Solved

AD Users and computers snap in from Client Machine

Posted on 2006-07-04
3
650 Views
Last Modified: 2008-02-07
hi all,
   I'm delegating some AD responsibility to some users and i want to know how to give them access to AD to perform the delegated tasks. I know you have to ins tall Windows 2003 admin tools for them to have AD mmc available.

Is there a way around that. I dont want users to access any other tools in the admin tool and preferably i dont want them to even see other containers than the one they are delegated for.

Any ideas on how to give them access to AD without installing Admin tools. Also is there a way to prevent them from seeing other containers...

Vinod.
0
Comment
Question by:mvvinod
  • 2
3 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17040007
Hi,

Install the tools and then delete or rename the mmc and exe files for the other tools. You can't hide the other containers within AD. MS hasn't caught on to that yet as far as I know. If they don't have any permissions they shouldn't you won't need to be concerned about them seeing anything they could break.
0
 
LVL 26

Accepted Solution

by:
Pber earned 250 total points
ID: 17041862
To install just the AD tools from the adminpak just do this:
msiexec /i adminpak.msi ADDLOCAL=FeADTools /qb

The default AD MMC's will not allow you to prevent users from seeing other OU's.  Some 3rd party products have this ability to only show users what they've been delegated.  This is usually done through a WEB interface.  Quest has a good product called ActiveRoles Direct or ActiveRoles Server: http://www.quest.com/activeroles_server/

0
 
LVL 29

Assisted Solution

by:mass2612
mass2612 earned 250 total points
ID: 17041911
Thanks Pber - good article for this here - http://support.microsoft.com/?kbid=314978
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question