Solved

AD Users and computers snap in from Client Machine

Posted on 2006-07-04
3
649 Views
Last Modified: 2008-02-07
hi all,
   I'm delegating some AD responsibility to some users and i want to know how to give them access to AD to perform the delegated tasks. I know you have to ins tall Windows 2003 admin tools for them to have AD mmc available.

Is there a way around that. I dont want users to access any other tools in the admin tool and preferably i dont want them to even see other containers than the one they are delegated for.

Any ideas on how to give them access to AD without installing Admin tools. Also is there a way to prevent them from seeing other containers...

Vinod.
0
Comment
Question by:mvvinod
  • 2
3 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17040007
Hi,

Install the tools and then delete or rename the mmc and exe files for the other tools. You can't hide the other containers within AD. MS hasn't caught on to that yet as far as I know. If they don't have any permissions they shouldn't you won't need to be concerned about them seeing anything they could break.
0
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 17041862
To install just the AD tools from the adminpak just do this:
msiexec /i adminpak.msi ADDLOCAL=FeADTools /qb

The default AD MMC's will not allow you to prevent users from seeing other OU's.  Some 3rd party products have this ability to only show users what they've been delegated.  This is usually done through a WEB interface.  Quest has a good product called ActiveRoles Direct or ActiveRoles Server: http://www.quest.com/activeroles_server/

0
 
LVL 29

Assisted Solution

by:mass2612
mass2612 earned 250 total points
ID: 17041911
Thanks Pber - good article for this here - http://support.microsoft.com/?kbid=314978
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now