Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Remote editing user accounts

AD domain Windows 2003 R2
Clients : Domain-connected Clients Windows XP fully pathed

Is it possible to remotely edit the user-accounts on the Clients. NOT the local user-accounts, but User-accounts created on the Clients at:
Start -> Control Panel -> User Accounts , where it is possible to define AD-domain Accounts ?
0
olefisk
Asked:
olefisk
  • 5
  • 4
  • 3
2 Solutions
 
rogerardCommented:
Download and install the windows server 2003 support tools.  There is a tool included, active directory users and computers, that will allow you to edit everything for Active Directory.  To only modify the local users and groups on a remote computer, use the computer management interface and connect to the desired computer.
0
 
olefiskAuthor Commented:
Hi rogerard

Thanks for the prompt answer.
Surely I'm using Active Directory users and computers.
But managing local users and groups via the Management Console does only show users created as local client-accounts, not accounts created on the CLient as a Domain-Account.
The Issue is: When a specific domain-user logs on a specific domain-attached Workstation, the User shall have specific rights, t.ex Super User or Remote Desktop User.
Please see attached file which shows the User-Accounts on Workstation, where "V1a-988" is Workstation Name, "Titan" is AD-domain, and "des" is Domain-user
User-Accounts-on-CLient.jpg
0
 
johnb6767Commented:
Start>run>compmgmt.msc

Rt Click Computer Management (Local), and connect to another computer.

Enter the workstation name, and you know have the Remote "Local Users and Groups".... Should be good for most tasks....

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
johnb6767Commented:
From command line....

"C:\WINDOWS\system32\mmc.exe" /s /computer="COMPUTERNAME" C:\WINDOWS\system32\lusrmgr.msc
0
 
johnb6767Commented:
Or via PSExec...

PSExec \\COMPUTERNAME cmd.exe

Then you can access all your net.exe commands as if you were sitting in front of the box.......

PsExec
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
0
 
olefiskAuthor Commented:
Hi johnb6767

Thanks for Your Prompt Answers, but Your suggestions only shows the local users ......., not the locally created AD-Domain-users.
Thanks for the Advice concerning PStools, PSExec works fine, but I can't figure out the command showing all the User-Accounts which is shown under Control Panel -> User Accounts.
0
 
rogerardCommented:
From the command prompt type net users to get a list of accounts.
0
 
olefiskAuthor Commented:
Hi again rogerard

Sorry but it still only shows the Local users, the ones which not logon to the AD-domain
0
 
rogerardCommented:
Ok.  This one took me a bit to track down, but I think I may have finally prevailed!  :)  So here's the pickle....  The user that you're seeing when you are looking at the basic User Accounts window on a Vista or Windows 7 box does not display the same information that is in the advanced Users and Computers manager.  The so-called local Domain IDs aren't actually ID's created on the remote box,  but instead are Domain IDs that have been added to the local groups.  When you manage the remote computer and go look at the local groups, you will see listed there the users you're looking for.

If you would like to do this through a command prompt, using the pstools and psexec, if you run the command, net localgroup <group name>, you 'll get the users of the group name.  You can then pipe the results into a text file.  Good luck!
0
 
johnb6767Commented:
Thats why I wasnt understanding. An AD User is not a local user but you will see an AD user in a Local Group. Any of the methods will do this above.....

"Sorry but it still only shows the Local users, the ones which not logon to the AD-domain"

Unless the Deny Logon Locall Right is populated with certain Domain Users/Groups, then ANY Domain User can logon to the PC. The reason you add them to the Local Groups is because you map thier AD account to local groups for permissions on the local box.....

0
 
olefiskAuthor Commented:
Hi rogerard and jonhb6767

Sorry for the delayed reply.
Thanks for Your efforts.

Seems to work fine with the net localgroup <group name>, but is heavy stuff to use on 100 workstations.....
Have tested  the possibility to add and delete users in the local groups, and it works !!
Somebody must have made a GUI-application/interface to handle this, I guess I'm not the only one, who puts domain-users into the local groups.
0
 
olefiskAuthor Commented:
have found an amazing tool, that handles the local usergroups:
Hyena from systemtools.com.
Works like a charm !!!!!!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now