Redirecting default computers location in Active Directory
You may wish to apply some group policies to newly joined computer in a domain. By default the only one takes affect, it is “Default Domain” policy. What if you have some GPOs which are installing software on your new computers? Do you need to manually move computer account into that OU to trigger software installation?
NO! You can change default computer accounts location after joining to the domain. You need to use redircmp command and specify new location. After that, all newly joined machines will be redirected into that OU.
Note! Redicmp is by default available on any Windows Server 2008/2008R2 Domain Controller. If you want to use that on Windows Server 2003, you need to first install Support Tools from the first CD.
Command’s syntax is very easy to understand. You need to only know Distinguished Name of an OU to which you want to redirect joined computers. In Active Directory domain, default location for new joined computers is “Computers” container.
If you are not sure what Distinguished Name of an OU is, you can simply use DSQUERY command to determine it.
dsquery ou -name <OU-Name>
i.e: dsquery ou -name “newcomps”
When you know that name, you can run redircmp command
i.e. redircmp “ou=newcomps,ou=installation,dc=testenv,dc=local”
From now, all newly joined computers will be added with that location.
In case that you delegated task of joining computers to domain also to other users than domain administrators, you need to ensure if they have “Write computer objects” permission within that location.
if not, you need to grant access to that group of users by delegating proper permissions over “Delegate control” wizard. Add appropriate group and follow below steps
in case that you also with to allow them removing computers from domain, grant them “Delete selected objects in this folder”
and that’s all!
Author: Krzysztof Pytko