The Active Directory OU structure follows a consistent pattern across all 20 pods:
DC=acs-p01,DC=local
OU=Students
OU=Pod01
OU=Users
OU=Groups
OU=Resources
OU=Policies
OU=Pod02
OU=Users
OU=Groups
OU=Resources
OU=Policies
...
OU=Pod20
OU=Users
OU=Groups
OU=Resources
OU=Policies
Each pod has 4 child OUs plus the pod OU itself = 5 OUs per pod.
| OU | Purpose |
|---|---|
OU=PodXX |
Top-level pod container |
OU=Users,OU=PodXX |
Student user accounts (e.g., P01-Student, P01-Admin) |
OU=Groups,OU=PodXX |
Security groups (e.g., P01-SG-ACS-All-Staff) |
OU=Resources,OU=PodXX |
Computer accounts, shared resources |
OU=Policies,OU=PodXX |
GPO-related objects |
OU=Students (parent)Each pod OU has delegated control granted to the pod's student account. This allows the student to:
Students cannot modify objects in other pods' OUs, even though they can see the full AD tree in ADUC.
| Object | DN |
|---|---|
| Pod01 OU | OU=Pod01,OU=Students,DC=acs-p01,DC=local |
| P01-Student user | CN=P01-Student,OU=Users,OU=Pod01,OU=Students,DC=acs-p01,DC=local |
| P05 staff group | CN=P05-SG-ACS-All-Staff,OU=Groups,OU=Pod05,OU=Students,DC=acs-p01,DC=local |