Change default OU for computers in Microsoft Active Directory

To totally unlock this section you need to Log-in

Login
When you join a computer to a domain, by default the computer is placed in the Computers container (which technically is not an OU, so you can’t link Group Policy objects to it).

The best practice is to switch the default OU from the Computers container to a sub OU under a Production OU.
This way, any group policy objects I have setup to be applied to computers under my domain will be applied right away. For example, if I deploy antivirus via Group Policy, it will be installed as soon as possible.

Start with launching an elevated PowerShell prompt by right-clicking the PowerShell icon in the taskbar and selecting Run as Administrator.

At the prompt, type the following: redircmp where CONTAINER-DN is the distinguished name of the container you which to redirect to.

redircmp "OU=Clients,OU=Production,DC=DOMAIN,DC=LOCAL"

NOTE: If you have spaces in your OU name, make sure to wrap the DN with double quotes.

Then press Enter.

If your result shows Redirection was successful, you should be done.

Join a client computer to the domain and verify it was placed in the new OU.

Note: Make sure the computer object is not already in AD somewhere. If it is, delete the object if the computer is no longer joined to the domain. Otherwise, when you join the computer back up, it will be in the same OU it was in.

You can do the same thing with the default User OU. The command is then:

redirusr "OU=Users,OU=Production,DC=DOMAIN,DC=LOCAL"

How to get the DN (Distinguished Name)

First we are going to need the DN (Distinguished Name) of the OU we want to set as our default.
A quick way to find the DN is to launch Active Directory Users and Computers.

Click on View and select Advanced Features.

You will notice there are more containers within the tree view now.

Navigate and right-click the OU you want to set as the default, then select Properties.

In the OU Properties, select the Attribute Editor tab.

Click on distinguishedName to highlight it, then click View.

Right-click the highlighted value and select Copy. Click Cancel and then OK to close the Attribute Editor and OU Properties windows.

How to verify the change

Join a client computer to the domain and verify it was placed in the new OU.

Note: make sure the computer object is not already in AD somewhere. If it is, delete the object if the computer is no longer joined to the domain. Otherwise, when you join the computer back up, it will be in the same OU it was in.

For example, after we have issued the following comman you should see new "AD-joined" computers in the WDS OU in the notcreative.local domain:

redircmp "OU=_WDS,OU=NOTCREATIVE OU,DC=NOTCREATIVE,DC=internal"