Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: Default containers in AD
Re: Default containers in AD [message #325233] Mon, 23 November 2009 03:24 Go to next message
FthrJACK  is currently offline FthrJACK  United States
Messages: 3
Registered: November 2009
Junior Member
Bit of an old thread but, since this thread ranks on google...


if you redirect where users and computers go by default using redirusr
and redircmp then YES you can rename the default "Users" and "Computers"
containers in Active Directory.


on the DC open command prompt and redirect your folders:


redirusr ou=yournewOUname, dc=yourdomainname, dc=domainsuffix
-(redirusr ou=staff, dc=contosso, dc=local)-

redircmp ou=yournewOUname, dc=yourdomainname, dc=domainsuffix
-(redircmp ou=workstations, dc=contosso, dc=local)-


If you now refresh the Active Directory tree in the MMC, or close and
re-open the MMC, you can right click on the Containers for "Users" and
"Computers" and you will notice the option to rename them is available.

YOU MUST NOT DELETE THESE FOLDERS.

Renaming them is ok though. Hope this helps :)


--
FthrJACK
------------------------------------------------------------ ------------
FthrJACK's Profile: http://forums.techarena.in/members/157359.htm
View this thread: http://forums.techarena.in/active-directory/1060209.htm

http://forums.techarena.in
Re: Default containers in AD [message #325236 is a reply to message #325233] Mon, 23 November 2009 04:27 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello FthrJACK,

Do not change some of the default containers. If for whatever reason your
redirection to another OU doesn't work you can not use the default mechanism.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Bit of an old thread but, since this thread ranks on google...
>
> if you redirect where users and computers go by default using redirusr
> and redircmp then YES you can rename the default "Users" and
> "Computers" containers in Active Directory.
>
> on the DC open command prompt and redirect your folders:
>
> redirusr ou=yournewOUname, dc=yourdomainname, dc=domainsuffix
> -(redirusr ou=staff, dc=contosso, dc=local)-
>
> redircmp ou=yournewOUname, dc=yourdomainname, dc=domainsuffix
> -(redircmp ou=workstations, dc=contosso, dc=local)-
>
> If you now refresh the Active Directory tree in the MMC, or close and
> re-open the MMC, you can right click on the Containers for "Users" and
> "Computers" and you will notice the option to rename them is
> available.
>
> YOU MUST NOT DELETE THESE FOLDERS.
>
> Renaming them is ok though. Hope this helps :)
>
> http://forums.techarena.in
>
Re: Default containers in AD [message #325284 is a reply to message #325236] Mon, 23 November 2009 05:31 Go to previous messageGo to next message
FthrJACK  is currently offline FthrJACK  United States
Messages: 3
Registered: November 2009
Junior Member
According to Technet its fine doing this, they just dont explain how:
http://technet.microsoft.com/en-us/library/cc771655(WS.10).aspx


However, i would only recomend doing it on a new domain setup, incase
you have scripts and such that explicitly point at objects.


--
FthrJACK
------------------------------------------------------------ ------------
FthrJACK's Profile: http://forums.techarena.in/members/157359.htm
View this thread: http://forums.techarena.in/active-directory/1060209.htm

http://forums.techarena.in
Re: Default containers in AD [message #325286 is a reply to message #325284] Mon, 23 November 2009 06:28 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"FthrJACK" <FthrJACK.423vfa@DoNotSpam.com> wrote in message
news:FthrJACK.423vfa@DoNotSpam.com...
>
> According to Technet its fine doing this, they just dont explain how:
> http://technet.microsoft.com/en-us/library/cc771655(WS.10).aspx
>
>
> However, i would only recomend doing it on a new domain setup, incase
> you have scripts and such that explicitly point at objects.
>
> FthrJACK

IMHO, I really don't see the point in renaming it. I can understand
redirection, but renaming it? For aesthetics?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Default containers in AD [message #325290 is a reply to message #325284] Mon, 23 November 2009 06:36 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

FthrJACK wrote:
> According to Technet its fine doing this, they just dont explain how:
> http://technet.microsoft.com/en-us/library/cc771655(WS.10).aspx
>
> However, i would only recomend doing it on a new domain setup, incase
> you have scripts and such that explicitly point at objects.

Yeah - you technically can do that. Microsoft does reference them using
the GUID that don't change on container rename. The question is whether
third party apps break if you rename the built-in folders.

Cheers,
Florian
Re: Default containers in AD [message #325317 is a reply to message #325290] Mon, 23 November 2009 07:12 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Florian Frommherz [MVP]" <florian@frickelsoft.net> wrote in message
news:%231PszHEbKHA.4780@TK2MSFTNGP04.phx.gbl...
> Howdie!
>
> FthrJACK wrote:
>> According to Technet its fine doing this, they just dont explain how:
>> http://technet.microsoft.com/en-us/library/cc771655(WS.10).aspx
>>
>> However, i would only recomend doing it on a new domain setup, incase
>> you have scripts and such that explicitly point at objects.
>
> Yeah - you technically can do that. Microsoft does reference them using
> the GUID that don't change on container rename. The question is whether
> third party apps break if you rename the built-in folders.
>
> Cheers,
> Florian

Good point. Some third party apps may have the default container names hard
coded.

Ace
Re: Default containers in AD [message #325388 is a reply to message #325317] Mon, 23 November 2009 08:15 Go to previous messageGo to next message
FthrJACK  is currently offline FthrJACK  United States
Messages: 3
Registered: November 2009
Junior Member
..in which case the program isnt very well made.... which would lead me
to ask the question "is this thing safe anywhere near my domain??"

:)


not just for aesthetics, i do this myself from time to time, but i
still use the Container. Depending where and what its on it will either
be named "Lost & Found" or i put non DC servers in there, redircmp all
machines to a folder "Workstations" - depends.

users is the one that is usually wanted to move though... oh and its
not just Aesthetics, its less confusing that having "Computers"
"computers2"
"Workstations" "machines" etc - and some right messes ive seen.

which OU/CN is that new machine in you just added via RIS/WDS?

Ah well, each to their own i guess, the guy wanted to know how, and
people where saying its not possible (as is the usual answer if you
google) so i thought id reply with how since this thread does well on
the google ranks.


--
FthrJACK
------------------------------------------------------------ ------------
FthrJACK's Profile: http://forums.techarena.in/members/157359.htm
View this thread: http://forums.techarena.in/active-directory/1060209.htm

http://forums.techarena.in
Re: Default containers in AD [message #325415 is a reply to message #325388] Mon, 23 November 2009 09:07 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"FthrJACK" <FthrJACK.4240zb@DoNotSpam.com> wrote in message
news:FthrJACK.4240zb@DoNotSpam.com...
>
> .in which case the program isnt very well made.... which would lead me
> to ask the question "is this thing safe anywhere near my domain??"
>
> :)
>
>
> not just for aesthetics, i do this myself from time to time, but i
> still use the Container. Depending where and what its on it will either
> be named "Lost & Found" or i put non DC servers in there, redircmp all
> machines to a folder "Workstations" - depends.
>
> users is the one that is usually wanted to move though... oh and its
> not just Aesthetics, its less confusing that having "Computers"
> "computers2"
> "Workstations" "machines" etc - and some right messes ive seen.
>
> which OU/CN is that new machine in you just added via RIS/WDS?
>
> Ah well, each to their own i guess, the guy wanted to know how, and
> people where saying its not possible (as is the usual answer if you
> google) so i thought id reply with how since this thread does well on
> the google ranks.
>
>
> --
> FthrJACK

I wouldn't discount a third party app just because it hard codes something
like this.

I see what you mean about computers, computers2, etc. They that leads me to
believe that you are just creating OUs on the root, which is just how I
interpreted your post.

For example, in my installations, I don't mess with the default containers.
I create a sub-structure OU. For example, this is for a small company:

CompanyName OU
Users
Computers
Workstations
Servers
Laptops
Termed Users
Groups
Contacts
etc

Larger company with locations:

Philly OU
Users
Computers
Workstations
Servers
Laptops
Termed Users
Groups
Contacts
Seattle OU
Users
Computers
Workstations
Servers
Laptops
Termed Users
Groups
Contacts
etc

This way I can control GPO targeting as well as WSUS targeting.

To each their own, I guess. :-)

Ace
Re: Default containers in AD [message #325433 is a reply to message #325284] Mon, 23 November 2009 09:16 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"FthrJACK" <FthrJACK.423vfa@DoNotSpam.com> wrote in message
news:FthrJACK.423vfa@DoNotSpam.com...
>
> According to Technet its fine doing this, they just dont explain how:
> http://technet.microsoft.com/en-us/library/cc771655(WS.10).aspx
>
>
> However, i would only recomend doing it on a new domain setup, incase
> you have scripts and such that explicitly point at objects.
>

As a third party software developer, just about the only container/OU I can
depend on is the "cn=Users" container. If I need to create a service
account, for example to run my SQL Server instance, this is the best
location. During installation if I detect a domain, I create the account
there. I would need to investigate how to handle the situation where this is
renamed. Off hand, the best way I can think of is to use the well-known RID
to find the Administrator user (which is more likely to be renamed), then
find the parent container of that account. I doubt many developers would go
to the trouble.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Default containers in AD [message #325867 is a reply to message #325433] Mon, 23 November 2009 17:33 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:edFqUfFbKHA.3768@TK2MSFTNGP04.phx.gbl...
>
> "FthrJACK" <FthrJACK.423vfa@DoNotSpam.com> wrote in message
> news:FthrJACK.423vfa@DoNotSpam.com...
>>
>> According to Technet its fine doing this, they just dont explain how:
>> http://technet.microsoft.com/en-us/library/cc771655(WS.10).aspx
>>
>>
>> However, i would only recomend doing it on a new domain setup, incase
>> you have scripts and such that explicitly point at objects.
>>
>
> As a third party software developer, just about the only container/OU I
> can depend on is the "cn=Users" container. If I need to create a service
> account, for example to run my SQL Server instance, this is the best
> location. During installation if I detect a domain, I create the account
> there. I would need to investigate how to handle the situation where this
> is renamed. Off hand, the best way I can think of is to use the well-known
> RID to find the Administrator user (which is more likely to be renamed),
> then find the parent container of that account. I doubt many developers
> would go to the trouble.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>


Or worse, if the default Administrator account was moved to an OU somewhere
else in the structure.

Ace
Previous Topic:Sync DC's time with external clock?
Next Topic:Windows 7 doesn't report errors as well as 2003!
Goto Forum:
  


Current Time: Wed Jan 17 05:40:26 MST 2018

Total time taken to generate the page: 0.05645 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software