NIST's guidance for a Zero Trust Architecture

Active Directory Objects

Active Directory Computer Object Management

What you will learn from this article:   

Active Directory is a directory service that organizations can use to organize their resources. The Active Directory network is comprised of elements called Active Directory objects. These objects represent resources that are a part of the network. There are several types of objects such as a user, computer, printer, and more. In this article, we will take a look at what an Active Directory Computer object is, what are its properties, and how you can create, delete, and modify a computer object.

What is an Active Directory Computer Object? 

A computer object in AD is used to model a real computer in an organizational network environment. Say, for example, I bought a new computer machine -01 in my organization, and want to allow people to access various organizational resources through this computer. All I have to do to achieve this is create a computer object in the Active Directory users and computers console and assign permissions to the computer object representing machine – 01. And depending on the permissions I assign to the computer object the users’ access to resources through this computer might be granted, restricted, or denied.

Managing AD computer objects

Creating a Computer Object 

To create a computer object in Active Directory  

  • Start -> Administrative Tools -> Active Directory Users and Computers console
  • Right-click on the console tree.
  • From the menu that pops up, choose the option “New”.
  • On choosing the option New, another menu pops with a list of objects, from that choose “computer”.
  • An Object Creation wizard appears. Enter the name and attributes of the computer object, and click Next
  • On the second page if you want a user to manage this computer, then choose a User Name and click Next.
  • On clicking Finish, the object will be created and can be located on the ADUC console tree in its respective container.
Creating a new Computer Object
Creating a new Computer Object

Deleting a Computer Object   

  • Open ADUC and right-click on the computer object you intend to delete.
  • From the submenu that pops choose the option “Delete”.
  • The computer object will be deleted from Active Directory and will no longer appear on the console tree.
Deleting a Computer Object

Modifying a Computer Object 

  • Open ADUC and right-click on the computer object you intend to modify.
  • From the shortcut menu that pops choose the option “Properties”.
  • A Computer Object Properties dialogue box appears with various tabs.
  • Navigate through the various tabs and make the necessary changes.
  • Click Apply and then OK.
  • The modifications will hence be made.
Modifying a Computer Object in Active Directory
Modifying a Computer Object

The properties window will open. In the window, you will find the following tabs:

  • General: This tab contains attributes that define the general details of the object such as its name, role, description, etc.
  • Operating System: This tab contains details regarding the operating system that the computer runs.
  • Member Of: This tab contains details about which container objects such as OUs and groups in which the computer is placed.
  • Delegation: This tab contains details regarding whether the computer can be trusted for delegation, and what services are delegated.
  • Location: This tab contains the geographical position (Country, province, city) where the computer this object references is located.
  • Managed By: This tab contains details of the user who manages the computer, as well as location information.
  • Object: This tab contains more details about the object such as its canonical name, the object class, created date and modified date, etc.
  • Security: This tab contains the security details about the computer object such as its access rights and privileges, and the users who can access the computer.

Dial-in: This tab contains details such as the network access properties, call-back options, and more.

Mandatory attributes of a Computer Object 

Every object has a set of properties that define the object. These properties are called object attributes. You can learn more about object attributes in this article. A computer object also has a set of attributes that defines its properties such as its name, the users who can access the computer, and more. Some of these attributes are mandatory and should have a value. For example:

  • cn: The distinguished name of the computer that is used to uniquely identify this object in the AD network
  • ObjectCategory: This is a single value property that contains the distinguished name of either the object class this computer object belongs to, or the distinguished name of one of its superclasses.
  • Objectclass: The distinguished name of the object class that this computer object belongs to.
  • sAMAccountName: The pre-Windows 2000 logon name of the object. This is a naming attribute that is also used to identify this computer object in the network uniquely.

People also read

AD computer object security tab

Active Directory Computer Objects Tabs

Active Directory Computer Delegation tab

Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

AD computer object security tab

Active Directory Objects

Active Directory Computer Objects Tabs

Active Directory Objects

Active Directory Group Objects Management

Leave a Reply

Your email address will not be published. Required fields are marked *