Can the ADSIEdit program be run on a server without the Active directory installed?

Hi

I need to make some SETSPN -d changes on a server. The issue is the server that I am given access to is not the server with the Active Directory. I have tried running the program but I encountered an error message. ” MMC could not create the snap-in.”. I tried running the SETSPN -d using DOS prompt but the setting is still there. Hence the reason for using the ADSIEdit program.  

Question:
Can I run the ADSIEdit from a server without Active Directory installed? If yes, what is my steps to connect to the server? If no, what is my best solution short of accessing the server with Active Directory.

 
LVL 1
engsiong75Asked:
Who is Participating?
 
Moomin83Connect With a Mentor Commented:
Hi engsiong75

I did not mean to offend. I was trying avoid a problem I had in the past were my assistance to someone else looked like hacking. The point I tried to make is the following. The "Admin Pack" can basically operate from any PC without having done a DC promo (Installing AD functions) on it. When I open ADSI Edit on my notebook, the screen has no connections on it. I have to right click on the ADSI Edit icon and select "connect to". By Default it will populate with the preferred on your Network. the catch is your AD account requires access to manage Active Directory. Bottom line is - If your log on account has access to manage AD you can open ADSI Edit from any PC on your network with the "Admin Pack" on.
Alternatively: I have two accounts on our Network. My normal log on account has no admin rights. my second account has admin rights - I have to execute admin operations with "Run As" and it is rather annoying, but it is more secure. I can't do something by accident then. and gaining access to my profile on my notebook won't compromise my Network.

It sounds to me like you have everything in place, it is just your AD account that you are using does not have the correct permissions.

HTH
0
 
Moomin83Commented:
Hi, To gain access to "AD" tools without having DC functions installed is to install the Microsoft admin pack.
You can locate the admin pack here:
Win 2000
http://www.petri.co.il/download_w2k_adminpak.htm
Win 2003
http://www.microsoft.com/download/en/details.aspx?id=16770
Windows 7
http://www.microsoft.com/download/en/details.aspx?id=7887
Hope this helps
(you can access ADSIEDIT from your desktop to if you need to, granted your account has the privileges required)
0
 
GovvyCommented:
Yes install Windows Server 2003 Support Tools
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
engsiong75Author Commented:
I am sorry if I did not make matters clear. I am working on a Win2008 server with the Remote Administrator Tools installed. I have got the ADSIEDIT program but when I run it, I get an error message.

I do not have access to the Active Directory server.  
0
 
Moomin83Commented:
Hi

I'm sorry to be the bringer of bad news. I don't know of an "ethical" work around to manage AD on your network if your AD account does not have sufficient permission to manage AD on your Network. There is other ways of gaining access but I will not suggest them at all as it will probably breach a number of policies at your firm. Just ask your Network admin (or who ever manages your AD) to either grant you the required access or to execute the required change (" I need to make some SETSPN -d changes on a server")

sorry
0
 
engsiong75Author Commented:
Hi Moomin83

The point of my question is not about being ethical or not. I am not attempting to hack into anybody's system. I just need to a test server with the ADSIEDIT installed properly so that I can show my colleagues certain installation steps involving the ADSIEDIT program. If this is not possible, then it means that I would have to install an Active Directory (Which I know nothing about how to install or set it up.)

So my question is more of in the hope that I can use the ADSIEDIT as a testing ground than a resolution.    
0
 
Moomin83Commented:
Correction
"By Default it will populate with the preferred Domain controller on your Network."
0
 
engsiong75Author Commented:
Hi Moomin83

No offense taken. Just to make the picture clear, I am working in R & D and I am handling this support problem because the technical and support team are not able to handle it.

Let me try out your step and then get back to you.

Thanks    
0
 
engsiong75Author Commented:
It turn out that that was partially correct. I had to reinstall the software but once I did it and followed the steps ,it was pretty straight forward.
0
 
Moomin83Commented:
Glad it is working now, Have a great day! :)
0
All Courses

From novice to tech pro — start learning today.