Name and description policy for pre-create Computer object

I'm trying to create a policy which requires the following two conditions to be met in order for a computer object to be created:

1. The name must be prefixed with the first six characters of the containing ou (ou name=LA0001PES)

2. The description must contain something

To achieve the first goal I have:

Name must begin with <value>, and I have this as the value: %6<ou.cn>svr

To achieve the second goal I have:

Description must be specified

The outcome of this configuration is the description field is mandatory, so goal 2 has been met. However, the first goal, despite the configuration, still leads to the ability to create a computer object called bob as long as a description is specified; when in reality it should be an object which begins with LA0001svr so could be LA0001svrBob but not bob on its own.

What am I missing?

0 Stu.Pollock over 1 year ago

Hi keith utete

Try something like the below:

Where if I created in the "WO0005COR" OU, the name will be prefixed as:

Or in the "LA0001PER" OU, the name will be prefixed as:

The "must not be" rule is to prevent someone just clicking OK on the prefix, without entering additional characters.

I should also note, that I have an additional rule to set the computers samAccountName to be the same as the computer name, except ending with a $

Hope this helps

Stu
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Endpoint Privilege Management

Name and description policy for pre-create Computer object