How to create container objects in Active Directory (NOT OU’S!)

Create_container_objects_in_Active_Directory_banner

It may happen that when you install a program you need to create Active Directory Container. In my case this was the System Center 2012 Virtual Machine Manager (SP1). What most people probably think is that they have to create an OU (Organizational Unit), but that is not the case.

There are a few differences between an Active Directory Container and an Active Directory OU. The main difference is that Group Policy Objects (GPO) cannot be applied to a container.


The Active Directory Users and Computers program will not give the option the create Container objects by default (right click, new). But with the following procedure, you can enable this. (You have to be member of the “Schema Admins” security group)

Enable_create_container_objects_in_AD_step1

Open “Adsiedit.msc”, richt click “ADSI Edit” and click on “Connect to…”

Enable_create_container_objects_in_AD_step2

Select “Schema” by “Select a well known Naming Context” and press the “OK” button

Enable_create_container_objects_in_AD_step3

In the left plane select “Schema,CN=Configuration,DC=domain,DC=lan” and look in the right plane for “CN=Container”. Open its properties.

Enable_create_container_objects_in_AD_step4

Change the value of “defaultHidingValue” to “FALSE” and press the “OK” button.

Enable_create_container_objects_in_AD_step5

Open (or reopen) the Active Directory Users and Computers program (check if Advanced Features are visible), right click on the domain name or any Container/OU and select the “New” option. The Container option is now also listed in the list of objects.

Robin is a Technical Consultant with more than 16 years of IT experience. The last few years his main areas of work are designing and implementing Remote Applications and Desktop solutions where he specializes in Citrix and AppSense products.