Very short post on a tip that some may find useful or have forgotten about over the years.
Ever wanted to change the default container that a new user object or computer object is provisioned/created in Active Directory? Creating a new user object or joining a new computer to the domain will result in the object either ending up in default CN=Users,DC=domain,DC=local container or the CN=Computers,DC=domain,DC=local container respectively. Often I find that I want the default location to be an Organisational Unit (OU) where I have already linked some group policy objects and these default locations are not great as they need some manual intervention after each object is created to ensure they end up in the correct OU from a GPO perspective.
Some readers may also be used to Windows Small Business Server (SBS) handling this automation, putting objects into the SBSComputers or SBSUsers paths.
To set this up the steps are really easy; we just use the redirect command on any Windows Domain Controller to perform the action for the whole domain.
- Open the Command Prompt with Administrator elevation on any of your DC’s.
- Change the directory to C:\> cd C:\Windows\System32\
If you are wanting to set the default path for ‘User Objects’ then:
- Run the command C:\> redirusr “OU=<newuserou>,DC=<domainname>,DC=com”
If you are wanting to set the default path for ‘Computer Objects’ then:
- Run the command C:\> redircmp “OU=<newcomputerou>,DC=<domainname>,DC=com”
- Make sure to use the quotation marks as OU paths with spaces will make the command fail if your don’t surround them in quotes first.
- These commands work on domains with Windows 2000 domain-function level or higher.
- If your unsure about an exact OU path, I find the easiest way to copy and paste the correct path is to enable Advanced Mode in Active Directory Users & Computers MMC and then right-click the OU of choice select ‘Properties’ then select the ‘Attributes Editor’ tab. From here you will be able to see the distinguished name property for the OU, double-click this and copy and paste the value to get the full valid path to the selected OU.