Active Directory Computer Objects Management
A computer object in AD is used to model a real computer in an organizational network environment.
Say for example, I bought a new computer machine -01 in my organization, and want to allow people to access various organizational resources through this computer. All I have to do to achieve this is create a computer object in the Active Directory users and computers console and assign permissions to the computer object representing machine – 01. And depending on the permissions I assign to the computer object the users’ access over resources through this computer might be granted, restricted or denied.
To create a computer object in Active Directory
- Start -> administrative tools -> Active Directory users and computers console
- Right click on the console tree
- From the menu that pops choose the option “new”
- On choosing the option new another menu pops with a list of objects ,from that choose “computer”
- An object creation wizard appears as shown in the figure below, enter the name attributes of the computer object , and click next
- On the second page if you want a user to manage this computer, then choose a user name and click next
- On clicking finish the object will be created and can be located on the ADUC console tree in its respective container.
Computer objects creation Wizard
To delete a computer object in AD
- Open ADUC
- Right click on the computer object you intend to delete
- From the submenu that pops choose the option “delete”
- The computer object will be deleted from Active Directory and will no more appear on the console tree.
To modify a computer object in AD
- Open ADUC and right click on the computer object you intend to modify
- From the shortcut menu that pops choose the option “properties”
- A computer object properties dialogue box appears with various tabs
- Navigate through the various tabs and make the necessary changes
- Click apply and then OK
- The modifications will hence be made.
The mandatory attributes of computer object are:
- 1. cn
- 2. objectCategory
- 3. objectclass
- 4. sAMAccountName
cn and sAMAccountName attributes help in the unique identification of the object across the domain.
Related Articles
Active Directory Group Objects Management
As the self-explanatory name suggests, this object is meant to represent a group. In AD, a group is an object which can contain a collection of users, or computers, or contacts, or even other groups as members .It simplifies administrative burden. ...Active Directory Objects List
Objects are the fulcrum of Active Directory. The ease of an organization’s resource management comes from the fact that objects give AD a modular structure. Introduction The individual components of an organization’s network are called objects in ...How to Change Account Lockout Policy using Group Policy Objects in Active Directory
Changing the Active Directory Account Lockout Policy Introduction to Active Directory Account Lockout Policy Account lockout policies are used by IT administrators to lock out an Active Directory account after multiple unsuccessful attempts. It is ...How to navigate to Active Directory users and computers
Launching Active Directory Users and Computers (ADUC) Introduction Active Directory (AD), a service provided by Microsoft, functions as a central database for securely storing and managing information about user accounts, user groups, ...How to enumerate Active Directory domains using PowerShell
Active Directory (AD) is the backbone of many organizations, serving as a centralized system for managing users, computers, and resources. As a system administrator, being able to enumerate and query AD is a fundamental skill. In this comprehensive ...