Redirecting the containers “Users” and “Computers” in Windows Active Directory domains
The Standard “Users” and the standard “Computers” container (in which new objects are to be created in default) can be easily changed with Windows standard applications. Benefits, requirements and the commands redirusr and redircmp are explained in this article.
Before explaining the commands redirusr and redircmp, I want to introduce you the initial situation, what the benefit of redirecting is and what the technical requirements are.
Standard containers can be redirected to organizational units. These organizational units (OU) can be linked with group policies, because it is not possible to directly link the standard containers “Users” and Computers”. By linking these group policies to OUs, settings for the new and maybe unwanted standard users and computers can be applied.
The Active Directory domain must be running under domain functional level 2003 or newer.
If you are running an Exchange Server environment, the groups “Exchange Domain Servers” or “Exchange Enterprise Servers” may not be shifted to other organizational units. These groups must always remain in the container “Users”.
Redirecting standard containers with REDIRUSR and REDIRCMP
Any redirection of standard containers must be done by an administrator. The admin must be in the function of the domain administrator of the target domain to where the containers are to be redirected.
Using the tool “redirusr” you can now redirect the standard container. The tool is installed on all Windows 2003 computers and is located in the directory “%SystemRoot%\System32“.
The following command will redirect the standard container for “User” to the organizational unit “newUsers“:
Using the tool “redircmp” you can now redirect the standard container.
The following command will redirect the standard container for “User” to the organizational unit “newComputers“:
<b>C:\Windows\System32\redircmp OU=newComputers,DC=firstattribute,DC=test </b>