Redirecting the default Users and Computers containers

I mentioned earlier that I prefer to not define policies at the domain root level unless they need to apply to everything in the domain, which means applying them at OU level.

The problem is that by default, newly created users or computers are not in an OU but in the default users or computers containers, which are just cosmetic. Whatever is in them is logically still directly in the domain root, and so no policies would apply to them by default.

Therefore it’s a good idea to redirect those containers, so that users end up in an OU for users, and computers in an OU for computers. Windows makes this a trivial action with the redirusr and redircmp commands:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s