An organizational unit (OU) is a method used in computer systems administration for grouping and arranging various components of an organization's structure for ease of management. Conceptually, an OU can be viewed as something of a container for sorting out the organization's structure, allowing for changes to be applied to any one tier in the hierarchy. Anything can go into an OU container, including people, groups of people, computer systems, or entire networks.
The use of the organizational unit was first described in a series of standards developed in the late 1980s by the International Telecommunications Union's standardization sector (ITU-T). The standards became known of as X.500 and covered the methods for managing electronic directory services, where information can be stored and organized. The X.511 standard further detailed the directory access protocol (DAP) for working with these directory services. In the early 1990s, Novell® started using this prootcol in its directory services software, and Lotus® also found use for the technique and included OUs in its Lotus® Notes® program around version three. Later, the Internet Engineering Task Force (IETF) developed the lightweight directory access protocol (LDAP) for performing similar functions over an Internet protocol (IP) network.
The way a given organizational unit is set up is via a multi-tiered approach that often mirrors the organization itself. A number of separate OUs may be nested within each other, depending on the structure of the organization. At the uppermost level is what's often referred to as a domain. Separate OUs are then established, which can hold anything from another branch of an organization, such as a parent company's subsidiary, to departments in that subsidiary, and further down into the groups of users in a department and the users themselves.
In many cases, an organizational unit is used for the management of users on the network. Users, as well as user groups, can be arranged into an OU. In this way, the users can be arranged so that changes to the OU will then propagate to every user it contains. If a user or group is moved to another OU, its status and permissions will automatically update. This method of user management is found in a number of enterprise software products, including Microsoft® Active Directory® and IBM® Lotus Mobile Connect®, as well as a myriad of other LDAP software systems.
From its roots in the X.500 series of standards, the organizational unit is also often used in digital security certificate management. In the X.509 standard, the management of security certificate hierarchies is arranged through organizational units. This allows for detailed management of groups of certificates, as well as differentiation between two certificate owners who may have the same name.