By default new computers are created in the “Computers” OU in AD, however sometimes it would be smart to have them created in another OU.  The not so nice thing about the “Computers” OU is that you can not force GPO settings onto it, thus creating your own OU eg. “Domain Computers” and forcing new computers to be created here will allow you to force GPO settings onto new computers right from the start.

Another option is to change the Sysprep.inf settings to include the OU where the computers will be added, but this will only affect computers added via sysprep.

Example (sysprep.inf lines);
[Identification]
JoinDomain=Corp
MachineObjectOU=”OU=Workstations,OU=GEB,DC=corp,DC=inet”

You could also use the NETDOM command from the Support Tools to add workstations to the domain, the NETDOM command also allow for adding the OU in which to create the computer object, but this has the similar problems as sysprep.inf it will not FORCE every new computer to be added in a specific OU.

Here is how to make the change via the redircmp command;
(from http://support.microsoft.com/kb/324949);

Redirecting CN=Computers to an administrator-specified organizational unit

  1. Log on with Domain Administrator credentials in the domain where the CN=computers container is being redirected.
  2. Transition the domain to the Windows Server 2003 domain in the Active Directory Users and Computers snap-in (Dsa.msc) or in the Domains and Trusts (Domains.msc) snap-in. For more information about increasing the domain functional level, click the following article number to view the article in the Microsoft Knowledge Base:
    322692 (http://support.microsoft.com/kb/322692/ ) How to raise domain and forest functional levels in Windows Server 2003
  3. Create the organizational unit container where you want computers that are created with earlier-version APIs to be located, if the desired organizational unit container does not already exist.
  4. Run the Redircmp.exe file at a command prompt by using the following syntax, where container-dn is the distinguished name of the organizational unit that will become the default location for newly created computer objects that are created by down-level APIs:
    redircmp container-dn container-dn

    Redircmp.exe is installed in the %Systemroot%\System32 folder on Windows Server 2003-based or newer computers. For example, to change the default location for a computer that is created with earlier-version APIs such as Net User to the OU=mycomputers container in the CONTOSO.COM domain, use the following syntax:

    C:\windows\system32>redircmp ou=mycomputers,DC=contoso,dc=com

    Note When Redircmp.exe is run to redirect the CN=Computers container to an organizational unit that is specified by an administrator, the CN=Computers container will no longer be a protected object. This means that the Computers container can now be moved, deleted, or renamed. If you use ADSIEDIT to view attributes on the CN=Computers container, you will see that the systemflags attribute was changed from -1946157056 to 0. This is by design.

1 reply
  1. ipad
    ipad says:

    Excellent post. I used to be checking continuously this blog and I am inspired! Extremely helpful info specially the final phase 🙂 I deal with such info much. I used to be seeking this certain info for a long time. Thanks and best of luck.

Comments are closed.