https://www.udemy.com/active-directory-group-policy-2012/learn/v4/t/lecture/8276672?start=0
Active Directory Users and Computers > Domain.com
What are Containers?
- Are structural objects that are included by default within Active Directory.
- You cannot apply Group Policy Objects (aka GPOs) to Containers *IMPORTANT
- You cannot create a Container with AD (but you can use adsiedit but likely never required)
Computers Container
- Serves as a default location for new computers that join your domain.
- When joined, a new AD Computer Account Object will be created inside this container.
- To apply GPOs to a computer, you’ll need to move that computer out of the container and into an Organizational Unit (then you can apply security policies such as custom wallpapers, etc.)
- You can leave them in the Computers container, but generally not best practice.
ForeignSecurityPrincipals Container
- Contains Proxy Objects for Security Principals for other trusted domains.
- Could be a user account or security group that resides inside of another domain.
- If you do not establish a trust between this domain and another, you will not be using this container at all.
Managed Service Accounts (MSAs) Container
- Holds the user accounts that are used to operate the applications or services that run on your servers or workstations.
- These accounts do not use passwords – these are handled automatically.
- To create an MSA, you need to use the PowerShell command line. There is no Gui.
Users Container
- Do not delete any of the default users and security groups!
Builtin BuiltinDomain
- Contains a number of Security Groups
- Unlike Users, these cannot be deleted
Organizational Units (OUs)
- Used to organize and separate objects within AD.
- Objects can be anything that AD can store
- User Accounts
- Computers, Printers, blah blah
- If you have a Marketing Team, you can create an OU called Marketing and store all those users there.
- You can assign specific permissions to OUs, that then automatically apply to all objects within that OU.
9:00