[Samba] Samba 4.13 AD: How to Change Default Computer OU?

Mike Ruebner samba at machichemicals.com
Thu Mar 31 18:11:01 UTC 2022 

Hi Andrew,

Yep. That looks like what I want to do. Thanks!

Please bear with me on a related tangent. For the life of me, I cannot figure out a working ldif notation. This is what I have on Debian 11.3:


ldbmodify -H /var/lib/samba/private/sam.ldb <<

dn: DC=sub,DC=mydomain,DC=com
changetype: modify
delete: wellKnownObjects
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=sub,DC=mydomain,DC=com
-
add: wellKnownObjects
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Machines,DC=sub,DC=mydomain,DC=com


However, I receive a constraint violation "000020B5: Referenced object not found [...]". Object is definitely there, if multiple. What am I doing wrong here? I know this beyond the scope of my original question, but maybe someone came across the same issue. Any pointers greatly appreciated!

Bests, Mike


> See this in the base DN (eg your main domain DN):

> wellKnownObjects:
> B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}

> Most clients will honour where this points and create new computers
> there by default, unless told otherwise.

Andrew,

On Tue, 2022-03-29 at 23:13 -0500, Mike Ruebner via samba wrote:
>> Thanks for your response. Much appreciated. I am aware of the samba-
>> tool option, but that's, for lack of better words, after the fact.
>> 'Off the bat' meaning that a newly joined workstation should
>> automatically end up in the 'Machines' OU instead of the default
>> 'Computers' OU. In Windows speak, I would be able to achive this with
>> the 'redircmp' PowerShell command.
>> 
>> Bests, Mike
> 
> 
> > Not entirely sure I understand what "applied off the bat" means. 
> > Joining the domain won't execute GPO computer settings AFAIK, you
> > need 
> > to reboot the machine first.  If you have to reboot the machine
> > anyway, 
> > just use samba-tool right after the domain join:
> > # samba-tool computer move COMPUTERNAME NEW_PARENT_DN [options]
> > This command moves a computer account into the specified
> > organizational 
> > unit or container.
> > The computername specified on the command is the sAMAccountName,
> > with or 
> > without the trailing dollar sign.
> > The name of the organizational unit or container can be specified
> > as a 
> > full DN or without the domainDN component.
> > > On 3/23/22 00:22, Mike Ruebner via samba wrote:
> > > Hi,
> > > 
> > > Is there any way to change the default OU for new domain joins? I
> > > have a couple of GPOs I would like to see applied off the bat
> > > from a 'Machines' OU.
> > > Samba 4.13.13-Debian on Debian 11.2.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list