Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Default OUs in Active Directory Users and Computers

Status
Not open for further replies.
lck092580

lck092580

Programmer
Jun 19, 2002
440
CA
Could anyone tell me why why "Users", "Computers", "ForeignSecurityPrincipals" and "Builtin" are not OUs? My book doesn't explain why they're not.

Thanks.
 
Sort by date Sort by votes
I would assume that microsoft didn't make them OUs so they can't be deleted. I haven't seen anything that says why they aren't OUs.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
 
Upvote 0 Downvote
Thanks. :)

Funny thing is my book says you should organize security principals in OUs yet the default is just a container.

I like your assumption (cannot be deleted).
 
Upvote 0 Downvote
lck092580,

While builtin containers are indeed containers, I assume that you're asking about OU's since they are one of the 3 container types that GPO's can be linked to.

In this case, you can create your own OU's and put them in just about any parent container that you like. Link your GPO's to your OU's and not the builtin containers and your GPO's should work.

I'm fairly sure that none of the builtin containers can be deleted, but I haven't tried to confirm this.


Wishdiak
 
Upvote 0 Downvote
Yeah I've always just been told it's to prevent you really screwing up the AD (although this is still easy to do in many other ways ;) ). By not allowing you to delete them or apply GPOs to them it preserves a 'safe' area within AD. It also provides a common factor across all AD installations so if say an application install creates users (e.g. SMS) they can code the location of this rather than rely on the user entering the correct LDAP distinguished name during installation.
 
Upvote 0 Downvote
That's a good point. Having a place for apps like SMS to put user accounts that they always know will be there is probably one of the reasons.

Denny

--Anything is possible. All it takes is a little research. (Me)

[noevil]
 
Upvote 0 Downvote
they're also what remains of the local SAM, and if ever you downgrade your DC, maybe their content will be there when you emerge the other side of your dcpromo....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mango36891gmail.com
  • Locked
  • Question
Best certification in Project Management
Replies
1
Views
190
mango36891gmail.com
mango36891gmail.com
doktor
  • Locked
  • Question
"642-437 - Implementing Cisco Unified Communications Voice over IP and QoS v8.0 (CVOICE v8.0)&q
Replies
1
Views
183
gnrslash4life
gnrslash4life
SamBones
  • Locked
  • Question
CISSP Test Prep and Recommendations
Replies
0
Views
142
SamBones
SamBones
doktor
  • Locked
  • Question
642-437 - Implementing Cisco Unified Communications Voice over IP and QoS v8.0 (CVOICE v8.0) - ??
Replies
4
Views
230
pcasi
pcasi
john1994
  • Locked
  • Question
HP2-B109 Selling HP Printing and Personal Systems Hardware
Replies
0
Views
115
john1994
john1994

Part and Inventory Search

Sponsor

Back
Top