In my Microsoft active directory environment almost every organizational structure is an Organizational Unit. There are two common exceptions to this rule, the Computers object and the Users object. These are the default objects that are created when you setup Active Directory. Whenever I read anything about these objects, I am told that they use "Container Names" for backwards compatibility. From what I understand, these objects were configured that way when active directory was setup. My main question is this:
What will break if you convert to using OU's for these objects? I'm asuming the only way to do it is to create new OU's, redirect active directy to use these new OU's, and then delete the old CN objects.
I realize it's not a recommended procedure, but I want to know why.
Bonus Questions
- Did the active directory developers give a reason why the Computers and Users objects were created using a CN and not as a normal OU?
- Is it even possible to delete the default objects?
I'd advise against messing with those objects. It is typical to create new OUs and then move any necessary objects to your new OUs. You can then use redircmp (https://technet.microsoft.com/en-us/library/cc770619.aspx) to change where computer objects are created by default.
These containers exist for backward compatibility with NT4-based domains when being upgraded to Windows 2000 AD domains, and many other reasons that are due to NT4 compatibility with Windows 2000.
MS KB 324949 provides a good explanation of the reasons behind this due to legacy ("earlier-version") api calls: https://support.microsoft.com/en-us/help/324949/redirecting-the-users-and-computers-containers-in-active-directory-domains