Solved

AD Users and computers snap in from Client Machine

Posted on 2006-07-04
3
652 Views
Last Modified: 2008-02-07
hi all,
   I'm delegating some AD responsibility to some users and i want to know how to give them access to AD to perform the delegated tasks. I know you have to ins tall Windows 2003 admin tools for them to have AD mmc available.

Is there a way around that. I dont want users to access any other tools in the admin tool and preferably i dont want them to even see other containers than the one they are delegated for.

Any ideas on how to give them access to AD without installing Admin tools. Also is there a way to prevent them from seeing other containers...

Vinod.
0
Comment
Question by:mvvinod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17040007
Hi,

Install the tools and then delete or rename the mmc and exe files for the other tools. You can't hide the other containers within AD. MS hasn't caught on to that yet as far as I know. If they don't have any permissions they shouldn't you won't need to be concerned about them seeing anything they could break.
0
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 17041862
To install just the AD tools from the adminpak just do this:
msiexec /i adminpak.msi ADDLOCAL=FeADTools /qb

The default AD MMC's will not allow you to prevent users from seeing other OU's.  Some 3rd party products have this ability to only show users what they've been delegated.  This is usually done through a WEB interface.  Quest has a good product called ActiveRoles Direct or ActiveRoles Server: http://www.quest.com/activeroles_server/

0
 
LVL 29

Assisted Solution

by:mass2612
mass2612 earned 250 total points
ID: 17041911
Thanks Pber - good article for this here - http://support.microsoft.com/?kbid=314978
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO Access denied in AD 12 72
search on network drive not working 4 90
Event ID: 5719 / Source: NETLOGON 9 181
the workstation driver is not installed 2003 3 69
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question