1. Home
  2. Server Administration
  3. Active Directory. Windows server 2003 Windows 2000

Introduction

As far as Active Directory is concerned, computers are very similar to users. In fact, computer objects inherit directly from the user object class, which is used to represent user accounts. That means computer objects have all of the attributes of user objects and then some. Computers need to be represented in Active Directory for many of the same reasons users do, including the need to access resources securely, utilize GPOs, and have permissions granted or restricted on them.

To participate in a domain, computers need a secure channel to a domain controller. A secure channel is an authenticated connection that can transmit encrypted data. To set up the secure channel, a computer has to present a password to a domain controller. The domain controller then verifies that password against the password stored in Active Directory with the computer's account. Without the computer object, and subsequently, the password stored with it, there would be no way for the domain controller to verify a computer is what it claims to be.

The Anatomy of a Computer

The default location for computer objects in a domain is the cn=Computers container located directly off the domain root. You can, however, create computer objects anywhere in a domain. And in Windows Server 2003, you can modify the default location for computer objects as described in Recipe 8.12. Table 8-1 contains a list of some of the interesting attributes that are available on computer objects.

Table 8-1. Attributes of computer objects

Attribute

Description

cn

Relative distinguished name of computer objects.

dnsHostName

Fully qualified DNS name of the computer.

lastLogonTimestamp

The approximate timestamp of the last time the computer logged in the domain. This is a new attribute in Windows Server 2003.

managedBy

The distinguished name (DN) of user or group that manages the computer.

memberOf

List of DNs of the groups the computer is a member of.

operatingSystem

Textual description of the operating system running on the computer. See Recipe 8.10 for more information.

operatingSystemHotFix

Currently not being used, but will hopefully be populated at some point.

operatingSystemServicePack

Service pack version installed on the computer. See Recipe 8.10 for more information.

operatingSystemVersion

Numeric version of the operating system installed on the computer. See Recipe 8.10 for more information.

pwdLastSet

Large integer that can be translated into the last time the computer's password was set. See Recipe 8.8 for more information.

sAMAccountName

NetBIOS-style name of the computer. This is typically the name of the computer with $ at the end.

userAccountControl

Account flag that defines various account properties.



    		Chapter 1. Getting Started
    		Chapter 2. Forests, Domains, and Trusts
    		Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    		Chapter 4. Searching and Manipulating Objects
    		Chapter 5. Organizational Units
    		Chapter 6. Users
    		Chapter 7. Groups
    		Chapter 8. Computers
    		Introduction
    		Recipe 8.1 Creating a Computer
    		Recipe 8.2 Creating a Computer for a Specific User or Group
    		Recipe 8.3 Joining a Computer to a Domain
    		Recipe 8.4 Moving a Computer
    		Recipe 8.5 Renaming a Computer
    		Recipe 8.6 Testing the Secure Channel for a Computer
    		Recipe 8.7 Resetting a Computer
    		Recipe 8.8 Finding Inactive or Unused Computers
    		Recipe 8.9 Changing the Maximum Number of Computers a User Can Join to the Domain
    		Recipe 8.10 Finding Computers with a Particular OS
    		Recipe 8.11 Binding to the Default Container for Computers
    		Recipe 8.12 Changing the Default Container for Computers
    		Chapter 9. Group Policy Objects (GPOs)
    		Chapter 10. Schema
    		Chapter 11. Site Topology
    		Chapter 12. Replication
    		Chapter 13. Domain Name System (DNS)
    		Chapter 14. Security and Authentication
    		Chapter 15. Logging, Monitoring, and Quotas
    		Chapter 16. Backup, Recovery, DIT Maintenance, and Deleted Objects
    		Chapter 17. Application Partitions
    		Chapter 18. Interoperability and Integration
    		Appendix A. Tool List