Solved

AD Users and computers snap in from Client Machine

Posted on 2006-07-04
3
653 Views
Last Modified: 2008-02-07
hi all,
   I'm delegating some AD responsibility to some users and i want to know how to give them access to AD to perform the delegated tasks. I know you have to ins tall Windows 2003 admin tools for them to have AD mmc available.

Is there a way around that. I dont want users to access any other tools in the admin tool and preferably i dont want them to even see other containers than the one they are delegated for.

Any ideas on how to give them access to AD without installing Admin tools. Also is there a way to prevent them from seeing other containers...

Vinod.
0
Comment
Question by:mvvinod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17040007
Hi,

Install the tools and then delete or rename the mmc and exe files for the other tools. You can't hide the other containers within AD. MS hasn't caught on to that yet as far as I know. If they don't have any permissions they shouldn't you won't need to be concerned about them seeing anything they could break.
0
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 17041862
To install just the AD tools from the adminpak just do this:
msiexec /i adminpak.msi ADDLOCAL=FeADTools /qb

The default AD MMC's will not allow you to prevent users from seeing other OU's.  Some 3rd party products have this ability to only show users what they've been delegated.  This is usually done through a WEB interface.  Quest has a good product called ActiveRoles Direct or ActiveRoles Server: http://www.quest.com/activeroles_server/

0
 
LVL 29

Assisted Solution

by:mass2612
mass2612 earned 250 total points
ID: 17041911
Thanks Pber - good article for this here - http://support.microsoft.com/?kbid=314978
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question