Chapter 8. Computers
Introduction
As far as Active Directory is concerned, computers are very similar
to users. In fact, computer
objects inherit
directly from the user
object class, which is used
to represent user accounts. That means computer
objects have all of the attributes of user
objects
and then some. Computers need to be represented in Active Directory
for many of the same reasons users do, including the need to access
resources securely, utilize GPOs, and have permissions granted or
restricted on them.
To participate in a domain, computers need a secure channel to a domain controller. A secure channel is an authenticated connection that can transmit encrypted data. To set up the secure channel, a computer has to present a password to a domain controller. The domain controller then verifies that password against the password stored in Active Directory with the computer’s account. Without the computer object, and subsequently, the password stored with it, there would be no way for the domain controller to verify a computer is what it claims to be.
The Anatomy of a Computer
The default location for computer
objects in
a
domain is the cn=Computers
container located
directly off the domain root. You can, however, create
computer
objects anywhere in a domain. And in
Windows Server 2003, you can modify the default location for
computer
objects as described in Recipe 8.12. Table 8-1 contains a list
of some of the interesting attributes that are available on
computer
objects.
Table 8-1. Attributes ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.