Server 2012 Change Default OU

Want to change default OU that computers get placed in when joining to the domain.

When you join a computer to a domain, by default the computer is placed in the Computers container (which technically is not an OU, so you can’t link Group Policy objects to it).

My best practice is to switch the default OU from the Computers container to a sub OU under my main NOTCREATIVE OU.

This way, any group policy objects I have setup to be applied to computers under my domain will be applied right away. For example, if I deploy antivirus via Group Policy, it will be installed as soon as possible.

How to change default OU for computers in AD 

Server 2012 Default Computers OU

Let’s get started

First we are going to need the DN (Distinguished Name) of the OU we want to set as our default.

Quick way to find the DN is to launch Active Directory Users and Computers.

Click on View and select Advanced Features.

Server 2012 ADUC Advanced Features

You will notice there are more containers within the tree view now.

Navigate and right-click the OU you want to set as the default, then select Properties.

Server 2012 OU Properties

In the OU Properties, select the Attribute Editor tab.

Click on distinguishedName to highlight it, then click View.

Right-click the highlighted value and select Copy. Click Cancel and then OK to close the Attribute Editor and OU Properties windows.

Server 2012 Attribute Editor

Launch an elevated PowerShell prompt by right-clicking the PowerShell icon in the taskbar and selecting Run as Administrator.

Server 2012 Run as Administrator PowerShell

At the prompt, type the following: redircmp <Container-DN> where CONTAINER-DN is the distinguished name of the container you previously copied to the clipboard that will become the default location for newly created computer objects

redircmp "OU=_WDS,OU=NOTCREATIVE OU,DC=NOTCREATIVE,DC=internal"

NOTE: If you have spaces in your OU name, make sure to wrap the DN with double quotes.

Then press Enter.

Server 2012 redircmp change default OU

If your result shows Redirection was successful, you should be done.

Join a client computer to the domain and verify it was placed in the new OU.

Note: make sure the computer object is not already in AD somewhere. If it is, delete the object if the computer is no longer joined to the domain. Otherwise, when you join the computer back up, it will be in the same OU it was in.

Server 2012 Default OU Changed - Join to Domain

About Chris Davis

Computer / Technology enthusiast. Very passionate about Systems Administration. I enjoy helping others try and reach their goals. You can follow Chris on if you'd like.

Comments

  1. Thanks a lot! I didn’t know how to redirect computers to a sub OU :)

  2. I know this is not so hard to do….but, your explanations are just perfect and easy.
    Do you have any other guides for 2012?

  3. Not hard, I mean, the procedure of changing the default container.

  4. Great:)

  5. By the way – Is there an option to check what is my current default container for computers?

    • Run this: (get-adobject -filter ‘ObjectClass -eq “domain”‘ -Properties wellKnownObjects).wellKnownObjects

      Then look for the line containing the following value: AA312825768811D1ADED00C04FD8D5CD

      I’m pretty sure that is the line that is set for the current default OU that a computer will be placed in when joining to the domain.

      • If you want to use Powershell to view the current default container use:
        Get-ADDomain | Select ComputersContainer

  6. yes , thank you so much for that video, got to learn some new thing as I am a student i would eagerly wanted to be learn more about computer and domain , dc, dns, dhcp, I Wanted to be settled down in IT as a SYSTEM ADMINISTRATOR…

    • You are welcome. I’m glad the aricle and video have helped you out. Sounds like the type of stuff you are interested in is similar to a lot of my tutorials. Feel free to browse around!

  7. vincent says:

    sorry, my english is very pool, i have a question, how could i do when the computer joining to the domain then move to specific OU by computer name(hostname) immediately, thanks for you help ^^

  8. This is the single most useful thing I’ve read all week and I read a lot. Thanks for the tip, I’ve been wondering how to do this for a long time.

  9. If you have multiple domain controllers do you have to change it on all of them or will it replicate out to the others as well?

  10. hi

    if the OU I am redirecting computers gets deleted, does it default back to the Computers Container?

  11. This info seems simple enough Thank you for info. But I would like to leave the default computer OU alone. I need to move Windows 7 machines automatically to a different OU. How can this be done?

  12. Hi Chris,
    A few weeks ago, I used your article on how to create multiple domain users by using powershell. It works great. Now I am trying to change the default Computer OU and read a lot of articles on the web. Finally, I just read your article and this is exactly what I wanna do. Your are absolutely great, Thanks a lot.

  13. Thanks a lot for sharing this. I have one more issue, I want computers starting with specific word like we take an example I have a Satellite Office and I want computers in their should go to specific OU so we can name computers like “Satellite-Computer-1″ so it should go in satellite-computer OU or other way we can see is I can create a new security group called “local admin in remote office” and the members of that security group bring any computer to domain it should go into that OU. I hope you understand what I am trying to say. Any help will be highly appreciated.

  14. Mark van Bommel says:

    I would like to change the default OU for the mail contacts I create in Exchange 2010. By default these are put in the Users OU (not the default user ou in our domain which we redirected but the Users OU that is installed by Active Directory itself). Does anyone have any idea how to do this?

    Thanks in advance!

  15. Soryy but what is OU?
    many
    thanks

  16. In hardening a server, it is normal to go through the local policy and create all the settings necessary to harden the system appropriately to any given standard. The question I have is once the hardened machine is tested and it works, how do you convert the GPOs on the machine to an OU so all the machines in the OU take on the hardened settings?

    • When you said “hardening a server”, I’m thinking you meant to say a client machine? If it were me, I would create the GPO and start hardening there. Running through all of the options that I would want to configure/harden. Then, possibly create a Security Group that has that GPO tied to it and make the client(s) a member of that group. Hopefully that is in the ballpark of an answer to your question.

  17. Great article! I was hoping to take this one step further. I’d like to apply a GPO to this new default OU which will “force” other Jr Admins to move their newly joined computer object to a specific designated OU. Have you ever tried this? I’m debating on something disruptive like a reboot every 15 minutes…just something that can’t be ignored.
    Any advice?

  18. Maybe something like the Reboot-Computer.ps1 script from the MS repository where an OU and it’s contents can be specified…

  19. Vighnesh says:

    Hi Davis, can you explain me the procedure for installing microsoft sql server 2008r2 on windwos server 2008r2 as it is showing me a warning that “installing sql server on a domain controller is not recomended”.
    I have seen your videos on configuring user under domain accounts but i dont know how to access them, it will be helpful if you reply with pic, if possible.
    Thanks in advace.

    • Hey there. The warning message you are seeing is somewhat normal anytime you are installing anything like that on a domain controller. Microsoft’s “best practice” is to have the domain controller “only” performing the domain controller role (and not adding extra software like SQL server on top of it).

  20. Rubo Aris says:

    Is it possible to add Servers to a different OU, not the same as regular computers?
    SBS 2008 does that automatically, so I was wondering if it’s possible with WSE 2012?

  21. John Myers says:

    Chris, I had to put quotes around my DN in order for the command to work, even though the DN did not have any spaces. I’m using Server 2012, on PowerShell

  22. Chris, this article is great. Do you have any thoughts on how I can force my techs to make sure computers and users are moved to the correct OU ? My inital thought was to follow this article and then apply policy to that OU that displays a message or wallpaper saying its not in the correct OU

Trackbacks

  1. […] Domain are added to the “Computers” container. There are ways to change this behavior (http://pc-addicts.com/server-2012-change-default-ou/) but in my case I use it as a place where my computers stay until I complete documentation, setup, […]

Leave a Reply