samba - Mar 2022 - Samba 4.13 AD: How to Change Default Computer OU?

Thanks for your response. Much appreciated. I am aware of the samba-tool option,
but that's, for lack of better words, after the fact. 'Off the bat'
meaning that a newly joined workstation should automatically end up in the
'Machines' OU instead of the default 'Computers' OU. In Windows
speak, I would be able to achive this with the 'redircmp' PowerShell
command.

Bests, Mike

> Not entirely sure I understand what "applied off the bat" means. 
> Joining the domain won't execute GPO computer settings AFAIK, you need 
> to reboot the machine first.  If you have to reboot the machine anyway, 
> just use samba-tool right after the domain join:
> # samba-tool computer move COMPUTERNAME NEW_PARENT_DN [options]
> This command moves a computer account into the specified organizational 
> unit or container.
> The computername specified on the command is the sAMAccountName, with or 
> without the trailing dollar sign.
> The name of the organizational unit or container can be specified as a 
> full DN or without the domainDN component.
>> On 3/23/22 00:22, Mike Ruebner via samba wrote:
>> Hi,
>> 
>> Is there any way to change the default OU for new domain joins? I have
a couple of GPOs I would like to see applied off the bat from a
'Machines' OU.
>> Samba 4.13.13-Debian on Debian 11.2.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

See this in the base DN (eg your main domain DN):

wellKnownObjects:
B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}

Most clients will honour where this points and create new computers
there by default, unless told otherwise.

Andrew,

On Tue, 2022-03-29 at 23:13 -0500, Mike Ruebner via samba
wrote:
> Thanks for your response. Much appreciated. I am aware of the samba-
> tool option, but that's, for lack of better words, after the fact.
> 'Off the bat' meaning that a newly joined workstation should
> automatically end up in the 'Machines' OU instead of the default
> 'Computers' OU. In Windows speak, I would be able to achive this
with
> the 'redircmp' PowerShell command.
> 
> Bests, Mike
> 
> 
> > Not entirely sure I understand what "applied off the bat"
means.
> > Joining the domain won't execute GPO computer settings AFAIK, you
> > need 
> > to reboot the machine first.  If you have to reboot the machine
> > anyway, 
> > just use samba-tool right after the domain join:
> > # samba-tool computer move COMPUTERNAME NEW_PARENT_DN [options]
> > This command moves a computer account into the specified
> > organizational 
> > unit or container.
> > The computername specified on the command is the sAMAccountName,
> > with or 
> > without the trailing dollar sign.
> > The name of the organizational unit or container can be specified
> > as a 
> > full DN or without the domainDN component.
> > > On 3/23/22 00:22, Mike Ruebner via samba wrote:
> > > Hi,
> > > 
> > > Is there any way to change the default OU for new domain joins? I
> > > have a couple of GPOs I would like to see applied off the bat
> > > from a 'Machines' OU.
> > > Samba 4.13.13-Debian on Debian 11.2.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions