Pre-staging computer accounts

Written by on Thursday, February 28, 2008 3:44 - 0 Comments

How to ensure client computers are not left in an unmanaged state after joining a domain.

When you join a Windows computer to a domain, by default the computer account for the computer gets placed into the Computers container. Unfortunately the Computers container is not an organizational unit (OU) so you can’t link a Group Policy Object to it, and as a result computers that join a domain like this are placed into an unmanaged state, which might contravene your company’s security policy.

The solution is to pre-stage your computer accounts by pre-creating these accounts within an OU that has a GPO linked to it to enforce policy. Just use Active Directory Users and Computers to create computer accounts in the OU that have the same names as the computers that you will be joining to the domain. Then, when each computer joins the domain, it will check whether a pre-staged computer account is present, and if it is then it will use that computer account instead of creating one within the Computers container. ')}

Article written by

Leave a Reply

You must be logged in to post a comment.

2003 server - Sep 30, 2008 22:34 - 0 Comments

instant messaging srv records

More In Computers & PC

Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments

Outlook: Duplicates in Mailbox

More In Computers & PC