Active Directory Containers

The two default containers Users and Computers?

Who uses them? What do you use them for?

Do most people create two new OU's for users and computers?

Just a random thought while changing a few things through AD U&C on another machine and the "DsMod command....syntax?" Thread

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

blargoe

I have always created OUs for different business locations and put the computers and users for those locations in there. Sometimes, the locations get split into business functions or something like that.

It's really a personal taste I guess. I think it's easier to manage.

Sie

I think my main thought was with them being containers and not OU's and the restrictions this creates what advantage do they bring and why did MS include them?

Thank you for your reply

royal

Well, they don't want new machines automatically inheriting GPO settings. If the Admin wants this, then do redircmp or redirusr.

I do the same as blargoe. If you have service accounts or servers, just create a service accounts OU under your users OU and create them there. It allows for better organization than just having a bunch of stuff under your Users or Computers container. And make sure you set descriptions where applicable! Organization and populating fields allows for more options for filtering and finding things.

Sie

royal wrote:

Well, they don't want new machines automatically inheriting GPO settings.

Good Point

Goldmember

Sie wrote:

royal wrote:

Well, they don't want new machines automatically inheriting GPO settings.

Good Point

Bingo!...that is the main reason.

New computer account gets created and put into OU with existing GPO without administrator control....not good.

Of course you could create an OU beforehand and DSadd the computer account to this particular OU instead of letting it default to the container.

Good luck