How can I retrieve the default user/computer OU?

I'm currently looking into redirecting the default user and computer OU on a domain.

To my understanding, this can easily be achieved using redirusr and reditcmp. However, how can I retrieve the current state?

Solution 1:

From PowerShell with the ActiveDirectory extensions loaded, run this command:

(get-adobject -filter 'ObjectClass -eq "domain"' -Properties wellKnownObjects).wellKnownObjects

Then, using the list in kb324949, you can see what the values have been changed to.

Solution 2:

Another way to retrieve that information in PowerShell is using the .Net DirectorySearcher class or as shown below PowerShell's [ADSISearcher] type accelerator. Although it's more typing and a bit harder to read, this method comes in handy if the Active Directory Web Services can't be guaranteed to be available. It's a bit less "PowerShell", but illustrates some useful PoSH/ADSI/LDAP syntax.

BTW, I'm not knocking longneck's answer, just point out an alternate way, tmtowtdi!

$a = [adsisearcher]'(&(objectclass=domain))'
$a.SearchScope = 'base'
$a.FindOne().properties.wellknownobjects | ForEach-Object {
    if ($_ -match '^B:32:A9D1CA15768811D1ADED00C04FD8D5CD:(.*)$')
    {
        'Users: {0}' -f $matches[1]
    }
    elseif ($_ -match '^B:32:AA312825768811D1ADED00C04FD8D5CD:(.*)$')
    {
        'Computers: {0}' -f $matches[1]
    }
}

Solution 3:

This is pretty low-tech, but you can create a user remotely using net user testUser /add /domain and query AD to find out where it was created.

You can do the same for a test computer by joining it to the domain and searching for that the same way you did the user.

There's probably some PowerShell voodoo you can do to look at container attributes, also - so I wouldn't be surprised if you get a better answer than this.