Recipe 8.11 Binding to the Default Container for Computers

This recipe requires the Windows Server 2003 domain functional level.

8.11.1 Problem

You want to bind to the default container that new computers objects are created in.

8.11.2 Solution Using a graphical user interface
  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a domain user.

  8. Click OK.

  9. From the menu, select View Tree.

  10. For the DN, enter:


    where <DomainDN> is the distinguished name of a domain.

  11. Click OK.

  12. In the left menu, you can now browse the default computers container for the domain. Using a command-line interface

With tools like netdom, if there is an option to only specify the name of the computer, and not its DN or parent container, the default computers container is typically used. Using VBScript
' This code illustrates how to bind to the default computers container.
strDomain = "<DomainDNSName>"   ' e.g.
' ------ END CONFIGURATION ---------

' Computer GUID as defined in ntdsapi.h
Const ADS_GUID_COMPUTRS_CONTAINER = "aa312825768811d1aded00c04fd8d5cd"

set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
set objCompContainer = GetObject("LDAP://<WKGUID=" & _
                             ADS_GUID_COMPUTRS_CONTAINER & "," & _
                             objRootDSE.Get("defaultNamingContext") & ">" )
WScript.Echo objCompContainer.Get("distinguishedName")

8.11.3 Discussion

There are several important objects within each Active Directory domain that need to be "rename safe." By that I mean you should be able to rename the object and not impact other applications that may depend on it. It is for this reason that Microsoft created WKGUID binding. WKGUID allows you to use a well-known GUID to bind with instead of a distinguished name.

For example, the default computers container has the following WKGUID:


You can use the GUID to bind to the default computers container in the domain using the following ADsPath:


The list of well-known objects for a domain is contained in the wellKnownObjects attribute of the domainDNS object for the domain. The wellKnownObjects attribute is multivalued with DNWithBinary syntax. The following is an example of what that attribute looks like for the domain:

B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=rallencorp,DC=com; B:32:
F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Program Data,DC=rallencorp,DC=com;
B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=rallencorp,DC=com; B:32:
B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=rallencorp,DC=com; B:32:
2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=rallencorp,DC=com; B:32:
AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=rallencorp,DC=com; B:32:
AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=rallencorp,DC=com; B:32:
A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,DC=rallencorp,DC=com; B:32:

Each value has the format of:


As you can see, the GUID for the first value is the same as the one we used in the ADsPath above to bind to the default computers container.

8.11.4 See Also

Recipe 8.12 for changing the default computers container and MSDN: Binding to Well-Known Objects Using WKGUID

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List