Windows Scripting
  Home arrow Windows Scripting arrow Page 4 - Modifying Computer Objects with Active Dir...
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Dedicated Servers 
Actuate Whitepapers 
VeriSign Whitepapers 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SCRIPTING

Modifying Computer Objects with Active Directory
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 3
    2008-01-31

    Table of Contents:
  • Modifying Computer Objects with Active Directory
  • Finding Computers with a Particular OS
  • Binding to the Default Container for Computers
  • Changing the Default Container for Computers
  • Listing All the Computer Accounts in a Domain
  • Identifying a Computer Role

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    Modifying Computer Objects with Active Directory - Changing the Default Container for Computers


    (Page 4 of 6 )

    Problem

    You want to change the container that computers are created in by default.

    Solution

    Using a graphical user interface

    1. Open LDP.

    2. From the menu, select Connection -> Connect.
    3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
    4. For Port, enter 389.
    5. Click OK.
    6. From the menu, select Connection -> Bind.
    7. Enter credentials of a domain user.
    8. Click OK.
    9. From the menu, select Browse -> Modify.
    10. For DN, enter the distinguished name of the domainDNS object of the domain you want to modify.
    11. For Attribute, enterwellKnownObjects.
    12. For Values, enter the following: 

        B:32:AA312825768811D1ADED00C04FD8D5 CD:CN=Computers,<DomainDN >

      where<DomainDN>is the same as the DN you enter for the DN field.
    13. Select Delete for the Operation and click the Enter button.
    14. Go back to the Values field and enter the following: 
        
       B:32:AA312825768811D1ADED00C04FD8D5CD: <NewComputersParent>,
      <DomainDN>

      where <NewComputersParent>is the new parent container for new computer objects (e.g.,ou=RAllenCorp Computers).
    15. Select Add for the Operation and click the Enter button.
    16. Click the Run button.

      The result of the operations will be displayed in the right pane of the main LDP window.

    Using a command-line interface

      > redircmp "<NewParentDN>"

     Using VBScript

      ' This code changes the default computers container.
      ' ------ SCRIPT CONFIGURATION ------
      strNewComputersParent = "<NewComputersParent>" ' e.g. OU=RAllenCorp Computers
      strDomain             = "<DomainDNSName>" ' e.g. rallencorp.com
      ' ------ END CONFIGURATION ----------

      Const COMPUTER_WKGUID = "B:32:AA312825768811D1ADED00C04FD8D5CD:"
      ' ADS_PROPERTY_OPERATION_ENUM
      Const ADS_PROPERTY_APPEND = 3
      Const ADS_PROPERTY_DELETE = 4

      set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
      set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext"))
      set objCompWK = GetObject("LDAP://" & _
     "<WKGUID=AA312825768811D1ADED00C04FD8D5CD," & _
    objRootDSE.Get("defaultNamingContext") & ">")

      objDomain.PutEx ADS_PROPERTY_DELETE, "wellKnownObjects", _
          Array( COMPUTER_WKGUID & objCompWK.Get("distinguishedName"))
      objDomain.PutEx ADS_PROPERTY_APPEND, "wellKnownObjects", _
                        Array( COMPUTER_WKGUID & strNewComputersParent & "," &
       
    objRootDSE.Get("defaultNamingContext") )
      objDomain.SetInfo
      WScript.Echo "New default Computers container set to " & _
                    strNewComputersParent

    Discussion

    Most Active Directory administrators do not use the Computers container within the Domain naming context as their primary computer repository. One reason is that since it is a container and not an OU, you cannot apply Group Policy Objects to it. If you have another location where you store computer objects, you might want to consider changing the default container used to bind to the computers container by changing the well-known objects attribute, as shown in this recipe. This can be beneficial if you want to ensure computers cannot sneak into Active Directory without having the appropriate group policies applied to them. While you can also apply GPOs at the site or the domain level, forcing new computers into a particular Organizational Unit ensures that those computers receive the Group Policy settings that you want them to receive through GPOs linked at the OU level. However, this does not protect you from an administrator (whether intentionally or accidentally) explicitly creating a computer object in the incorrect OU; this only protects you from applications or utilities that do not allow or do not require you to specify an OU when creating the computer.

    See Recipe 8.14 for more information on how well-known objects are specified in Active Directory.

    See Also

    MS KB 324949 (Redirecting the Users and Computers Containers in Windows Server 2003 Domains)

    More Windows Scripting Articles
    More By O'Reilly Media


       · This article is an excerpt from the "Active Directory Cookbook, Second Edition,"...
     

    Buy this book now. This article is excerpted from chapter eight of the Active Directory Cookbook, Second Edition, written by Robbie Allen and Laura E. Hunter (O'Reilly; ISBN: 059610202X). Check it out today at your favorite bookstore. Buy this book now.

    WINDOWS SCRIPTING ARTICLES

    - Generating Outlook Signatures Based on Activ...
    - VBScript: Converting and Formatting with Fun...
    - VBScript: Conversion and Format Functions
    - VBScript: Array Functions
    - VBScript: Strings, You Can`t Function withou...
    - VBScript: More String Functions
    - VBScript: Functioning with Strings
    - Working with the Windows Registry in C++
    - Understanding Objects
    - HTML Applications: Giving WSH a User Interfa...
    - Modifying Computer Objects with Active Direc...
    - Logon Script to Send Email Notifications
    - Securing Computers and Active Directory
    - Moving and Renaming Computers with Active Di...
    - Working with System Processes in WSH





    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway