U-M Windows Forest
How-To Documents
Get Help

Creating Servers and Workstations in a Delegated OU

Pre-allocating Computers

Administrators of Orgnanizational Units (OUs) must "pre-allocate" computer objects within their OU before attempting to join that computer to the domain.

Pre-allocating a computer object is a simple process and can be accomplished either via the "Users and Computers" snap-in or programmatically via an ADSI script.

Using the "Users and Computers" snap-in:

  1. Right-click for a context menu within the designated OU, then choose New > Computer.

  2. When the "New Object - Computer" dialog appears, you will see four choices:

    • Computer Name
    • Computer Name (pre-Windows 2000)
    • the "Joining User or Group", and
    • a check-box to allow "pre-Windows 2000" clients to join the Windows domain

New Object - Computer

Computer Names

The "Computer Name" and "Pre-Windows 2000 Computer Name" need to be unique within the Windows domain. Therefore we require a naming standard for computer names. Please refer to the U-M Windows naming standards page.

The U-M standard for creating a Windows computer name specifies that each organization must prefix their computer names with a unique string of two or more characters, followed by a dash. In practice, a two- or three-character prefix is best, since it leaves more room for a unique suffix string. In the example above, the organizational prefix is "LNG-". The suffix might be a U-M asset code, followed by a location code. The suffix used is entirely up to the organization creating the computer object.

Joining Group

Fortunately, not every computer in the world can join our domain. The individual attempting to join a computer to a Windows domain must either be personally authorized to do so, or must possess the credentials of an authorized Windows account. In pre-allocating the Windows computer object, the Windows administrator should specify a Windows security group containing some number of Windows accounts that are authorized to create computer objects within the delegated OU. If you choose to create a security group for this purpose, please read the Naming Standards for the U-M Windows Forest section when choosing a name for the security group.

Pre-Windows 2000 Computers

If the computer you are joining to the domain runs an operating system older than Windows 2000, you must check this box. Operating systems that meet this "back-level" criteria include NT 4, Windows ME, Windows 98, Windows 95 (these back-level clients are not recommended) and the Macintosh operating system.

Registering a Computer Prefix

Typically, a U-M organization will choose a computer prefix when joining the forest. If you are already a member of the U-M forest, and would like to register another prefix, please send your request to the ITS Service Center. Existing prefixes are listed in the "U-M Windows Organizational Prefixes" section, so be sure to look there before submitting a request. Prefixes are handed out on a "first-come, first-served" basis.