Lesson 1 Review
1. What are the three reasons for defining an OU?
The three reasons for defining an OU are to delegate administration, to administer Group Policy, or to hide objects.
2. What is "delegating administration"?
Delegating administration is the assignment of IT management responsibility for a portion of the namespace, such as an OU, to an administrator, a user, or a group of administrators or users.
3. What is the purpose of creating an OU to hide objects?
Although a user might not have the permission to read an object's attributes, the user can still see that the object exists by viewing the contents of the object's parent container. You can hide objects in a domain by creating an OU for the objects and limiting the set of users who have the List Contents permission for that OU.
4. Can you assign access permissions based on a user's membership in an OU? Why
or why not?
No, you cannot assign access permissions based on a user's membership in an OU. OUs are not security principals. Access control is the responsibility of global, domain local, or universal groups.
5. Which of the following is the primary reason for defining an OU?
a. To delegate administration
b. To hide objects
c. To administer Group Policy
d. To define the domain structure
The correct answer is a. Although hiding objects and administering Group Policy are reasons for defining an OU, they are not the primary reason. You do not define an OU to define the domain structure.
