Pre-staging computer accounts


When you join a Windows computer to a domain, by default the computer account for the computer gets placed into the Computers container. Unfortunately the Computers container is not an organizational unit (OU) so you can’t link a Group Policy Object to it, and as a result computers that join a domain like this are placed into an unmanaged state, which might contravene your company’s security policy.


The solution is to pre-stage your computer accounts by pre-creating these accounts within an OU that has a GPO linked to it to enforce policy. Just use Active Directory Users and Computers to create computer accounts in the OU that have the same names as the computers that you will be joining to the domain. Then, when each computer joins the domain, it will check whether a pre-staged computer account is present, and if it is then it will use that computer account instead of creating one within the Computers container.


***


Mitch Tulloch was the lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. For more about Mitch, visit his website www.mtit.com

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top