Hi to all
Today we gonna talk about of ou loved container in the active directory called “computers” and explain what kind of stuff we can do here …
WTF is that? It’s a buil-in container object wich means that are created when we make the dcpromo command for first time on our domain controller and like other objects in AD we can call “Bult-in objects” and provides backward for windows nt 4.0 domains ( yeah… today many enterprises still having this working… omg )
Dcpromo command -> command used to promote a server to domain controller ,except 4 Windows Server 2012 (deprecated)
Here a view or some bult-in objects
Other examples or built-in objects:
Pre-installed container objects provide backward compatibility with Windows NT. They look and act like organizational units and include:
- Builtin – Build in local groups.
- Computers – Computer accounts created using Windows NT. It is a list of workstations
- Computer – Used to manage particular workstations.
- Domain Controllers – A list of domain controllers.
- Foreign Security Principles – Shows trust relationships with other domains.
- Users – Windows NT users.
What Im NOT ABLE TO ?
Delete the container ( Built-in objects cannot be deleted ) .. Crap 🙂
Apply GPO’S …
AS A GOOD ADMIN ILL…NEVER
Store a lot of computers on it ( The GPO’S by Default doesn’t apply here and we don’t want it )
The situation and the solution (I don’t remember to move the objects… same story… again and again and again..)
So.. I need to apply GPO’S a lot of! (security , firewall , antivirus , even i install some programs!! Im the master of the GPO’S ).. But i don’t move the Machines at the CORRECT OU and my IT technicians .. forgot it
always .. What i can do?
Write Powershell Script that executes someday at … with the cmdlet move-adobject ( poor solution)
OR magic REDIRCMP command
THE REDIRCMP.exe SOLUTION
Oh yeah.. we can take all of the computers that joins here on our domain and send to another place (Temporal OU) where we can link all the WORLD GPOS that we gonna need
and in the end it’s really good for us
This solution is called redircmp.exe and it’s included on the Windows Server since 2003 to 2012 R2 (cool)
And in the future the new computers will go to this OU (EASY)
Here is the technet doc:
Thanks and regards to all