Active Directory Containers

SieSie Member Posts: 1,195
in Off-Topic
The two default containers Users and Computers?

Who uses them? What do you use them for?

Do most people create two new OU's for users and computers?

Just a random thought while changing a few things through AD U&C on another machine and the "DsMod command....syntax?" Thread
Foolproof systems don't take into account the ingenuity of fools
· Share on FacebookShare on Twitter

Comments

  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    I have always created OUs for different business locations and put the computers and users for those locations in there. Sometimes, the locations get split into business functions or something like that.

    It's really a personal taste I guess. I think it's easier to manage.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • SieSie Member Posts: 1,195
    I think my main thought was with them being containers and not OU's and the restrictions this creates what advantage do they bring and why did MS include them?

    Thank you for your reply :D
    Foolproof systems don't take into account the ingenuity of fools
    · Share on FacebookShare on Twitter
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Well, they don't want new machines automatically inheriting GPO settings. If the Admin wants this, then do redircmp or redirusr.

    I do the same as blargoe. If you have service accounts or servers, just create a service accounts OU under your users OU and create them there. It allows for better organization than just having a bunch of stuff under your Users or Computers container. And make sure you set descriptions where applicable! Organization and populating fields allows for more options for filtering and finding things.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
    · Share on FacebookShare on Twitter
  • SieSie Member Posts: 1,195
    royal wrote:
    Well, they don't want new machines automatically inheriting GPO settings.

    Good Point icon_exclaim.gif
    Foolproof systems don't take into account the ingenuity of fools
    · Share on FacebookShare on Twitter
  • GoldmemberGoldmember Member Posts: 277
    Sie wrote:
    royal wrote:
    Well, they don't want new machines automatically inheriting GPO settings.

    Good Point icon_exclaim.gif

    Bingo!...that is the main reason.

    New computer account gets created and put into OU with existing GPO without administrator control....not good.

    Of course you could create an OU beforehand and DSadd the computer account to this particular OU instead of letting it default to the container.

    Good luck
    CCNA, A+. MCP(70-270. 70-290), Dell SoftSkills
    · Share on FacebookShare on Twitter
Sign In or Register to comment.