You want to bind to the default container that new computers objects are created in.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller (or leave blank to do a serverless bind).
For Port, enter 389.
From the menu, select Connection Bind.
Enter credentials of a domain user.
From the menu, select View Tree.
For the DN, enter:
where <DomainDN> is the distinguished name of a domain.
In the left menu, you can now browse the default computers container for the domain.
With tools like netdom, if there is an option to only specify the name of the computer, and not its DN or parent container, the default computers container is typically used.
' This code illustrates how to bind to the default computers container. ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDNSName>" ' e.g. apac.rallencorp.com ' ------ END CONFIGURATION --------- ' Computer GUID as defined in ntdsapi.h Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd" set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objCompContainer = GetObject("LDAP://<WKGUID=" & _ ADS_GUID_COMPUTRS_CONTAINER & "," & _ objRootDSE.Get("defaultNamingContext") & ">" ) WScript.Echo objCompContainer.Get("distinguishedName")
There are several important objects within each Active Directory domain that need to be "rename safe." By that I mean you should be able to rename the object and not impact other applications that may depend on it. It is for this reason that Microsoft created WKGUID binding. WKGUID allows you to use a well-known GUID to bind with instead of a distinguished name.
For example, the default computers container has the following WKGUID:
You can use the GUID to bind to the default computers container in the domain using the following ADsPath:
The list of well-known objects for a domain is contained in the wellKnownObjects attribute of the domainDNS object for the domain. The wellKnownObjects attribute is multivalued with DNWithBinary syntax. The following is an example of what that attribute looks like for the rallencorp.com domain:
B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=rallencorp,DC=com; B:32: F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Program Data,DC=rallencorp,DC=com; B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=rallencorp,DC=com; B:32: 22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrincipals,DC=rallencorp,DC=com; B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=rallencorp,DC=com; B:32: 2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=rallencorp,DC=com; B:32: AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=rallencorp,DC=com; B:32: AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=rallencorp,DC=com; B:32: A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,DC=rallencorp,DC=com; B:32: A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=rallencorp,DC=com;
Each value has the format of:
As you can see, the GUID for the first value is the same as the one we used in the ADsPath above to bind to the default computers container.
Recipe 8.12 for changing the default computers container and MSDN: Binding to Well-Known Objects Using WKGUID