The Active Directory “computers” loving story default Container

by dakseven, posted in Active Directory

 

Hi to all

Today we gonna talk about of ou loved container in the active directory called “computers”   and explain what kind of stuff we can do here …

 

WTF is that?  It’s a buil-in container object   wich means that are created when we make the dcpromo command for first time on our domain controller  and  like other objects  in AD we can call “Bult-in objects”  and provides backward for windows nt 4.0 domains ( yeah… today many enterprises still having this working… omg )

Dcpromo command  ->   command used to promote a server to domain controller ,except  4 Windows Server 2012 (deprecated)

Here a view or some bult-in objects

Other examples or built-in objects:

Pre-installed container objects provide backward compatibility with Windows NT. They look and act like organizational units and include:

  • Builtin – Build in local groups.
  • Computers – Computer accounts created using Windows NT. It is a list of workstations
  • Computer – Used to manage particular workstations.
  • Domain Controllers – A list of domain controllers.
  • Foreign Security Principles – Shows trust relationships with other domains.
  • Users – Windows NT users.

 

What Im NOT ABLE TO ?

Delete the container  ( Built-in objects cannot be deleted ) .. Crap 🙂

Apply GPO’S …

AS A GOOD ADMIN ILL…NEVER 

Store a lot of computers on it ( The GPO’S by Default doesn’t apply here and we don’t want it  )

The situation and the solution (I don’t remember to move the objects… same story… again and again and again..)

So.. I need to apply GPO’S a lot of! (security , firewall , antivirus , even i install some programs!!  Im the master of the GPO’S ).. But i don’t move the Machines at the CORRECT OU and my IT technicians .. forgot it

always .. What i can do?

 

Write Powershell Script  that executes someday at … with the cmdlet move-adobject ( poor solution)

OR magic REDIRCMP command

 

THE REDIRCMP.exe SOLUTION 

Oh yeah.. we can take all of the computers  that joins here on our domain  and send to another place (Temporal OU) where we can link all the WORLD GPOS that we gonna need

and in the end it’s really good for us

This solution is called redircmp.exe and it’s included on the Windows Server since 2003 to 2012 R2 (cool)

 

Usage:

redircmp ou=newcomputerou,dc=domainname,dc=com

And in the future the new computers will go to this OU (EASY)

 

Here is the technet doc:

 

http://technet.microsoft.com/en-us/library/cc770619.aspx

 

Thanks and regards to all

Advertisement

Published by dakseven

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.