Modifying Computer Objects with Active Directory - Binding to the Default Container for Computers

This recipe requires the Windows Server 2003 domain functional level.

Problem

You want to bind to the default container that new computer objects are created in.

Solution

Using a graphical user interface

1. Open LDP.
   
2. From the menu, select Connection -> Connect.
   
3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
   
4. For Port, enter 389.
   
5. Click OK.
   
6. From the menu, select Connection -> Bind.
   
7. Enter credentials of a domain user.
   
8. Click OK.
   
9. From the menu, select View -> Tree.
   
10. For the DN, enter: 
    
     <WKGUID=aa312825768811d1aded00c04fd8d5cd,
    <DomainDN>> 
    
    where <DomainDN> is the distinguished name of a domain .
    
11. Click OK.
    
12. In the lefthand menu, you can now browse the default computers container for the domain.

Using a command-line interface

With tools like netdom, if there is an option to specify only the name of the computer and not its DN or parent container, the computer object will be created in the default Computers container by default. You can use the redircmp utility to change this default location, as we will discuss in Recipe 8.15.

Using VBScript

  ' This code illustrates how to bind to the default computers container.
  ' ------ SCRIPT CONFIGURATION ------
  strDomain = "<DomainDNSName>"  ' e.g. apac.rallencorp.com
  ' ------ END CONFIGURATION ---------

  ' Computer GUID as defined in ntdsapi.h
  Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"

  set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
  set objCompContainer = GetObject("LDAP://<WKGUID=" & _ 
                 ADS_GUID_COMPUTRS_CONTAINER & "," & _
                 objRootDSE.Get("defaultNamingContext") & ">" )
  WScript.Echo objCompContainer.Get("distinguishedName")

Discussion

In much the same way that the TCP/IP protocol defines a list of well-known ports that are commonly used by industry applications (TCP 20 and 21 for FTP, TCP port 80 for HTTP, etc.), Active Directory defines Well-Known GUIDs that map to container objects that are present in every AD installation. The Domain NC defines the following WKGUIDs:

• Users
  
• Computers
  
• System
  
• Domain Controllers
  
• Infrastructure
  
• Deleted Objects
  
• Lost and Found

The Configuration NC also defines its ownDeleted Objects WKGUID.

For example, the default computers container has the following WKGUID:

  aa312825768811d1aded00c04fd8d5cd

You can use the GUID to bind to the default computers container in the domain using the following ADsPath:

 LDAP://<WKGUID=aa312825768811d1aded00c04fd8d5cd, dc=apac,dc=rallencorp,dc=com>

The list of well-known objects for a domain is contained in thewellKnownObjectsattribute of thedomainDNS object for the domain. ThewellKnownObjectsattribute is multivalued with DNWithBinary syntax. The following is an example of what that attribute looks like for the rallencorp.com domain:

  B:32:AA312825768811D1ADED00C04FD8D5CD:CN= Computers,DC=rallencorp,DC=com; 
  B:32:F4BE92A4C777485E878E9421D53087DB:CN= Microsoft,CN=Program
  Data,DC=rallencorp,DC=com; 
  B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN= Program Data,DC=rallencorp,DC=com;
  B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:
  CN=ForeignSecurityPrincipals,DC= rallencorp,DC=com;
  B:32:18E2EA80684F11D2B9AA00C04F79F805:CN= Deleted Objects,DC=rallencorp,DC=com;
  B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN= Infrastructure,DC=rallencorp,DC=com;
  B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN= LostAndFound,DC=rallencorp,DC=com;
  B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN= System,DC=rallencorp,DC=com;
  B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU= Domain Controllers,DC=rallencorp,DC=com;
  B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN= Users,DC=rallencorp,DC=com;

Each value has the format of:

  B:NumberofBytes:GUID:DistinguishedName

As you can see, the GUID for the first value is the same as the one we used in the ADsPath above to bind to the default computers container.

See Also

Recipe 8.15 for changing the default computers container, and MSDN: Binding to Well-Known Objects Using WKGUID

Next: Changing the Default Container for Computers >>
 

More Windows Scripting Articles
More By O'Reilly Media

Comments On: Modifying Computer Objects with Active Directory

· This article is an excerpt from the "Active Directory Cookbook, Second Edition,"...   >>> Post your comment now!

Buy this book...

This article is excerpted from chapter eight of the Active Directory Cookbook, Second Edition, written by Robbie Allen and Laura E. Hunter (O'Reilly; ISBN: 059610202X). Check it out today at your favorite bookstore. Buy this book now.