When you join a computer to a domain, by default the computer is placed in the Computers container (which technically is not an OU, so you can’t link Group Policy objects to it).
My best practice is to switch the default OU from the Computers container to a sub OU under a Production OU.
This way, any group policy objects I have setup to be applied to computers under my domain will be applied right away. For example, if I deploy antivirus via Group Policy, it will be installed as soon as possible.
Start with launching an elevated PowerShell prompt by right-clicking the PowerShell icon in the taskbar and selecting Run as Administrator.
At the prompt, type the following: redircmp
redircmp "OU=Clients,OU=Production,DC=DOMAIN,DC=LOCAL"
NOTE: If you have spaces in your OU name, make sure to wrap the DN with double quotes.
Then press Enter.
If your result shows Redirection was successful, you should be done.
Join a client computer to the domain and verify it was placed in the new OU.
Note: Make sure the computer object is not already in AD somewhere. If it is, delete the object if the computer is no longer joined to the domain. Otherwise, when you join the computer back up, it will be in the same OU it was in.
You can do the same thing with the default User OU. The command is then;
redirusr "OU=Users,OU=Production,DC=DOMAIN,DC=LOCAL"
Hi! thanks for the detailed information. Question, I have few computers on the default Container. Do I need to delete them and re-join them again, before or after following your instructions? Thanks!
Nope – you can just move them where you like them. I'd recommend NOT deleting them from AD, as you'll need to rejoin them and any other attributes associated with the object AD side would be lost.