C. Identity — OrgTree (MOD_*)

OrgPath, dynamic groups, Administrative Units, delegation, migration runbook

C. Identity — OrgTree (MOD_*)

The governance replacement for Active Directory’s x.500 OU tree. OrgPath encodes hierarchy in a user attribute; dynamic groups materialise every subtree; Administrative Units scope delegation; the drift engine enforces.

Full canon lives at src/uiao/modernization/orgtree/. This sub-category is the customer-facing entry point for the 28 MOD_* artifacts.

Leaves

• C.1 OrgPath Codebook (MOD_A)
• C.2 Dynamic Group Library (MOD_B)
• C.3 Attribute Mapping Table (MOD_C)
• C.4 Delegation Matrix — AUs + Roles (MOD_D)
• C.5 Governance Workflow Catalog (MOD_E)
• C.6 Migration Runbook OU→Entra (MOD_F)
• C.7 JSON Schema (MOD_H)
• C.8 PowerShell Validation Module (MOD_I)
• C.9 Execution Substrate Integration (MOD_N)
• C.10 Identity Graph Normalization (MOD_Y)
• C.11 Identity Risk Scoring (MOD_T)

Current pages

• Canon source: modernization/orgtree.qmd
• Codebook: modernization/codebook.qmd
• Dynamic groups: modernization/dynamic-groups.qmd
• Delegation: modernization/delegation.qmd