70-640 Groups vs. OUs

nmarlowenmarlowe Member Posts: 24 ■□□□□□□□□□
According to the MS Press guide, OUs are strictly for organizational purposes, and groups are used to manage groups of users and computers who may share access to resources.

In the TrainSignal video, he talks about using OUs to delegate administrative permissions and manage group policy application.

Can anyone explain the fundamental differences between the two? It seems like either having both if overkil or I am missing the boat. I would think managing group policy application would be through groups (as in group policy).

Not seeing all these two should work together, however I'm sure they do.

Thanks,

Neil

Comments

  • zombie fredzombie fred Member Posts: 9 ■□□□□□□□□□
    Try to think the OU on a more bigger scale. Say your own organization is over different countries and the world and this domain is used on those sites. You have OUs for IT support in specific areas and you would like to delegate some areas of that business to maintain the enviroment in that site for example. IE, OU = Boston, OU=Users, OU=Computers, and you delegate Boston to the usegroup IT support, and in the Bostons' IT department they can manage the information of those OUs and stuff delegated to them.
  • Chev ChelliosChev Chellios Member Posts: 343 ■■■□□□□□□□
    Hi Neil,It is an interesting question that you raise. My understanding (which may be wrong) from reading MS books is that groups are used to manage security access to resources across your network for users and groups whereas OU's are Organizational Units that you apply GPOs to which are more based on user/computer settings (such as whether users can run the 'run' command or such like) rather than what network resources they can access. I've not seen the train signal video so can't really comment on how they present or interpret it though.Craig
  • LunchbocksLunchbocks Member Posts: 319 ■■■■□□□□□□
    nmarlowe wrote: »
    According to the MS Press guide, OUs are strictly for organizational purposes, and groups are used to manage groups of users and computers who may share access to resources.

    In the TrainSignal video, he talks about using OUs to delegate administrative permissions and manage group policy application.

    Thanks,

    Neil

    If the video said that, it is incorrect. An OU is a container used for organizational purposes only. The difference in an OU and a group is that you can apply group policy on an OU, but you cannot apply group policy on a group.

    A group is used for security and distribution by granting/denying permissions and rights to users, computers, and other groups. You can apply security permissions on groups, but not OUs.

    To put it simply, you put a user or computer in a group to control that user's access to resources. You put a user or computer in an OU to control who has administrative authority over that user.

    Hope this helps.
    Degree: Liberty University - B.S Computer Science (In Progress)
    Current Certs: CCENT | MCTS | Network+
    Currently Working On: Security+
    2020 Goals: CCNA, CCNP Security, Linux+


Sign In or Register to comment.