Changing the Default Container for Computers
You want to change the container that computers are created in by default.
Using a graphical user interface
Using a command-line interface
> redircmp "<NewParentDN>"
' This code changes the default computers container. ' ------ SCRIPT CONFIGURATION ------ strNewComputersParent = "<NewComputersParent>" ' e.g. OU=RAllenCorp Computers strDomain = "<DomainDNSName>" ' e.g. rallencorp.com ' ------ END CONFIGURATION --------- Const COMPUTER_WKGUID = "B:32:AA312825768811D1ADED00C04FD8D5CD:" ' ADS_PROPERTY_OPERATION_ENUM Const ADS_PROPERTY_APPEND = 3 Const ADS_PROPERTY_DELETE = 4 set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://" & objRootDSE.Get(" defaultNamingContext")) set objCompWK = GetObject("LDAP://" & _ "<WKGUID=AA312825768811D1ADED00C04FD8D5CD," & _ objRootDSE.Get("defaultNamingContext") & ">") objDomain.PutEx ADS_PROPERTY_DELETE, "wellKnownObjects", _ Array( COMPUTER_WKGUID & objCompWK.Get("distinguishedName")) objDomain.PutEx ADS_PROPERTY_APPEND, "wellKnownObjects", _ Array( COMPUTER_WKGUID & strNewComputersParent & "," & objRootDSE.Get("defaultNamingContext") ) objDomain.SetInfo WScript.Echo "New default Computers container set to " & _ strNewComputersParent
Most Active Directory administrators do not use the Computers container within the Domain naming context as their primary computer repository. One reason is that since it is a container and not an OU, you cannot apply Group Policy Objects to it. If you have another location where you store computer objects, you might want to consider changing the default container used to bind to the computers container by changing the well-known objects attribute, as shown in this recipe. This can be beneficial if you want to ensure computers cannot sneak into Active Directory without having the appropriate group policies applied to them. While you can also apply GPOs at the site or the domain level, forcing new computers into a particular Organizational Unit ensures that those computers receive the Group Policy settings that you want them to receive through GPOs linked at the OU level. However, this does not protect you from an administrator (whether intentionally or accidentally) explicitly creating a computer object in the incorrect OU; this only protects you from applications or utilities that do not allow or do not require you to specify an OU when creating the computer.
MS KB 324949 (Redirecting the Users and Computers Containers in Windows Server 2003 Domains)