Create Business Unit


Business Units are collections of Active Directory objects, whose membership is based on certain rules. For example, a Business Unit can include users with the word Sales in their Department property and members of the Sales Managers group. Business Units can contain objects located in different Organizational Units, domains and even forests.


Business Units can be organized in folders, which allows you to create a virtual hierarchy of Active Directory objects, and use Business Units instead of Organizational Units for browsing Active Directory.

You can also apply Scheduled Tasks, Business Rules, Security Roles, etc. to Business Unit members. For example, by assigning a Security Role on a Business Unit, you can allow your Help Desk to manage only the user accounts whose Employee ID starts with '1'.

In this tutorial, you will learn how to create a Business Unit and how to assign a Security Role over members of a Business Unit.


  1. Launch Adaxes Administration Console.

    Expand your Adaxes service, right-click Business Units, point to New and click Business Unit.


    Enter a name for the new Business Unit and click Next.

  2. On the Membership Rules page, you need to specify the criteria to include AD objects to the new Business Unit. Click the Add button.

  3. Select whether you want to include specific objects, members of a group, objects located in an OU, or objects that match certain search criteria.



    For example, if you want the Business Unit to include users with the word Sales in their job title, do the following:

    • Select Query Results.
    • Click the Edit button associated with the Filter field.
    • Select User in the Type drop-down list.
    • Type Sales in the Job Title field.


    • Click OK
    • To limit the search to a specific Organizational Unit or domain, select the location from which to start searching in the Look in field.
    • When finished, click OK.

    You can use value references (e.g. %username%, %department%) in membership rules. Value references will be replaced with corresponding property values of the user who is logged in, which means that different users will see different members in the same Business Unit. For details, see Create Dynamic Business Unit.
  4. If necessary, you can exclude objects from the Business Unit. For example, if you don't want the Business Unit to contain members of the Administrators group, you can exclude the group from the Business Unit.

    • Click the Add button.


    • Select Group Members.


    • In the Rule Parameters section, select the group whose members you want to exclude.


    • Check the Exclude specified objects checkbox.


    • Click OK


  5. If necessary, add other membership rules. When finished, click Next.
  6. On the Columns page, specify which columns will be visible by default for the Business Unit, configure sorting and grouping options.


    Click Finish.

Delegate Rights on Business Unit Members

You can delegate permissions to users on members of a Business Unit. Perform the following steps to assign a Security Role over a Business Unit:

  1. Expand Configuration \ Security Roles and select the role you want to assign.


  2. Click Add in the Assignments section.

  3. Type the name of the group or user to which you want to assign the role and then click it.


    Click Next.

  4. Select Business Units in the Look in drop-down.

  5. Click the Business Unit.

  6. Click OK and then click Finish.

  7. Click Save changes.

Open tutorial filtering

Got questions?
Support Forum