All about Windows Servers and much more

As you probably know, by default, newly created user or computer is placed in default OUs Computers or Users. It is not a good practice to leave them there, because we are not able to apply GPO to these OUs and in many cases, we need more OUs. The good example why to create more OUs is that we need different policy for notebooks, desktops and servers.
There is also a good practice to change default containers for users and computers to one of these newly created OUs.
It is very simple to redirect them. You have to execute two commands from Administrative command prompt:

  • For users: redirusr ou=MyDefaultUserOU,dc=domain,dc=local
  • For computers: redircmp ou=MyDefaultComputerOU,dc=domain,dc=local

If you want your environment to be even more secure, just put this default OUs in OUs that have the most restricted GPOs applied. In this way, you will limit the access to your environment.

One Response to Redirecting default OU for users and computers

Leave a Reply

Your email address will not be published. Required fields are marked *

About me


I am working in IT for more than 10 years, concerning most of my time with small companies. A result of this work is a good knowledge of problems and products used in that companies, like Windows Small Business Server, System Center Essentials, Windows OS ecc.
In the last three years I am also Microsoft Partner Area Lead for CEE and Slovenia and I lead a Slovenian SBS Community on Microsoft.
In my privat life I like listen to rock music, archery and constructing biiig houses with Lego cubes – of course with my son!