After the enterprise has made the decisions around the forest and domain components of its Active Directory (AD) deployment, the final topology level that must be addressed is the organizational unit (OU). As with the higher level components of the AD topology, OUs define administrative control. At this level however, the granularity of the control is much finer. Be warned though; administrative control needs fewer OUs than most think.
With OUs, Less Is More
The core mantra with any AD topology is simplicity – deploy only as many components as necessary. In most cases, a single forest and domain will be sufficient and while few enterprises will be able to suffice with a single OU, the remainder will require only very few.