Redirecting default computers location in Active Directory


You may wish to apply some group policies to newly joined computer in a domain. By default the only one takes affect, it is “Default Domain” policy. What if you have some GPOs which are installing software on your new computers? Do you need to manually move computer account into that OU to trigger software installation?

NO! You can change default computer accounts location after joining to the domain. You need to use redircmp command and specify new location. After that, all newly joined machines will be redirected into that OU.

Note! Redicmp is by default available on any Windows Server 2008/2008R2 Domain Controller. If you want to use that on Windows Server 2003, you need to first install Support Tools from the first CD.

Command’s syntax is very easy to understand. You need to only know Distinguished Name of an OU to which you want to redirect joined computers. In Active Directory domain, default location for new joined computers is “Computers” container.

Default computer accounts location in AD

If you are not sure what Distinguished Name of an OU is, you can simply use DSQUERY command to determine it.

dsquery ou -name <OU-Name>

i.e: dsquery ou -name “newcomps”

Getting distinguished name of an OU

When you know that name, you can run redircmp command

redircmp DistinguishedName

i.e. redircmp “ou=newcomps,ou=installation,dc=testenv,dc=local”

Redirecting computers location

From now, all newly joined computers will be added with that location.

New computer accounts location

In case that you delegated task of joining computers to domain also to other users than domain administrators, you need to ensure if they have “Write computer objects” permission within that location.

Checking delegated permissions

if not, you need to grant access to that group of users by delegating proper permissions over “Delegate control” wizard. Add appropriate group and follow below steps

Delegating rights

Delegating rights

in case that you also with to allow them removing computers from domain, grant them “Delete selected objects in this folder”

Delegating rights

Delegating rights

and that’s all!

Author: Krzysztof Pytko


2 responses to “Redirecting default computers location in Active Directory”

  1. terrace Garden Designs says :

    Nice post. I was checking continuously this weblog and I’m inspired! Extremely helpful info specially the final phase 🙂 I take care of such info a whole lot. I became searching for this certain information with a very long time. Many thanks and all the best ..


Leave a Reply

Your email address will not be published. Required fields are marked *