Automatic OU Assigning

[Adrian Marsh]

Ok,

So I'm setting up a Active Directory environment, I've got the DC
running and am working on the logon scripts, I've setup several OUs
below the main DC OU, and it occurs to me - when I add machines to the
domain (by way of the client itself and an admin account, not in the MMC
itself), the machine is automatically added to the Computers OU.

How is AD deciding that that PC should - by default - go in that
container?, and can I automate that in any way ? Is it calculated by IP
range or something??? Can I set the "Default" container to be a
different one?


A.

 

[Tomasz Onyszko]

Ok,

So I'm setting up a Active Directory environment, I've got the DC
running and am working on the logon scripts, I've setup several OUs
below the main DC OU, and it occurs to me - when I add machines to the
domain (by way of the client itself and an admin account, not in the MMC
itself), the machine is automatically added to the Computers OU.

How is AD deciding that that PC should - by default - go in that
container?, and can I automate that in any way ? Is it calculated by IP

Yes , You canuse netdom to add it to the specific OU - I do this in this
way and it works fine:
http://www.jsiinc.com/subh/tip3800/rh3818.htm

range or something??? Can I set the "Default" container to be a
different one?

Yes:
http://www.jsiinc.com/SUBP/tip7700/RH7702.htm

 

[Mark Dormer]

The default container out of the box is Computers
It can be changed

Use redircmp.exe for machines
Use redirusr.exe for users

Both are located in the system directory

This is not really automated as every machine/user can still only go into
one place.
However a batch file can change the the default before you add each machine.
etc

If you use WSH you can programmatically add machines and move them.
See
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/default.mspx

Regards
Mark Dormer

 

[Adrian Marsh]

Ok,

So I'm setting up a Active Directory environment, I've got the DC
running and am working on the logon scripts, I've setup several OUs
below the main DC OU, and it occurs to me - when I add machines to the
domain (by way of the client itself and an admin account, not in the MMC
itself), the machine is automatically added to the Computers OU.

How is AD deciding that that PC should - by default - go in that
container?, and can I automate that in any way ? Is it calculated by IP
range or something??? Can I set the "Default" container to be a
different one?


A.

Thanks for that!!!

Final question of the night:

Whats the difference between: Domain Controller Security Policy,
Domain Security Policy, and the Group policies? I understand the
concept behind the Group stuff, but the book I was reading on it all got
me confused on the other two and how they all relate. I suspect that the
Domain Security Policy is the level above "group" policies, and that DC
Security Policy only affects the DC itself (above the rest??)

 

[Tomasz Onyszko]

Adrian Marsh wrote:

t:

Whats the difference between:
Domain Controller Security Policy,

This apply only to DC's

Domain Security Policy,

This one will apply to all objects in the domain

and the Group policies?

GPO is general object, Domain Controller policy an Domain security
policy are GPO's too


GPO is created from GPO template and GPO link, so the settings in the
tmeplate applies to the objects cin the container to which the GPO is
linked.

 

[Adrian Marsh]

Thanks Tomasz,

Do have some questions though (see below)

Adrian Marsh wrote:

t:


This apply only to DC's

Does that mean ONLY the DCs themselves? And does that override the Group
polcies??

This one will apply to all objects in the domain

Whats the difference then between this and the Top-level group policy?

GPO is general object, Domain Controller policy an Domain security
policy are GPO's too

OK - but my definition here is of the Groups Templates applied to the
OUs under the Domain/Containers.