Create Business Unit


Business Units are collections of Active Directory objects, whose membership is based on certain rules. For example, a Business Unit can include users with the word Sales in their Department property and members of the Sales Managers group. Business Units can contain objects located in different Organizational Units, domains and even forests.


Business Units can be organized in folders, which allows you to create a virtual hierarchy of Active Directory objects, and use Business Units instead of Organizational Units for browsing Active Directory.

You can also apply Scheduled Tasks, Business Rules, Security Roles, etc. to Business Unit members. For example, by assigning a Security Role on a Business Unit, you can allow your Help Desk to manage only the user accounts whose Employee ID starts with '1'.

In this tutorial, you will learn how to create a Business Unit and how to assign a Security Role over members of a Business Unit.


  1. Launch Adaxes Administration Console.

    Expand your Adaxes service, right-click Business Units, point to New and click Business Unit.


    Enter a name for the new Business Unit and click Next.

  2. On the Membership Rules page, you need to specify the criteria to include AD objects to the new Business Unit. Click the Add button.

  3. Select whether you want to include specific objects, members of a group, objects located in an OU, or objects that match certain search criteria.



    For example, if you want the Business Unit to include users with the word Sales in their job title, do the following:

    • Select Query Results.
    • Click the Edit button associated with the Filter field.
    • Select User in the Type drop-down list.
    • Type Sales in the Job Title field.


    • Click OK
    • To limit the search to a specific Organizational Unit or domain, select the location from which to start searching in the Look in field.
    • When finished, click OK.

    You can use value references (e.g. %username%, %department%) in membership rules. Value references will be replaced with corresponding property values of the user who is logged in, which means that different users will see different members in the same Business Unit. For details, see Create Dynamic Business Unit.
  4. If necessary, you can exclude objects from the Business Unit. For example, if you don't want the Business Unit to contain members of the Administrators group, you can exclude the group from the Business Unit.

    • Click the Add button.


    • Select Group Members.


    • In the Rule Parameters section, select the group whose members you want to exclude.


    • Check the Exclude specified objects checkbox.


    • Click OK


    Membership rule priority

    Membership rules have an order of priority. If the same object is supposed to be included in the Business Unit by one rule but excluded by another rule, Adaxes uses the priority order to determine what to do with the object.

    Membership rules are always displayed in their priority order, which is:

    • Specific objects – highest priority
    • Group members
    • Objects located in OU or container
    • Query results – lowest priority

    Rules that exclude objects have priority over rules of the same type that include objects.

    For example, imagine a Business Unit with two membership rules – Exclude group members and Include group members:

    The members of the Helpdesk London group will be excluded because the Exclude group members rule has higher priority.

    Here's a different scenario – a Business Unit with the Include group members and Exclude query results rules:

    In this case, every member of the Helpdesk group will be included in the Business Unit, even if they are from the London office, because the Include group members rule has higher priority.

    The priority order of membership rules can't be changed.

    When finished adding membership rules, click Next.

  5. On the Columns page, specify which columns will be visible by default for the Business Unit, configure sorting and grouping options.


    Click Finish.

Delegate Rights on Business Unit Members

You can delegate permissions to users on members of a Business Unit. Perform the following steps to assign a Security Role over a Business Unit:

  1. Expand Configuration \ Security Roles and select the role you want to assign.


  2. Click Add in the Assignments section.

  3. Type the name of the group or user to which you want to assign the role and then click it.


    Click Next.

  4. Select Business Units in the Look in drop-down.

  5. Click the Business Unit.

  6. Click OK and then click Finish.

  7. Click Save changes.

Open tutorial filtering

Got questions?
Support Questions & Answers