Archived from groups: microsoft.public.win2000.setup_deployment (
More info?)
Thanks very much for the info, Brendon.
Oli
"Brendon Rogers" <brendon@nospam-itology.net> wrote in message
news:ubsaAyLQEHA.1392@TK2MSFTNGP09.phx.gbl...
> See
http://support.microsoft.com/default.aspx?kbid=324949
>
> A new feature in Windows 2003 is you can redirect the Computers container
> to
> an OU. It doesn't give you the flexibillity to put the computers into
> different OUs but at least you can add the computer to an OU which has the
> appropriate GPOs applied, rather than having to worry about applying and
> fitlering GPOs at the domain level.
>
> We don't use this though - all our PCs are added through RIS and we use
> menus to choose which OU to add them into.
>
> "Oli Restorick [MVP]" <oli@mvps.org> wrote in message
> news:O4#hdDAQEHA.1160@TK2MSFTNGP09.phx.gbl...
>>
>> "Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
>> news:O04weFqPEHA.4036@TK2MSFTNGP12.phx.gbl...
>> > Right, that does mean it will only work (interactively) on stations
>> > with
>> > netdom installed though.
>> Yes. Since I'm doing the domain join as part of an unattended build, I
> just
>> include the netdom.exe file as part of the build. If you're looking for
>> a
>> way to add machines that have already been built to a specific OU, then
> I'm
>> not sure.
>>
>> What you're really looking for is a way to specify in Active Directory
> which
>> should be the default container/OU to add machines to. It's probably
>> possible to do that. Perhaps one of the Directory Services guys might
>> know -- a repost in microsoft.public.windows.server.active_directory
>> might
>> do the trick.
>>
>> It would be really cool if you could somehow use a WMI filter specified
>> using AD that could determine the correct default OU for a machine.
>>
>> > I find the lack of an OU field in the GUI very odd, when you think
>> > Win2k
>> > was designed to work with AD. Even more strange is that (apparently) XP
>> > does not have this facility either.
>> I think most people would find it confusing, to be honest. Most people
>> would not get the LDAP path correct if you had to type it by hand. To
>> provide a browse button, you'd need to authenticate against AD first.
>>
>> While most small businesses I know will go to the keyboard of the machine
> to
>> do a domain join, bigger companies are more likely to create the machine
>> account in the correct OU and then let the end user do the domain join
>> themselves. Then again, the default of allowing 10 domain joins per user
>> doesn't tie up with this, as it doesn't have any administrative
> involvement.
>> You really don't want people dumping new machines into your computers
>> container.
>>
>> As you've probably realised, you can't apply a GPO to the computers
>> container (because it's a container). So, if you want a GPO to apply
> here,
>> you have to apply it at the site or domain level, at which point it's
> going
>> to get applied to your servers and probably several other machines you
> don't
>> want to hit.
>>
>> Regards
>>
>> Oli
>>
>>
>
>