[ Team LiB ] |
Recipe 8.12 Changing the Default Container for Computers8.12.1 ProblemYou want to change the container that computers are created in by default. 8.12.2 Solution8.12.2.1 Using a graphical user interface
8.12.2.2 Using a command-line interface> redircmp "<NewParentDN>" 8.12.2.3 Using VBScript' This code changes the default computers container. ' ------ SCRIPT CONFIGURATION ------ strNewComputersParent = "<NewComputersParent>" ' e.g. OU=RAllenCorp Computers strDomain = "<DomainDNSName>" ' e.g. rallencorp.com ' ------ END CONFIGURATION --------- Const COMPUTER_WKGUID = "B:32:AA312825768811D1ADED00C04FD8D5CD:" ' ADS_PROPERTY_OPERATION_ENUM Const ADS_PROPERTY_APPEND = 3 Const ADS_PROPERTY_DELETE = 4 set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext")) set objCompWK = GetObject("LDAP://" & _ "<WKGUID=AA312825768811D1ADED00C04FD8D5CD," & _ objRootDSE.Get("defaultNamingContext") & ">") objDomain.PutEx ADS_PROPERTY_DELETE, "wellKnownObjects", _ Array( COMPUTER_WKGUID & objCompWK.Get("distinguishedName")) objDomain.PutEx ADS_PROPERTY_APPEND, "wellKnownObjects", _ Array( COMPUTER_WKGUID & strNewComputersParent & "," & objRootDSE.Get("defaultNamingContext") ) objDomain.SetInfo WScript.Echo "New default Computers container set to " & _ strNewComputersParent 8.12.3 DiscussionMost Active Directory administrators do not use the Computers container within the Domain naming context as their primary computer repository. One reason is that since it is a container and not an OU, you cannot apply a group policy to it. If you have another location where you store computer objects, you might want to consider changing the default container used to bind to the computers container by changing the well-known objects attribute, as shown in this recipe. This could be beneficial if you want to ensure computers cannot sneak into Active Directory without any group policies applied to it. See Recipe 8.11 for more information on how well-known objects are specified in Active Directory. 8.12.4 See AlsoMS KB 324949 (Redirecting the Users and Computers Containers in Windows Server 2003 Domains) |
[ Team LiB ] |