Chapter 6. Managing computer accounts
If you were asked “What’s in your Active Directory?” your instinctive answer would most likely be users and groups. It’s what everyone thinks of because that’s where the bulk of the work lies. The other big data set is computers.
Every computer that’s part of your Active Directory has an account that has to be managed. This chapter will show you how to manage all the computers in your domain with minimal effort—that’s not zero effort, just minimizing the effort.
Why do you need computer accounts in Active Directory? Imagine an organization with thousands of users, each with their own desktop computer. This organization also has 2000 to 3000 servers. Now, you could manage the settings on all of those machines manually—good luck. A better and easier approach is to use Group Policy, which we’ll cover in chapters 8 and 9. Using Group Policy requires the machines to be in your Active Directory. Applications like Exchange require that the server is in the AD domain.
You already know a lot about managing computers because you learned how to manage users in chapter 2. Computer accounts in Active Directory are specialized variants of user accounts, which means you can apply a lot of your existing knowledge (re-read chapter 2 to refresh your memory if required). Everything else will be covered in this chapter.