Change the Default Location for New Active Directory Computers and Users
When setting up active directory with clearly organized group policies it is critical that all users and computers be saved in appropriate 'Organizational Units' (OU) within Active Directory. Instead of manually moving all new computers and users to the appropriate OU - you should consider changing the default locations for new AD computer and user objects.
New Active Directory users are automatically created in the special AD location "Users" and new computers are automatically placed in "Computers".
The default, standard AD locations "Users" and "Computers" are not OU objects so cannot be linked to any group policies. In order to user group policies effectively we need to arrange all the AD items into standard OU containers. However, after creating custom OU containers for computers and users, any new user accounts or PCs added to the domain are placed in the old default locations.
For better security - you should also consider changing default OU locations to somewhere with minimal group policy changes.
To move the default location for users and computers to another container user the "redircmp" and "redirusr" commands from the command prompt.
where CONTAINER-DN is the distinguished name of the container that will become the default location for newly created computer objects. Note: The domain functional level must be at least Windows Server 2003
where CONTAINER-DN is the distinguished name of the container that will become the default location for newly created user objects. Note: The domain functional level must be at least Windows Server 2003
To get the proper DN for the container you want to change to you can easily use the "Active Directory Users and Computers" management tool. Make sure to select View -> Advanced Features first.
From the AD Users and Computers management console select the folder you want, right-click and select properties, go to the "Attribute Editor Tab" and find the "Distinguished Name" entry.