Redirecting AD objects to another OU

Overdash

Hello,

I am labing up for the MCTS:AD and am having a rough time with redirecting objects to OU's I created.

I am trying to do both the Computers and Users objects but the cmd prompt keeps coming back with the proper usage of redircmp/redirusr. I must be doing it wrong, I have checked that I am logged in as admin, and tried different ways but still nothing. I am using Server 2008 R2 domain functional level.


redircmp ou=<Lab Computers>,dc=<example>,dc=com


Here is what I have read so far:


Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (Local and Domain Default Groups).
[h=4]To redirect the CN=Users container[/h]

• Use the Active Directory Users and Computers snap-in to create an OU container to which you will redirect user objects that were created with earlier versions of UI and command-line management tools:
  
  • To open the Active Directory Users and Computers snap-in, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
  • In the console tree, right-click the domain name.
  • Point to New, and then click Organizational Unit.
  • Type the name of the OU.
• At the command line, change to the System32 folder by typing:
  cd %systemroot%\system32
• Type the following, where <newuserou> is the name of the new user OU, and <domainname> is the name of the domain:
  redirusr ou=<newuserou>,DC=<domainname>,dc=com

[h=4]To redirect the CN=Computers container[/h]

• Use the Active Directory Users and Computers snap-in to create an OU container to which you will redirect computer objects that were created with earlier versions of UI and command-line management tools.
  
  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
  • In the console tree, right-click the domain name.
  • Point to New, and then click Organizational Unit.
  • Type the name of the OU.
• At the command line, change to the System32 folder by typing:
  cd %systemroot%\system32
• Type the following, where <newcomputerou> is the name of the new computer OU, and <domainname> is the name of the domain:
  redircmp ou=<newcomputerou>,DC=<domainname>,dc=com
  

Thanks,

Everyone

Take the brackets out of the DN.


redircmp OU=Lab Computers,DC=yourdomain,dc=com

Also if your AD domain isn't .com don't use dc=com use whatever is. A lot of people use .dev for test environments, or .local for internal domains... so dc=dev or dc=local just make it match.

I can't remember, but you may also need to encase the DN in quotation marks... been a long time since I've had to do this.

Overdash

Thanks for the syntax help!

Now that got me a different error message but the syntax is right so I'm happy!

it was with redircmp OU="Lab Computers",DC=example,dc=com

Error, unable to modify the WellKnownObjects attribute. Verify that the domain funtional level is...(it is)... :No such Object, Redirection was not successful.

Maybe it can't find the OU?

Thanks Josh!

Everyone

Yes that means it can't find the OU you specified. See: Redirecting the users and computers containers in Active Directory domains (yes that article is for 2003, but it's essentially the same)

Is your "Lab Computers" OU at the root of the domain? If it's under any other OUs, your DN is incorrect.

Example:
ntds://example.com/Building 1/Lab Computers = OU="Lab Computers",OU="Building 1",DC=example,dc=com

Keep in mind if the OU was created inside one of the built-in containers, like "Computers" that is a CN and not a OU...

OU="Lab Comptuers",CN=Computers,DC=example,DC=com

Overdash

Success!

Thanks, you are a big help! +REP