Active Directory: Gotchas of changing the default computer container

active-directory

We are changing the container that AD uses for computers (by default, cn=Computers) by using:

redircmp container-dn container-dn

Has anyone done this in the past and experienced any gotchas that we should be aware of? Much obliged for the advice, tips and/or forewarnings.


Solution 1:

Microsoft have a KB Article on the subject which contains some good information.

Call me naive if you like, but if you don't mind me asking - why are you doing this? Is it really that much of a problem to move new user/computer objects manually to their desired OU? It's only a one off process when a new person starts or a new computer is joined to the domain.

Solution 2:

We've done it. We made the Computers context an OU instead of a CN, which allowed us to hang GPOs on it. Soon we will be moving it again and calling it 'unclaimed'. Our techs are supposed to pre-create objects before importing, but they don't always do it. Putting the not-pre-created computers into an OU named 'unclaimed' makes it pretty clear who is responsible for what computers... no one.

The one problem you'll run into is older software that assumes the presence of 'cn=computers' in your tree as the default location for stuff. This is happily becoming increasingly rare.

Related

How to create a RAM Drive (RAM Disk) in Windows 2008 R2?
Have Nagios execute a command when it detects a down host
Upstart vs Supervisord to manage WSGI processes
Mirrored servers in data centers nationwide -- how?
Logging to a file, prepending a timestamp to each line (Debian)
CentOS - skip "Checking root filesystem"
VMware ESXi display guest screen instead of console
free disk vs available disk
Tool to check DNS records from multiple nameservers? [closed]
What could prevent one Amazon EC2 instance from pinging another instance's Private IP?
Windows copy command process info
Apache Error Log Analyzer -- Which is Best? [closed]