Redirecting Users to an Alternative OU

Redirecting Users to an Alternative OU

This solution requires the Windows Server 2003 domain functional level.


You want to redirect all new users from the default OU (i.e., cn=Users) into the destination OU that you specify.

Using a graphical user interface
  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller (or leave blank to do a server-less bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a domain user.

  8. Click OK.

  9. From the menu, select Browse Modify.

  10. For DN, enter the distinguished name of the domainDNS object of the domain you want to modify.

  11. For Attribute, enter wellKnownObjects.

  12. For Values, enter the following:


    where <DomainDN> is the same as the DN you enter for the DN field.

  13. Select Delete for the Operation and click the Enter button.

  14. Go back to the Values field and enter the following:


    where <NewUsersParent> is the new parent container for new computer objects (e.g., ou=RAllenCorp Users).

  15. Select Add for the Operation and click the Enter button.

  16. Click the Run button.

  17. The result of the operations will be displayed in the right pane of the main LDP window.

Using the command-line interface

To redirect the default OU that new users will be created into, use the following syntax:

redirusr "<DestinationDN>"


Most modern methods for creating user accounts, including the ADUC MMC snapin, AdFind, and DSAdd, allow you to specify which OU a new user should be created in. However, some utilities such as net user or the WinNT ADSI provider still rely on a legacy API that will create a user only in its default location until it is manually moved to another OU by an administrator. The default location in Windows Server 2003 is the cn=Users container; this can create issues applying Group Policy to new user objects since the Users container cannot have a GPO linked to it. To ensure that all newly created users receive the necessary Group Policy settings as soon as they are created, use the redirusr.exe utility to redirect all new users that are not otherwise placed into a designated OU into the destination OU that you specify. You only need to run this utility once per domain, and the destination OU needs to exist before you run the utility.

See Also

MS KB 324949 ( Redirecting the Users and Computers Containers in Windows Server 2003)

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows