Moving Computer Accounts

Previous page
Table of content
Next page

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

Occasionally it is necessary to move computer accounts to reflect changes in organizational or managerial structure, to account for a transfer of equipment ownership, or to facilitate the application of Group Policy.

For example, many organizations place all new computer accounts in the Computers container in Active Directory. However, having all the computer accounts in the Computers container makes it difficult to know which computers belong to which departments. In addition, Group Policy cannot be applied to the Computers container because it is not an OU. Keeping all computer accounts in the same container also limits your ability to delegate administrative control of those accounts. If all computer accounts are stored in the Computers container, you cannot give the Finance Department system administrator control over accounts in his department without also giving that administrator control over all the accounts in that container.

For these reasons, computer accounts are typically moved out of the Computers container as soon as the computers are given to particular users or departments. Moving accounts to the appropriate Active Directory OU helps reflect the actual distribution of resources within the organization and allows for delegation of administration. For example, the Finance Department can use one set of policies to manage their computers, while the Human Resources Department can use a separate set of policies to manage their computers.

Accounts can be moved from one Active Directory container to another programmatically by using ADSI.

Scripting Steps

Listing 9.8 contains a script that moves a computer account to a different OU. To carry out this task, the script must perform the following steps:

  1. Use a GetObject call to bind to the Active Directory container to which the computer account will be moved. In this example, the container is the Finance OU in fabrikam.com.

    This first step illustrates one important difference between renaming a computer account and moving a computer account: When you rename a computer account, you bind to the Active Directory container in which the account currently resides. When you move a computer account, you bind to the container to which the account will be moved.

  2. Use the MoveHere method with the following two parameters:
    • Distinguished name of the account to be moved (LDAP://CN=Server4, CN=Computers, DC=fabrikam, DC=com).
    • Common name to be given to the account in the new container. Keeping the common name the same (CN=Workstation4) ensures that the account will be moved without being renamed.

Listing 9.8   Moving Computer Accounts

1 2 3 4 
Set objNewOU = GetObject("LDAP://OU=Finance, DC=fabrikam, DC=com") Set objMoveComputer = objNewOU.MoveHere _     ("LDAP://CN=Workstation4, CN=Computers, DC=fabrikam, DC=com", _         "CN=Workstation4")
send us your feedback Send us your feedback « Previous | Next »   

Previous page
Table of content
Next page
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635
BUY ON AMAZON
Java How to Program (6th Edition) (How to Program (Deitel))
Data Structures and Algorithms in Java
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
An Introduction to Design Patterns in C++ with Qt 4
Sap Bw: a Step By Step Guide for Bw 2.0
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy