Search Windows and Linux Networking

Tuesday, September 22, 2015

How to join Computer to Specific OU to apply group policy for computer accounts.

How to create computer account in specific OU at the time of joining to Domain.



Suppose you have created OU for each location (Department) and apply different group policy for computer.  E.g you have created security group for each location or Department and add member user from each location (Department) and configure group policy to add specific Security group to local Administrators security group to give local admin right to member of Active Directory Security group.

For that In Active Directory you identify and move all computers accounts to particular OU to apply group policy for computer.  when you check you find it working expected for existing computer accounts.

But When you Add (Join) new computer to Active Directory Domain. New Computer account will be crated at default location in Computers container so it will not apply group policy to give local Admin right to the user.

To fix this issue
1) You have to move computer account every time you add new computer to domain.
2) OR You have to create computer account in OU manually before joining to domain.
3) OR provide OU name at time when join to domain.

I like third option as it will give correct permission at computer first logon.

bellow is the Power shell command  that will join computer to domain and create computer account in specific Organization Unit (OU)

suppose :-

Your Domain Name is : Example.com
Domain Netbios Name : Example
OU for locaion : India-Pune
OU for Computer under OU India-Pune : Pune Computers
User having permission to join computer : Sandeep

Click on Start button --> Type Powershell in search box --> right click Windows Power shell --> Select Run as Administrator --> Click Yes in next windows.




Now type bellow command :-

Add-Computer -DomainName Example -Credential Example\sandeep -Passthru -OUPath 'OU=India-Pune,OU=Pune Computers,DC=Example,DC=Com'

Press Enter and Windows will ask you for password. Provide the password for user in our example password for Example\Sandeep and click ok. If no any error for computer name limit, networking, login credential and OU path then you will successfully connect to domain and new computer account will be automatically created at given OU path.

restart the computer

shutdown -r -t 00

now when computer boot first time group policy will be apply set for that OU. 

When you join your computer to Windows Active Directory Domain your computer account will be create