Active Directory Container?
An Active Directory container is a logical structure within a domain used to organize and group AD objects such as:
- Users
- Computers
- Groups
- Other containers
Types of Containers-
- Built-in Containers (Default Containers):
- Created automatically when a domain is set up.
- Examples:
Users– contains default user and group accounts.Computers– the default location for domain-joined computers.Domain Controllers– holds all domain controller accounts.
- Custom Containers:
- Can be created using tools like ADSI Edit, but Organizational Units (OUs) are typically preferred for this purpose because of their flexibility.
Containers vs. Organizational Units –
| Feature | Containers | Organizational Units (OUs) |
|---|---|---|
| Can hold objects? | ✅ Yes | ✅ Yes |
| Can be nested? | ✅ Yes | ✅ Yes |
| Can have Group Policies? | ❌ No | ✅ Yes |
| Commonly used? | Only for defaults | Preferred for custom structure |
| Modifiable via GUI? | 🚫 Limited (via ADSI Edit) | ✅ Yes (via AD Users and Computers) |
Managing Containers
- You cannot directly apply Group Policy to containers.
- Objects placed in containers like
UsersorComputersare more difficult to manage with policies. - Best practice: Move objects into OUs for better control (e.g., GPO assignment, delegation).
Example Scenario
- When you join a computer to the domain, it automatically goes into the
Computerscontainer — unless you configure a default OU. - If you create a user without specifying a location, it might end up in the
Userscontainer.