title: Computer, OU & Other Object Details category: Directory Browser tags: computers, ous, containers, contacts, domains, printers priority: Normal
Computer, OU & Other Object Details
Beyond users and groups, IdentityCenter provides dedicated detail pages for every object type synchronized from Active Directory. This article covers the detail pages for computers, organizational units (OUs), containers, contacts, and domains.
Computer Details
Navigate to /admin/directory/computer-details/{id} by clicking any computer object in the Directory Browser.
Overview Tab
| Field | AD Attribute | Description |
|---|---|---|
| Computer Name | cn |
The NetBIOS computer name |
| DNS Hostname | dNSHostName |
Fully qualified DNS name (e.g., WS-JSMITH.corp.local) |
| Operating System | operatingSystem |
OS name (e.g., "Windows 11 Enterprise") |
| OS Version | operatingSystemVersion |
Build version string (e.g., "10.0 (22631)") |
| OS Service Pack | operatingSystemServicePack |
Service pack level, if applicable |
| Status | userAccountControl |
Active or Disabled |
| Managed By | managedBy |
Clickable link to the responsible person or group |
| Location | location |
Physical location description |
| Description | description |
Administrator-provided description |
Timestamps
Computer objects use the same FILETIME-based timestamps as user accounts.
| Attribute | What It Means |
|---|---|
lastLogon |
Last time the computer authenticated to a domain controller (not replicated) |
lastLogonTimestamp |
Replicated last logon (may lag up to 14 days) |
pwdLastSet |
When the computer's machine account password was last rotated (typically every 30 days) |
whenCreated |
When the computer object was created in AD |
whenChanged |
When the computer object was last modified |
Tip: If
pwdLastSetis older than 60 days, the computer may be offline or decommissioned. The AI insights panel flags this automatically.
Service Principal Names (SPNs)
The SPNs section lists all Kerberos Service Principal Names registered on the computer. SPNs define which services the computer hosts.
| Example SPN | Meaning |
|---|---|
HOST/WS-JSMITH.corp.local |
Standard host SPN |
HTTP/intranet.corp.local |
Web server hosting the intranet |
MSSQLSvc/SQL01.corp.local:1433 |
SQL Server instance |
TERMSRV/RDS01.corp.local |
Remote Desktop Services |
Security Note: SPNs are critical for Kerberos authentication. Misconfigured or orphaned SPNs can lead to authentication failures. For user accounts with SPNs, there is also a Kerberoasting risk -- the AI insights panel highlights this when detected.
Group Memberships
The Groups tab shows all groups the computer belongs to, including the default "Domain Computers" group and any additional groups assigned by administrators.
AI Insights for Computers
| Insight | Description |
|---|---|
| Stale Computer Detection | Flags computers that have not authenticated within the configured threshold (typically 90 days) |
| OS End-of-Life | Warns if the operating system version is no longer supported |
| SPN Security Analysis | Identifies unusual or potentially misconfigured SPNs |
| Machine Password Age | Alerts if the machine account password has not been rotated recently |
Organizational Unit (OU) Details
Navigate to /admin/directory/ou-details/{id} by clicking any OU in the Directory Browser.
Overview Tab
| Field | Description |
|---|---|
| OU Name | The organizational unit name |
| Distinguished Name | Full LDAP path (e.g., OU=Sales,OU=Departments,DC=corp,DC=local) |
| Description | Administrator-provided description of the OU's purpose |
| When Created | Date the OU was created |
| When Changed | Date the OU was last modified |
Directory Dates
The OU detail page displays the whenCreated and whenChanged timestamps to help you understand the OU's history. Unlike user and computer objects, OUs do not have logon-related timestamps.
Child OUs
The Child OUs section displays a hierarchical view of all OUs nested beneath this OU. Each child OU is a clickable link that navigates to its own detail page. This lets you traverse the OU tree without returning to the main browser.
Example hierarchy:
OU=Departments
├── OU=Sales
│ ├── OU=East
│ └── OU=West
├── OU=Engineering
└── OU=Finance
Objects in This OU
A summary section shows the count of objects contained directly in the OU, broken down by type:
| Object Type | Example Count |
|---|---|
| Users | 42 |
| Computers | 15 |
| Groups | 8 |
| Contacts | 3 |
Click any count to filter the Directory Browser to show only those objects within the OU.
Linked GPOs
If Group Policy Object links are synced, the OU detail page lists all GPOs linked to this OU, helping administrators understand the policies applied to objects within.
Container Details
Navigate to /admin/directory/container-details/{id} for Active Directory container objects.
Containers are similar to OUs but are built-in AD structures that cannot have Group Policy applied to them. Common examples include:
| Container | Distinguished Name | Purpose |
|---|---|---|
| Builtin | CN=Builtin,DC=corp,DC=local |
Built-in security groups (Administrators, Users, etc.) |
| Computers | CN=Computers,DC=corp,DC=local |
Default location for new computer objects |
| Users | CN=Users,DC=corp,DC=local |
Default location for new user objects |
| ForeignSecurityPrincipals | CN=ForeignSecurityPrincipals,DC=corp,DC=local |
Cross-domain trust references |
| Managed Service Accounts | CN=Managed Service Accounts,DC=corp,DC=local |
gMSA and MSA objects |
The Container Details page shows the same core sections as OUs: description, timestamps, and contained objects. The key difference is that containers are typically system-managed and should not be reorganized.
Contact Details
Navigate to /admin/directory/contact-details/{id} for external contact objects.
Overview Tab
| Field | AD Attribute | Description |
|---|---|---|
| Display Name | displayName |
The contact's full name |
mail |
Internal email address | |
| Target Address | targetAddress |
External email forwarding address (e.g., SMTP:partner@external.com) |
| Company | company |
External company name |
| Department | department |
Department affiliation |
| Title | title |
Job title |
| Phone | telephoneNumber |
Phone number |
Group Memberships
The Groups tab lists all distribution groups the contact belongs to. Contacts are typically members of distribution lists for email routing purposes and cannot be members of security groups for access control.
Use Cases for Contacts
- External partners who need to receive internal distribution list emails
- Vendor representatives who appear in the Global Address List
- Former employees who still need mail forwarding
Domain Details
Navigate to /admin/directory/domain-details/{id} for the domain root object.
| Field | Description |
|---|---|
| Domain Name | The DNS domain name (e.g., corp.local) |
| NetBIOS Name | Short domain name (e.g., CORP) |
| Functional Level | Domain functional level (e.g., Windows Server 2016) |
| Distinguished Name | Domain root DN (e.g., DC=corp,DC=local) |
| Domain Attributes | All synced domain-level attributes |
Navigating Between Detail Pages
One of the most useful features of the detail pages is cross-object navigation. Clicking on related objects takes you directly to that object's detail page:
| From Page | Clickable Link | Navigates To |
|---|---|---|
| User Details | Manager name | Manager's User Details page |
| User Details | Group name (in Groups tab) | Group Details page |
| Group Details | Member name | User, Computer, Contact, or Group Details page |
| Group Details | Managed By | Owner's User Details page |
| OU Details | Child OU name | Child OU Details page |
| Computer Details | Managed By | User Details page |
| Any Detail Page | Source Connection | Connection configuration page |
This cross-linking lets you explore your directory structure by following relationships rather than repeatedly searching.
Next Steps
- Browsing Objects -- Search and filter all object types
- User Details Page -- Deep dive into user accounts
- Group Details & Management -- Explore group membership and nesting
- Object Write-Back -- Edit AD objects from IdentityCenter
- Synchronization Overview -- How objects get into IdentityCenter
- AI Chat -- Query objects using natural language