I didn’t know before that actually every authenticated user can add up to 10 computers to the domain by default. This is a security issue and should be prevented.
Follow the steps to do so:
1. Open ADSI Editor
2. Click with the right mouse button on ADSI Editor and make a default connection
3. Click with the right mouse button on the domain / properties
4. Change the value for ms-DS-MachineAccountQuota to 0
admin on July 15th 2009 in Windows Server
When somebody adds a computer to the domain it usually goes into the CN=Computers,DC=Domain. If you want to choose another OU as the default container, you can do this with the redircmp “DN of the OU”.
By the way you can do the same for the users with the command redirusr “DN of the OU”.
admin on July 15th 2009 in Windows Server
| dsadd |
Creates and object in the directory |
| dsget |
Gets the attributes of an object |
| dsmod |
Changes the attributes of an object |
| dsmove |
Moves and object |
| dsrm |
Removes and object or container with all objects |
| dsquery |
Runs a query |
| csvde |
Import/Export Objects from/into a csv file |
| ldifde |
Import/Export (Lightweight Directory Access Data Interchange Format) |
| dsa.msc |
Active Directory Console |
Examples:
dsadd user “cn=Todd Test,ou=Users,dc=mist,dc=com” –samid ttest –upn ttest@mist.com
dsadd group “CN=Marketing,OU-Groups,DC=mist,DC=com” –samid Marketing –secgrp yes –scope g
dsget group “CN=Marketing,OU-Groups,DC=mist,DC=com” –members -expand
dsget user “cn=Todd Test,ou=Users,dc=mist,dc=com”
dsrm “cn=Todd Test,ou=Users,dc=mist,dc=com”
csvde –i –f NewUsers.txt
ldifde -i -f NewUsers.ldf
admin on June 4th 2009 in Windows Server
