computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...

, an organizational unit (OU) provides a way of classifying objects located in

directories Directory may refer to: * Directory (computing), or folder, a file system structure in which to store computer files * Directory (OpenVMS command) * Directory service, a software application for organizing information about a computer network's ...

, or names in a

digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about th ...

hierarchy A hierarchy (from Greek: , from , 'president of sacred rites') is an arrangement of items (objects, names, values, categories, etc.) that are represented as being "above", "below", or "at the same level as" one another. Hierarchy is an important ...

, typically used either to differentiate between objects with the same name (John Doe in OU "marketing" versus John Doe in OU "customer service"), or to parcel out authority to create and manage objects (for example: to give rights for user-creation to local technicians instead of having to manage all accounts from a single central group). Organizational units most commonly appear in

X.500 X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by the Telecommunication Standardization Sector of the International Telecommunication Union (ITU-T). ITU-T was formerly kno ...

directories, X.509 certificates,

Lightweight Directory Access Protocol The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory serv ...

(LDAP) directories,

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centr ...

(AD), and

Lotus Notes HCL Notes (formerly IBM Notes and Lotus Notes; see Branding below) and HCL Domino (formerly IBM Domino and Lotus Domino) are the client and server, respectively, of a collaborative client-server software platform formerly sold by IBM, now by HCL ...

directories and certificate trees, but they may feature in almost any modern directory or digital certificate

container A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping. Things kept inside of a container are protected on several sides by being inside of its structure. The term ...

grouping system. In most systems, organizational units appear within a top-level organization grouping or organization certificate, called a domain. In many systems one OU can also exist within another OU. When OUs are nested, as one OU contains another OU, this creates a relationship where the contained OU is called the child and the container is called the parent. Thus, OUs are used to create a hierarchy of containers within a domain. Only OUs within the same domain can have relationships. OUs of the same name in different domains are independent.

Specific uses

The name ''organizational unit'' appears to represent a single organization with multiple units (departments) within that organization. However, OUs do not always follow this model. They might represent geographical regions, job-functions, associations with other (external) groups, or the technology used in relation to the objects. Examples would include: * Department (e.g. human resources) within a corporation * Division (e.g.

LifeScan, Inc. LifeScan, Inc., is a diagnostic systems manufacturer with products focusing on the diabetes market, specifically blood glucose monitoring systems. History LifeScan was a Johnson & Johnson (J&J) company. It was acquired by J&J in 1986, and in Jun ...

) that is owned by but separate from a parent corporation (

Johnson & Johnson Johnson & Johnson (J&J) is an American multinational corporation founded in 1886 that develops medical devices, pharmaceuticals, and consumer packaged goods. Its common stock is a component of the Dow Jones Industrial Average and the company i ...

), although this would commonly be placed in a separate domain * Association (e.g. contractors) that is external to the organization. * To identify geographically distinct regions (e.g.

Kansas City The Kansas City metropolitan area is a bi-state metropolitan area anchored by Kansas City, Missouri. Its 14 counties straddle the border between the U.S. states of Missouri (9 counties) and Kansas (5 counties). With and a population of more ...

) the X.521 standard recommends a "locality" entry instead. * Job types or functions (e.g. managers, storage servers) that runs across all divisions of a company should be represented by an "organizational role" entry.

Sun Enterprise Directory Server and Active Directory

Sun Java System Directory Server The Sun Java System Directory Server is a discontinued LDAP directory server and DSML server written in C and originally developed by Sun Microsystems. The Java System Directory Server is a component of the Java Enterprise System. Earlier iterat ...

and

Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...

(AD), an organizational unit (OU) can contain any other unit, including other OUs, users, groups, and computers. Organizational units in separate domains may have identical names but are independent of each other. OUs let an administrator group computers and users so as to apply a common policy to them. Organizational Units give a hierarchical structure, and when properly designed can ease administration.

Origins with X.500, Novell, and Lotus software

Novell Novell, Inc. was an American software and services company headquartered in Provo, Utah, that existed from 1980 until 2014. Its most significant product was the multi- platform network operating system known as Novell NetWare. Under the l ...

and

Lotus Lotus may refer to: Plants *Lotus (plant), various botanical taxa commonly known as lotus, particularly: ** ''Lotus'' (genus), a genus of terrestrial plants in the family Fabaceae **Lotus flower, a symbolically important aquatic Asian plant also ...

supplied the two largest software directory systems. Each of these companies started with flat account and directory structures, and encountered the support and name-conflict limitations inherent in their flat structures. They adopted the

OU concept into their next-generation software around 1993 – Novell with the release of

Novell Directory Services eDirectory is an X.500-compatible directory service software product from NetIQ. Previously owned by Novell, the product has also been known as Novell Directory Services (NDS) and sometimes referred to as ''NetWare Directory Services''. NDS was i ...

(subsequently known as eDirectory), and Lotus with the release of the third version of Lotus Notes. Microsoft allegedly used Novell's directory as a blueprint for the first released versions of AD, but this claim appears suspect, given that X.500 served as the "granddaddy" of all directory systems.

References

{{reflist Computer networking Identity management