September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
5.10. Allowing OUs to Be Created Within Containers
Problem
You want to create an OU within a container. By default, you cannot create OUs within container objects due to restrictions in the Active Directory schema.
Solution
Using a graphical user interface
Open the Active Directory Schema snap-in as a user that is a member of the Schema Admins group. See Recipe 10.1 for more on using the Schema snap-in.
Expand the Classes folder, right-click on the
organizationalUnitclass, and select Properties.Select the Relationship tab and, next to Possible Superior, click Add Superior (Windows Server 2003) or Add (Windows 2000).
Select
containerand click OK.Click OK.
Using a command-line interface
Create an LDIF file called ou_in_container.ldf with the following contents:
dn: cn=organizational-unit,cn=schema,cn=configuration,<ForestRootDN>
changetype: modify
add: possSuperiors
possSuperiors: container
-then run the ldifde command to import the change:
> ldifde -i -f ou_in_container.ldf
Using VBScript
' This code modifies the schema so that OUs can be created within containers
Const ADS_PROPERTY_APPEND = 3
set objRootDSE = GetObject("LDAP://RootDSE")
set objOUClass = GetObject("LDAP://cn=organizational-unit," & _
objRootDSE.Get("schemaNamingContext") )
objOUClass.PutEx ADS_PROPERTY_APPEND, "possSuperiors", Array("container")
objOUClass.SetInfoDiscussion
Allowing OUs to be created within containers requires a simple modification to the schema. You have to make the container class one of the possible ...