Creating an Organizational Unit
To isolate the evaluation environment from other objects in Active Directory, you can create a separate organizational unit for all of the IBM Security-specific objects that are created and managed throughout the evaluation. You must be the Active Directory administrator or have Domain Admins privileges to perform this task.
To create an organizational unit for IBM Security
-
Open Active Directory Users and Computers and select the domain.
-
Right-click and select New > Organizational Unit.
-
Deselect Protect container from accidental deletion.
-
Type the name for the organizational unit, for example, IBM Security, then click OK.
Create Additional Organizational Units
Additional organizational units are not required for an evaluation. In a production environment, however, you might create several additional containers to control ownership and permissions for specific types of IBM Security objects. For example, you might create separate organizational units for UNIX Computers and UNIX Groups.
To illustrate the procedure, the following steps create an organizational unit for the Active Directory groups that will be used in the evaluation to assign user access rights to the IBM Security-managed computers within the top-level organizational unit for IBM Security-specific objects.
To create an organizational unit for evaluation groups
-
In Active Directory Users and Computers, select the top-level organizational unit you created in Creating an organizational unit for IBM Security.
-
Right-click and select New > Organizational Unit.
-
Deselect Protect container from accidental deletion.
-
Type the name for the organizational unit, for example, UNIX Groups, then click OK.
In later exercises, you will use this organizational unit and add other containers to manage additional types of information.