Active Directory admin taskpads by David Papkin

This David Papkin post is how to do Microsoft Active Directory Admin tasks using taskpads.

 

 

 

 

 

The user can use a console taskpad to run tasks such as starting wizards, opening property pages, performing menu commands, running command lines, and opening webpages.

Console taskpads are implemented by MMC(Microsoft Management Console ). That is, MMC takes care of setting up a console taskpad for a particular node.

In this post, Abbie from the Sales department will be given permissions to Reset Password and Unlock Sales user accounts. She will be given a custom taskpad.

Give permission to Unlock Sales accounts using Delegate Control

1. Using Active Directory Users and Computers,  right-click the Sales OU and select Delegate Control to launch the Delegation of Control Wizard and click Next to continue.

David Papkin

David Papkin

2.  Click the  Add button to add Abbie as the security principle you want to Delegate Control to. Type Abbie and click Check Names and click OK  to continue. Click Next.

Image

Image

Image

3. On the Tasks to Delegate  screen, select Create a custom task to delegate  radio button and click Next

Image

4. On the Active Directory type screen, select  Only the following objects radio button and click Next.

Image

5. Select General and Property-specific and click Next.

Image

6. Select Read and Read lockoutTime and Write lockoutTime  –> Next –> Finish.

Image

Image

Create Taskpad for Sales Department

1. Type Start ‘ Run’ MMC to launch an instance of Microsoft Management Console.
Image

 

2. Select File from the MMC ‘ Add/Remove Snap-ins and select Active Direct Users and Computers (ADUC)
Image

Image

3. Click Add to add ADUC Snap-in to the MMC and click OK. Click File–> Save As to give your new Taskpad a new Name such as Sales Taskpad.Sales
Image

4. Expand the Domain and select the Sales OU in the domain tree.
Image

5. Select More Actions  on the Actions window on the right side
Image

6. Click on New Taskpad View to start the New Taskpad View Wizard and click Next.

Image

Image

7. On the Taskpad Style window you can select the style, such as Vertical, Horizontal etc.  For this example, I will select Horizontal and select Next.
Image

8. On Taskpad Reuse screen, Apply the Taskpad view to Selected tree item  and click Next
Image

9. On the Name and Description screen type Sales Taskpad and click Next.
Image

Image

 

10. Click Finish to complete the wizard. New Task Wizard will be launched since the Add new tasks checkbox was selected. Click Next.

Image

11. Select the Menu command button and click Next.
Image

Image

 

12. The Command Source is Items listed in the results pane. Click Reset Password in the right pane and select the user who you want to Delegate Reset Password such as Abbie in the right pane. Click Next.
Image

13. The Task Name will be filled in with Reset Password. Click Next.
Image

14. Select an Icon and click Next then Finish. The New Task Wizard will be launched. Click Next.

Image

Image

Image

15. Select Menu command radio button then Next.
Image

16. Select Properties from Available commands and select Abbie and Next. We need to select Properties to read the properties of the User. Only Unlock will be writeable.
Image

17. Use Unlock as the task name and click Next.
Image

18. Select an Icon and click Next then Finish.
Image

Image

19. Abbie can perform resetting passwords and Unlock accounts.
Image

 

Locking down the console.

Now you have finished the taskpad, you must set the console so that users can only use the commands in the console and not do other tasks.

1. Select View from the Console menu and click Customize.
Image

Image

2. Uncheck any unwanted items and click OK.
Image

Image

3. Click File ‘ Options and change Console mode to User mode and uncheck Allow the users to customize views and check Do not save changes and click OK to  Exit.
Image

Image

 

4. Reopen the Sales Taskpad. Select any user and the Icons will appear below to reset password and unlock accounts.
Image

Install RSAT on Target computer where you will use the Sales Taskpad.

Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 from a computer that is running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.

1. You will need to install RSAT on any computer to use this Taskpad because it is based on ADUC and non Domain Controllers will not have this snap-in. Trying to open this Sales Taskpad will give an initialization error.
Image

 

2. To install RSAT 2016 on Server 2016 use the powershell command
Install-Windowsfeature -IncludedAllSubfeatures RSAT
Image

 

3. To install RSAT on Windows 10 download it from Microsoft.

http://www.microsoft.com/en-my/download/details.aspx?id=45520

Future builds on Windows 10 starting with 1809 should have this available to be installed via powershell.

You cannot install RSAT on computers that are running Home or Standard editions of Windows. You can install RSAT only on Professional or Enterprise editions of the Windows client operating system.

support.microsoft.com/en-sg/help/2693643/remote-server-administration-tools-rsat-for-windows-operating-systems

social.technet.microsoft.com/wiki/contents/articles/2816.how-to-create-custom-mmc-and-add-taskpad.aspx

End of David Papkin post in  Active Directory Admin tasks using taskpads

http://davidpapkin.org/

David Papkin favorite movies

Robert Deniro in GoodFellas

Ava Gardner in Singapore (Flim Noir)

Clarke Gable in China Seas

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.