How to create container objects in Active Directory (NOT OU’S!)


It may happen that when you install a program you need to create Active Directory Container. In my case this was the System Center 2012 Virtual Machine Manager (SP1). What most people probably think is that they have to create an OU (Organizational Unit), but that is not the case.

There are a few differences between an Active Directory Container and an Active Directory OU. The main difference is that Group Policy Objects (GPO) cannot be applied to a container.

The Active Directory Users and Computers program will not give the option the create Container objects by default (right click, new). But with the following procedure, you can enable this. (You have to be member of the “Schema Admins” security group)


Open “Adsiedit.msc”, richt click “ADSI Edit” and click on “Connect to…”


Select “Schema” by “Select a well known Naming Context” and press the “OK” button


In the left plane select “Schema,CN=Configuration,DC=domain,DC=lan” and look in the right plane for “CN=Container”. Open its properties.


Change the value of “defaultHidingValue” to “FALSE” and press the “OK” button.


Open (or reopen) the Active Directory Users and Computers program (check if Advanced Features are visible), right click on the domain name or any Container/OU and select the “New” option. The Container option is now also listed in the list of objects.

Robin Hobo works as a Technical Consultant with main focus on Mobility and Application & Desktop delivery. He is specializes in Citrix, Microsoft and AppSense products.