What will break if you convert to using OU’s for these objects? I’m
asuming the only way to do it is to create new OU’s,redirect active
directy to use these new OU’s,and then delete the old CN objects.
我意识到这不是推荐的程序,但我想知道原因.
奖金问题
由于遗留(“早期版本”)api调用,MS KB 324949提供了对此背后原因的一个很好的解释:
https://support.microsoft.com/en-us/help/324949/redirecting-the-users-and-computers-containers-in-active-directory-domains
In a default installation of an Active Directory domain,user accounts,computer accounts,and groups are put in CN=objectclass containers instead of being put in a more desirable organizational unit class container. Similarly,and groups that were created by using earlier-version APIs are put in the CN=Users and CN=computers containers.
Users,computers,and groups that are created by earlier-version APIs place objects in the DN path that is specified in the WellKnownObjects attribute that is located in the domain NC head. The following code example shows the relevant paths in the WellKnownObjects attribute from the CONTOSO.COM domain NC head.
