Reputation: 1147
Difference between "People" and "Users" OU in Active Directory
In the default Active Directory, there is ou=Users,dc=example,dc=com and, beneath that, ou=People,ou=Users,dc=example,dc=com. What is the distinction between the intended purposes of the two?
It seems like maybe ou=Users would contain service accounts, whereas ou=People is specifically for real people, but I cannot find any documentation of this. For that matter, is there documentation anywhere on the rationale behind this layout?
Upvotes: 2
Views: 4560
Answers (1)
Reputation: 41008
It's entirely up to the administrators of the domain to decide. There is no standard. There is some documentation about how to organize it here: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-ou-design-concepts
This describes the default containers in Active Directory: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-of-default-containers-and-ous
Out of the box, Users is actually a container, not an OU (CN=Users,DC=example,DC=com - notice the CN=). The only difference is that only OUs can have group policies applied to them, but containers cannot.
If yours is actually an OU, that means that someone has already changed that.
To my knowledge (but maybe I'm wrong) there is also no People OU out of the box, so that must have been added by someone.
Upvotes: 2
Related Questions
- How to know if DirectoryEntry is a user or a group?
- User naming convention
- Windows / Active Directory - User / Groups
- Difference between real user and system user accounts
- Active Directory user attributes
- What's the diff between dbo.aspnet_Users and dbo.aspnetUsers?
- What is difference between UserGroup and Group?
- Any way to distinguish between "people user accounts" and "computer user accounts"?
- Reading Active Directory group users in SharePoint
- what is the ou attribute of a user class