Add a Windows computer to your organizational unit at IU

On this page:

Overview

If you are a local UITS support person or the administrator of an organizational unit (OU) or department, you should create the computer account in your department's OU before adding the computer to ADS. If you do not, the computer will still join to ADS, but the computer account will not reside in your OU; instead, it will end up in the default "Computers" OU and will not inherit any policies you implement. To add one, follow the instructions below. If you are not the administrator of an OU, or if you live in campus housing, skip to Add the computer to ADS.

Note:
Security of Information Technology Resources (IT-12) requires that you normally refrain from running your Windows computer as an administrator. For more, see About the principle of least privilege.

Create the computer account in ADS

Follow these instructions either at a different computer already joined to ADS, or through the Active Directory Users and Computers console available from IUanyWare. If you don't use the IUanyWare option, you'll need to install Microsoft's Remote Server Administration Tools.

To create the computer account in ADS:

  1. Log into the workstation using an ADS account that is an administrator for your OU.
  2. Click Start. Select Program Files, then Administrative Tools, and finally Active Directory Users and Computers.
  3. Click the + (plus sign) next to "ads.iu.edu" to expand the tree, and then click the + (plus sign) next to the two-letter abbreviation for your campus.
  4. Locate and select your OU in the campus tree.
  5. Click Action, then New, and finally Computer.
  6. A "New Object - Computer" window will appear. In the "Computer Name:" field, type the computer name. This name must exactly match the name you use for the computer. For information about the naming standards for the ADS domain, see Recommended naming conventions for IU Windows computers and groups.
  7. In the section labeled "The following user or group can join this computer to a domain", you must change the "User or Group" field to your account or to a group to which you belong. Click Change. From the list, select the account or group, or type the name in the field below. If you are unsure what to type, you can type ADS\Domain Users to allow all ADS users to join the computer to ADS. Click OK.
  8. Click OK again, and then click Next. In the "Managed" window, click Next again.
  9. Click Finish. The computer account should now be visible in your OU. At this point, you can join the computer for which you created an account to ADS by following the directions below.

Add the computer to ADS

See:

Note:
For help with Active Directory, contact your local UITS support person.

Related documents

Group policies in Microsoft Active Directory Recommended naming conventions for IU Windows computers and groups Active Directory security and distribution groups

This is document ajnb in the Knowledge Base.
Last modified on 2024-04-18 09:51:05.