Default containers that are not OUs

Remember when you learned how to identify the OUs inside ADUC by that little extra icon graphic that sits on top of the manila folder? It is important to distinguish between OUs and non-OUs when working with your GPOs, because you are going to be linking GPOs to your OUs, but you will find that you are unable to link GPOs to those non-OU containers. Inside GPMC, you won't even see them.

This point is worth talking about primarily because there are two default, generic containers that exist in any installation of Active Directory called Users and Computers. The Users and Computers containers are not OUs! This is very important to realize because it would make common sense to create new user objects inside that Users folder, and by default, whenever you join a new computer to the domain, guess where the new computer object gets placed inside Active Directory? You guessed it—inside that Computers container. This is a problem because you are not going to have good control over what policies these computers and users can get as long as they reside in these default containers.

All in all, it is common good practice to make sure that you are not using these built-in Users and Computers containers other than as a very temporary resting place for new accounts. As soon as you are able, make sure to move all new user or computer objects out to real OUs for their final locations.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.21.96