What you will learn from this article:
Active Directory is a directory service that organizations can use to organize their resources. The Active Directory network is comprised of elements called Active Directory objects. These objects represent resources that are a part of the network. There are several types of objects such as a user, computer, printer, and more. In this article, we will take a look at what an Active Directory Computer object is, what are its properties, and how you can create, delete, and modify a computer object.
What is an Active Directory Computer Object?
A computer object in AD is used to model a real computer in an organizational network environment. Say, for example, I bought a new computer machine -01 in my organization, and want to allow people to access various organizational resources through this computer. All I have to do to achieve this is create a computer object in the Active Directory users and computers console and assign permissions to the computer object representing machine – 01. And depending on the permissions I assign to the computer object the users’ access to resources through this computer might be granted, restricted, or denied.
Creating a Computer Object
To create a computer object in Active Directory
- Start -> Administrative Tools -> Active Directory Users and Computers console
- Right-click on the console tree.
- From the menu that pops up, choose the option “New”.
- On choosing the option New, another menu pops with a list of objects, from that choose “computer”.
- An Object Creation wizard appears. Enter the name and attributes of the computer object, and click Next
- On the second page if you want a user to manage this computer, then choose a User Name and click Next.
- On clicking Finish, the object will be created and can be located on the ADUC console tree in its respective container.
Deleting a Computer Object
- Open ADUC and right-click on the computer object you intend to delete.
- From the submenu that pops choose the option “Delete”.
- The computer object will be deleted from Active Directory and will no longer appear on the console tree.
Modifying a Computer Object
- Open ADUC and right-click on the computer object you intend to modify.
- From the shortcut menu that pops choose the option “Properties”.
- A Computer Object Properties dialogue box appears with various tabs.
- Navigate through the various tabs and make the necessary changes.
- Click Apply and then OK.
- The modifications will hence be made.
The properties window will open. In the window, you will find the following tabs:
- General: This tab contains attributes that define the general details of the object such as its name, role, description, etc.
- Operating System: This tab contains details regarding the operating system that the computer runs.
- Member Of: This tab contains details about which container objects such as OUs and groups in which the computer is placed.
- Delegation: This tab contains details regarding whether the computer can be trusted for delegation, and what services are delegated.
- Location: This tab contains the geographical position (Country, province, city) where the computer this object references is located.
- Managed By: This tab contains details of the user who manages the computer, as well as location information.
- Object: This tab contains more details about the object such as its canonical name, the object class, created date and modified date, etc.
- Security: This tab contains the security details about the computer object such as its access rights and privileges, and the users who can access the computer.
Dial-in: This tab contains details such as the network access properties, call-back options, and more.
Mandatory attributes of a Computer Object
Every object has a set of properties that define the object. These properties are called object attributes. You can learn more about object attributes in this article. A computer object also has a set of attributes that defines its properties such as its name, the users who can access the computer, and more. Some of these attributes are mandatory and should have a value. For example:
- cn: The distinguished name of the computer that is used to uniquely identify this object in the AD network
- ObjectCategory: This is a single value property that contains the distinguished name of either the object class this computer object belongs to, or the distinguished name of one of its superclasses.
- Objectclass: The distinguished name of the object class that this computer object belongs to.
- sAMAccountName: The pre-Windows 2000 logon name of the object. This is a naming attribute that is also used to identify this computer object in the network uniquely.
People also read
AD computer object security tab
Active Directory Computer Objects Tabs