ORGANISATION UNIT (OU)

                OU is the smallest unit in a domain network that can contain users, computers, groups, shared folders, printers and group policy objects.
In simple words, OU means departments like sales dept., accounts dept. etc in a company.
                  OU can be used to apply different security policies to computers and users in the different departments. OU also helps in dividing administration among different administrators. For example, sales dept. can have a different administrator managing only computers and users of sales dept.

APPLYING GROUP POLICY OR SECURITY USING OU

1. Make some client computers member of the domain.
2. Now go to your DC and open 'Active Directory Users and Computers'.
3. Right-click on domain-name (e.g., sony.com) > new > organization unit.
4. In the Name, type Sales Dept. > O.K.
5. Click on the 'computers' and right-click on the computer names by selecting the computers which are of sales dept. > move > select 'sales dept. > O.K.
6. Click on 'Users' and move some users to the sales dept. OU.
7. Now right-click on the Sales Dept. OU > properties > Group Policy.
8. Click on New and click on Edit.
9. Group Policy Object Editor will open.
10. Edit your policies and close the Editor.
11. Click on Options and select 'no override'.
12. Select 'Block Policy Inheritance'.
13. Click Apply & O.K.
14. Create one more OU named as 'Accounts Dept'.
15. Similarly move computers and users to the Accounts Dept. OU and apply group policy.
16. Finally give the command:
                        Gpupdate
17. Restart your client computers.