{"id":1025,"date":"2018-02-01T01:26:39","date_gmt":"2018-02-01T01:26:39","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=1025"},"modified":"2018-02-01T02:49:06","modified_gmt":"2018-02-01T02:49:06","slug":"understanding-organizational-units-and-containers","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=1025","title":{"rendered":"Understanding Organizational Units and Containers"},"content":{"rendered":"<p><a href=\"http:\/\/wiki.thomasandsofia.com\/2018\/02\/01\/active-directory-and-group-policies\/\">Main Menu<\/a><\/p>\n<p><a href=\"https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276672?start=0\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276672?start=0<\/a><\/p>\n<p>Active Directory\u00a0 Users and Computers &gt; Domain.com<\/p>\n<p>What are Containers?<\/p>\n<ul>\n<li>Are structural objects that are included by default within Active Directory.<\/li>\n<li>You cannot apply Group Policy Objects (aka GPOs) to Containers *IMPORTANT<\/li>\n<li>You cannot create a Container with AD (but you can use adsiedit but likely never required)<\/li>\n<\/ul>\n<p>Computers Container<\/p>\n<ul>\n<li>Serves as a default location for new computers that join your domain.<\/li>\n<li>When joined, a new AD Computer Account Object will be created inside this container.<\/li>\n<li>To apply GPOs to a computer, you&#8217;ll need to move that computer out of the container and into an Organizational Unit (then you can apply security policies such as custom wallpapers, etc.)\n<ul>\n<li>You can leave them in the Computers container, but generally not best practice.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>ForeignSecurityPrincipals Container<\/p>\n<ul>\n<li>Contains Proxy Objects for Security Principals for other trusted domains.\n<ul>\n<li>Could be a user account or security group that resides inside of another domain.<\/li>\n<\/ul>\n<\/li>\n<li>If you do not establish a trust between this domain and another, you will not be using this container at all.<\/li>\n<\/ul>\n<p>Managed Service Accounts (MSAs) Container<\/p>\n<ul>\n<li>Holds the user accounts that are used to operate the applications or services that run on your servers or workstations.<\/li>\n<li>These accounts do not use passwords &#8211; these are handled automatically.<\/li>\n<li>To create an MSA, you need to use the PowerShell command line.\u00a0 There is no Gui.<\/li>\n<\/ul>\n<p>Users Container<\/p>\n<ul>\n<li>Do not delete any of the default users and security groups!<\/li>\n<\/ul>\n<p>Builtin BuiltinDomain<\/p>\n<ul>\n<li>Contains a number of Security Groups<\/li>\n<li>Unlike Users, these <strong>cannot<\/strong> be deleted<\/li>\n<\/ul>\n<p>Organizational Units (OUs)<\/p>\n<ul>\n<li>Used to organize and separate objects within AD.<\/li>\n<li>Objects can be anything that AD can store\n<ul>\n<li>User Accounts<\/li>\n<li>Computers, Printers, blah blah<\/li>\n<\/ul>\n<\/li>\n<li>If you have a Marketing Team, you can create an OU called Marketing and store all those users there.<\/li>\n<li>You can assign specific permissions to OUs, that then automatically apply to all objects within that OU.<\/li>\n<\/ul>\n<p>9:00<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Main Menu https:\/\/www.udemy.com\/active-directory-group-policy-2012\/learn\/v4\/t\/lecture\/8276672?start=0 Active Directory\u00a0 Users and Computers &gt; Domain.com What are Containers? Are structural objects that are included by default within Active Directory. You cannot apply Group Policy Objects (aka GPOs) to Containers *IMPORTANT You cannot create a Container with AD (but you can use adsiedit but likely never required) Computers Container Serves as ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=1025\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-1025","post","type-post","status-publish","format-standard","hentry","category-active-directory"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1025"}],"version-history":[{"count":4,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1025\/revisions"}],"predecessor-version":[{"id":1030,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/1025\/revisions\/1030"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}