Advertisement
Forum List The ITidiots Show Questions and Answers
Kyle
User
Karma: 3  
Episode 20 Active Driectory Aministration question - 2007/03/17 17:24 I like the idea of the Task Pad View for administering a certain OU and sub OU's. My scenario is this, all i want to do is create a mmc with this so i can give certain domain users permission to reset passwords......simple.

I have over 700 users and i want to be able to give permission to a handful of other users this permisson but the chosen few only have simple 'domian users' acces rights.

Is it possible to create a custom mmc so that when it is opend by the chosen all thay see is the OU in question and not the AD spine on th left? I don't really want them to see the spoine let alone acces it.

HOw would i set this up?
  | | The administrator has disabled public write access.
Nicky Curtis
Admin
Karma: 22  
Re:Episode 20 Active Driectory Aministration quest - 2007/03/18 20:15 Hi Kyle,

You can achieve about 90% of your solution.
The first thing you need to do is navigate down to the OU that you want them to view and then right click and select new window from here.
Then close the previous windows and set the MMC into 'single windows view only', the option is something like that, you could then customise the mmc further by removing some of the task buttons etc, finally put the mmc into user mode only and save the .msc file to a network sharepoint. Protect the share with Read permissions only and place a shortcut to the .msc on the users desktop.

The remaining 10%. Well the user could always load up an mmc and manually add the dsa.msc snap in, however you would of course prevent access with AD permissions.

Hope that helps,

Nicky
  | | The administrator has disabled public write access.
Kyle
User
Karma: 3  
Re:Episode 20 Active Driectory Aministration quest - 2007/03/18 23:14 The first thing you need to do is navigate down to the OU that you want them to view and then right click and select new window from here.

Then close the previous windows and set the MMC into 'single windows view only', the option is something like that, you could then customise the mmc further by removing some of the task buttons etc, finally put the mmc into user mode only and save the .msc file to a network sharepoint.

I have tested this so far on my own test network, it is just how i wanted it for the group of 'chosen domain users' I can't test this in my enviroment until tuesday or wednesday this week but i have one more concern.

From my test set up, if i have 1 OU with a further 6 OU nested inside of it they all get the reset pasword for all users in each OU just as I wanted it. But......it looks like they can also drag and drop users into each OU, Can this be stopped? or is it becasue i am running it on my tes set up and can't really test it live with the correct permissions?

Also if you right clcik the user you get a multitude of options, can this be stopped as well?

Post edited by: Kyle, at: 2007/03/18 23:49
  | | The administrator has disabled public write access.
Forum List The ITidiots Show Questions and Answers
Joomlaboard Forum Component
Two Shoes M-Factory
Joomla Templates by Joomlashack
Joomla Templates and Joomla Tutorial