January 28, 2020

Best Practices for Google Admin Console OU

Kevin Dorsey, Ed.D.
The Google Admin Console

In the K-12 District Admin world where Google Chromebooks are used in the schools’ one-to-one technology programs, there seems to be two prevailing camps of Google Organizational Unit (OU) management. The first is an organization with Google Cloud Directory sync, and the other is an organization with no Google Cloud Directory sync. Whether the school has it synced or not depends on the size of the organization and if users are being synced from a directory service.

An organization with Google Cloud Directory Sync

For an organization with Google Cloud Directory Sync, l recommend keeping both users and devices in separate OUs. This keeps the sync from your directory clean and allows you to manage your devices and users separately. I have seen two common organization setups for users and devices over the years—one in which devices are placed in sub-OUs as each level and others that just place all devices in a building-specific OU. The choice is entirely up to the Google Suite Administrator.

Both setups have a common organizational OU that all devices and users fall under. The first setup is very common for a small organization, but the devices are separated. For example, all users would sync a user OU with the user sub-OUs underneath. The device OU would mirror the sub-OUs for the users so that devices can be configured separately. Here’s a simple example of this:

The Google Admin Console with the "users" option highlighted
GAC OU - district device

As stated before, some organizations are not as granular with device OUs and many just utilize a master OU for each building—regardless of admins, students, and teachers.

An organization without Google Cloud Directory Sync

If your organization is small and manually handles account creation in the Google Admin Console (GAC), it is common to have a minimal OU structure. Students and devices should be in separate OUs for ease of management and organizations. This way, both your user and device settings can be configured at the parent OU, such as the district, school level, or user type. Below is an example of how this would look:

The Google Admin Console with the "devices" option highlighted. Beneath it, the "Elementary 1" label is highlighted.

Whether your setup is with or without Google Cloud Directory sync, properly organizing your OUs is essential to keeping your life easy as a Google Console Admin. Leave us a comment if you have any questions or suggestions, and feel free to email or tweet me your questions at any time! and @edtech_dorsey.