2.4.1 Computer Object

The Computer object represents a computer in the Active Directory forest, and it is found by default at the following relative distinguished name (RDN) within the domain NC:

"CN=computername,CN=Computers"

For this RDN, "computername" is the host part of the computer's FQDN. As specified in section 2.3, the issued certificate MUST contain the GUID of the Computer object of that DC to be a valid DC certificate. When DCs exchange certificates during operations (as specified in section 3), the DCs further verify that the certificate contains the GUID of a Computer object that has not been deleted.

The schema definition for the Computer object is specified in [MS-ADSC].