|
|
To administer Active Directory from a domain client computer, you have the following standard options (the order is not important):
Terminal Services allow an administrator to work on a client computer in the same way as he or she can at the domain controller's console. This is the only standard option for down-level client computers (Windows NT, Windows 9x) to run the administrative tools, and the only option for low-speed (dial-up) connections. Although many administrative command-line tools can connect directly to remote computers, you will need the Terminal Services to get the full functionality of the command prompt on a DC.
On Windows .NET-based computers, the Terminal Services are installed by default. These computers have a built-in feature, Remote Desktop, that is enabled on the Remote tab in the System Properties window and provides an administrator with single-user access to the desktop of the computer.
Note | There is no Terminal Service Connection option configured on computers running Windows .NET. You can enter mstsc /console at the command prompt or use the Remote Desktops command on the Start | Administrative Tools menu. |
The Windows .NET Administration Tools Pack contains practically all administrative snap-ins (see Table 8.2). This pack is installed from the %SystemRoot%\system32\adminpak.msi file available on every Windows .NET-based domain controller. You can install the Administration Tools on any computer with Windows XP/.NET, but to use them, you must be logged on as a user with domain administrative rights.
Active Directory Domains and Trusts | Internet Information Services |
Active Directory Schema Manager | Network Load Balancing Manager |
Active Directory Sites and Services | Remote Desktops |
Active Directory Users and Computers | Remote Storage |
Certification Authority | Routing and Remote Access |
Cluster Administrator | Server Extensions Administrator |
Connection Manger Administration Kit | Telephony |
DHCP | Terminal Services Licensing |
Distributed File System | Terminal Services Manager |
DNS | WINS |
Caution | The Windows .NET Administration Tools Pack cannot be installed on computers running Windows 2000! In general, Windows 2000 Administration Tools could be used for administering Windows .NET-based domains; however, some limitations exist in that case. A better choice would be to install the Windows .NET Administration Tools Pack and use it for managing domain controllers running both Windows 2000 and Windows .NET systems. |
You can manually install the selected administrative snap-ins on a client computer (see the next section).
For some reason, you might want to install only one or just a few separate administrative tools on a client computer instead of the entire Administration Tools pack. This can be done quite easily. (But don't forget about security requirements!) You will have to carry out the following steps:
Copy the necessary snap-ins (files with MSC extension) from the %SystemRoot%\system32 folder on a DC to any local folder you wish.
Copy the appropriate DLL(s) to the local %SystemRoot%\system32 folder or to any local folder.
If the DLL has been copied to a folder other than %SystemRoot%\system32, you must first change the folder as necessary. To register the DLL, enter the following string at the command prompt:
regsvr32 <DLLname>
For example, to register the DLL for the Active Directory Users and Computers snap-in, enter regsvr32 dsadmin.dll.
Now you may create shortcuts for new snap-ins, and then run them. Of course, you have to be logged on to the domain with appropriate (administrative) privileges.
The following table contains DLL names for some administrative snap-ins.
Tool name | Snap-in's name | DLL's name |
---|---|---|
| ||
Active Directory Domain and Trusts | domain.msc | domadmin.dll |
Active Directory Sites and Services | dssite.msc | dsadmin.dll |
Active Directory Schema | userCreatedName.msc | schmmgmt.dll |
Active Directory Users and Computers | dsa.msc | dsadmin.dll |
Note | After schmmgmt.dll has been copied to a local computer, you will be able to add the snap-in to any custom MMC console (since there is no schema snap-in configured by default). By default, the Group Policy Object Editor snap-in is present on any computer running Windows 2000/XP/.NET. Therefore, to use this tool and link it to any domain GPO, you need only to have administrator's privileges in the domain. |
Notice that both the Active Directory Users and Computers and Active Directory Sites and Services snap-ins use the same dsadmin.dll file. Both snap-ins actually provide similar operations (browsing and editing properties) with directory objects. The former enables you to work with the entire domain naming partition of Active Directory. The latter provides access to two containers in the Configuration partition, namely, Sites and Services (you can also view them with the ADSI Edit snap-in).
|
|