and how to use it.

Make OU with the Help of the ADAC Portal

Some admins find it relatively simple, although there is no universal consensus. You can compare the two on your own with these steps for the Admin Center technique.

Launch the portal >Select your Domain > Expand New tab on the Right side pane > Select Organization Unit.

How to Create an Organizational Unit in Active Directory Using ADAC

The Window that appears has more configuration settings available that admins can set up at the time of OU creation itself. With name being the only self-filled mandatory field. The rest of them are either decided in the background via the AD itself or can be safely ignored for the time being.

This allows for a more customized creation at the cost of an increase in setup time.

Those from a technical background can utilize code-based alternatives for faster bulk OU creation. You need not start from scratch as we have laid out some basic scripts and queries to help you out.

PowerShell Script for Automated OU Creation

The following script creates a function that can be used repeatedly to create new OUs.

Open a new instance of PowerShell ISE and paste the following in the Script Pane (White Screen).

# Requires the Active Directory module
# Import if not already loaded
if (!(Get-Module -Name ActiveDirectory)) {
    Import-Module ActiveDirectory
}
function New-CustomOU {
    param(
        [Parameter(Mandatory=$true)]
        [string]$OUName,
        [Parameter(Mandatory=$false)]
        [string]$ParentPath = (Get-ADDomain).DistinguishedName,
        [Parameter(Mandatory=$false)]
        [string]$Description = ""
    )
    try {
        # Check if OU already exists
        $existingOU = Get-ADOrganizationalUnit -Filter "Name -eq '$OUName'" -SearchBase $ParentPath -SearchScope OneLevel -ErrorAction SilentlyContinue
        if ($existingOU) {
            Write-Warning "An OU with the name '$OUName' already exists at the specified location."
            return
        }
       
        # Create the new OU
        New-ADOrganizationalUnit -Name $OUName -Path $ParentPath -Description $Description -ProtectedFromAccidentalDeletion $true
        Write-Host "Successfully created OU: $OUName" -ForegroundColor Green
    }
    catch {
        Write-Error "Failed to create OU: $_"
    }
}
# Example usage:
# New-CustomOU -OUName "TestOU" -Description "Test Organizational Unit"
# New-CustomOU -OUName "HR" -ParentPath "OU=Departments,DC=contoso,DC=com" -Description "Human Resources Department"

Save and run the script.

Then inside the Console Pane (Blue Screen) test out the script.

New-CustomOU -OUName "TestOU" -Description "Test Organizational Unit"

PowerShell to Create a New OU in AD

Sometimes admins may feel PowerShell to be too complex, especially when they have to use PowerShell to get a list of computers in OU. Moreover, they might change something they weren’t supposed to. Not to worry as apart from PowerShell there is one more code-based method that is less intrusive on your AD.

How to Create an Organizational Unit in Active Directory on the Command line

Press Win + R, Type cmd, Click Enter and Paste:

dsadd ou "<Entire Path>"

Press Enter again to run the query.

For eg:

dsadd ou "OU=NewDepartment,DC=contoso,DC=com" -desc "New Department OU"

Use Command lIne to Create an Organizational Unit in Active Directory

This completes all the methods that are available for OU Creation

Best Practices to Follow During New OU Creation in AD

Make sure that the historical OU structure is intact and only build new ones without disturbing the original ones.

Keep a record of OU modification to help with future troubleshooting for that use SysTools Active Directory Reporting solution to verify new OU creations remotely without much effort.

Download Now Purchase Now

Keep OUs under supervision by appointing pseudo-admin roles. This helps to distribute responsibility from the super admin and build a level of escalation systems in case things go wrong.

Follow the predefined naming conventions for new OU’s to avoid confusion. Include business units or locations so that the role and function of the OU are readily apparent.

Don’t over-create OUs. It is important to keep the number of New Organizational Units at a manageable level to avoid confusion.

Ensure that the OU structure remains simple and consistent, if the OUs are too deeply nested than they lose the sense of purpose and end up doing more harm in the long run.

Conclusion

So now admins have all the tools they need and know how to create an organizational unit in Active Directory without any issues. There are a lot of different ways through which one can complete the task, which includes ADUC, ADAC, PowerShell, and command line. Moreover, for tracking whether or not the OU creation was successful admins can use the automated tool.

  author

By Mohit Jha

Mohit is a Microsoft Certified expert known for his cloud migration, cyber security, and digital forensics expertise. He specializes in Microsoft 365, Exchange Server, and Azure AD migration, ensuring seamless transitions for organizations worldwide. His multifaceted role as a meticulous tech writer, diligent researcher, and astute editor underscores his commitment to delivering cutting-edge digital forensics and cloud migration strategies.