Remote Administration

To administer Active Directory from a domain client computer, you have the following standard options (the order is not important):

  • Terminal Services allow an administrator to work on a client computer in the same way as he or she can at the domain controller's console. This is the only standard option for down-level client computers (Windows NT, Windows 9x) to run the administrative tools, and the only option for low-speed (dial-up) connections. Although many administrative command-line tools can connect directly to remote computers, you will need the Terminal Services to get the full functionality of the command prompt on a DC.

    On Windows .NET-based computers, the Terminal Services are installed by default. These computers have a built-in feature, Remote Desktop, that is enabled on the Remote tab in the System Properties window and provides an administrator with single-user access to the desktop of the computer.


    There is no Terminal Service Connection option configured on computers running Windows .NET. You can enter mstsc /console at the command prompt or use the Remote Desktops command on the Start | Administrative Tools menu.

  • The Windows .NET Administration Tools Pack contains practically all administrative snap-ins (see Table 8.2). This pack is installed from the %SystemRoot%\system32\adminpak.msi file available on every Windows .NET-based domain controller. You can install the Administration Tools on any computer with Windows XP/.NET, but to use them, you must be logged on as a user with domain administrative rights.

    Table 9.2: Snap-ins Included in the Windows .NET Administration Tools Pack

    Active Directory Domains and Trusts

    Internet Information Services

    Active Directory Schema Manager

    Network Load Balancing Manager

    Active Directory Sites and Services

    Remote Desktops

    Active Directory Users and Computers

    Remote Storage

    Certification Authority

    Routing and Remote Access

    Cluster Administrator

    Server Extensions Administrator

    Connection Manger Administration Kit



    Terminal Services Licensing

    Distributed File System

    Terminal Services Manager




    The Windows .NET Administration Tools Pack cannot be installed on computers running Windows 2000! In general, Windows 2000 Administration Tools could be used for administering Windows .NET-based domains; however, some limitations exist in that case. A better choice would be to install the Windows .NET Administration Tools Pack and use it for managing domain controllers running both Windows 2000 and Windows .NET systems.

  • You can manually install the selected administrative snap-ins on a client computer (see the next section).

Installing Administrative Snap-ins Selectively

For some reason, you might want to install only one or just a few separate administrative tools on a client computer instead of the entire Administration Tools pack. This can be done quite easily. (But don't forget about security requirements!) You will have to carry out the following steps:

  1. Copy the necessary snap-ins (files with MSC extension) from the %SystemRoot%\system32 folder on a DC to any local folder you wish.

  2. Copy the appropriate DLL(s) to the local %SystemRoot%\system32 folder or to any local folder.

  3. If the DLL has been copied to a folder other than %SystemRoot%\system32, you must first change the folder as necessary. To register the DLL, enter the following string at the command prompt:

        regsvr32 <DLLname> 
  4. For example, to register the DLL for the Active Directory Users and Computers snap-in, enter regsvr32 dsadmin.dll.

Now you may create shortcuts for new snap-ins, and then run them. Of course, you have to be logged on to the domain with appropriate (administrative) privileges.

The following table contains DLL names for some administrative snap-ins.

Tool name

Snap-in's name

DLL's name

Active Directory Domain and Trusts



Active Directory Sites and Services



Active Directory Schema



Active Directory Users and Computers




After schmmgmt.dll has been copied to a local computer, you will be able to add the snap-in to any custom MMC console (since there is no schema snap-in configured by default).

By default, the Group Policy Object Editor snap-in is present on any computer running Windows 2000/XP/.NET. Therefore, to use this tool and link it to any domain GPO, you need only to have administrator's privileges in the domain.

Notice that both the Active Directory Users and Computers and Active Directory Sites and Services snap-ins use the same dsadmin.dll file. Both snap-ins actually provide similar operations (browsing and editing properties) with directory objects. The former enables you to work with the entire domain naming partition of Active Directory. The latter provides access to two containers in the Configuration partition, namely, Sites and Services (you can also view them with the ADSI Edit snap-in).

Windows  .NET Domains & Active Directory
Windows .NET Server 2003 Domains & Active Directory
ISBN: 1931769001
EAN: 2147483647
Year: 2002
Pages: 154 © 2008-2017.
If you may any questions please contact us: