Default Computer Container

Discussion in 'Active Directory' started by John, Jul 12, 2006.

  1. John

    John Guest

    Does anyone know if it is possible to have computers that have just been
    joined to a domain, to be placed within a designated OU other than
    'Computers'?

    I need to lock down computers that have been entered into the domain until
    the respective network admins place them into their proper OUs. Since the
    'Computers' OU does not allow and GPOs to be applied to it, I'm having a hard
    time finding a solution.

    Any suggestions welcome! Thanks!
     
    John, Jul 12, 2006
    #1
    1. Advertisements

  2. on Windows 2003 Server you can use the commandline tool "redircmp" to
    redirect the standardcontainer for new computer objects.
     
    Frank Röder [MVP], Jul 12, 2006
    #2
    1. Advertisements

  3. It is also possible to convert the Computers container into an OU.

    -ds
     
    Dave Shaw [MVP - Directory Services], Jul 12, 2006
    #3
  4. John

    Paul Bergson Guest

    No you can't change an object type.



     
    Paul Bergson, Jul 13, 2006
    #4
  5. It is?

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm

    ============================================================================
    Do not read this worthless blog entry on
    Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
    I'm serious, you will learn absolutely nothing about
    Defending Security Infrastructures.
    ============================================================================
     
    Joe Richards [MVP], Jul 13, 2006
    #5
  6. John

    Paul Bergson Guest

    Unclear on your response.



     
    Paul Bergson, Jul 13, 2006
    #6
  7. John

    kj Guest

    I think we'd all like more details, perhaps a "how to". I know I would.

    Can I convert the cn=Users to an OU=Users too?
     
    kj, Jul 13, 2006
    #7
  8. It was a question. :)

    If this is possible, I am not aware of it. The only objectclass
    conversions that I am aware of that are possible within Active Directory
    that I have been able to chase down in the source is to move between
    inetorgperson and user and vice versa.

    Renaming of the object and creating an OU with the same name I don't
    believe will work because it does nothing to address the points in
    wellKnownObjects. Changing that is the effective change of the various
    redir* utilities so why go through the hassle of renaming, et al instead
    of just using redir*.

    The redir* stuff wasn't supported on 2K nor was modifying the
    wellKnownObjects attribute directly due to, I believe, hard coding in
    portions of the OS that pointed directly at CN=Users,blah. I can only
    say I believe here because I can't think of any explicit details on any
    code that did that but I seem to recall seeing it a few years ago. I
    would have to find it again and look at the criticality of the code to
    determine if that would be a reason for lack of support.

    joe


    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm

    ============================================================================
    Do not read this worthless blog entry on
    Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
    I'm serious, you will learn absolutely nothing about
    Defending Security Infrastructures.
    ============================================================================
     
    Joe Richards [MVP], Jul 14, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.