This David Papkin post is how to do Microsoft Active Directory Admin tasks using taskpads.
The user can use a console taskpad to run tasks such as starting wizards, opening property pages, performing menu commands, running command lines, and opening webpages.
Console taskpads are implemented by MMC(Microsoft Management Console ). That is, MMC takes care of setting up a console taskpad for a particular node.
In this post, Abbie from the Sales department will be given permissions to Reset Password and Unlock Sales user accounts. She will be given a custom taskpad.
Give permission to Unlock Sales accounts using Delegate Control
1. Using Active Directory Users and Computers, right-click the Sales OU and select Delegate Control to launch the Delegation of Control Wizard and click Next to continue.
2. Click the Add button to add Abbie as the security principle you want to Delegate Control to. Type Abbie and click Check Names and click OK to continue. Click Next.
3. On the Tasks to Delegate screen, select Create a custom task to delegate radio button and click Next
4. On the Active Directory type screen, select Only the following objects radio button and click Next.
5. Select General and Property-specific and click Next.
6. Select Read and Read lockoutTime and Write lockoutTime –> Next –> Finish.
Create Taskpad for Sales Department
1. Type Start ‘ Run’ MMC to launch an instance of Microsoft Management Console.
2. Select File from the MMC ‘ Add/Remove Snap-ins and select Active Direct Users and Computers (ADUC)
3. Click Add to add ADUC Snap-in to the MMC and click OK. Click File–> Save As to give your new Taskpad a new Name such as Sales Taskpad.Sales
4. Expand the Domain and select the Sales OU in the domain tree.
5. Select More Actions on the Actions window on the right side
6. Click on New Taskpad View to start the New Taskpad View Wizard and click Next.
7. On the Taskpad Style window you can select the style, such as Vertical, Horizontal etc. For this example, I will select Horizontal and select Next.
8. On Taskpad Reuse screen, Apply the Taskpad view to Selected tree item and click Next
9. On the Name and Description screen type Sales Taskpad and click Next.
10. Click Finish to complete the wizard. New Task Wizard will be launched since the Add new tasks checkbox was selected. Click Next.
11. Select the Menu command button and click Next.
12. The Command Source is Items listed in the results pane. Click Reset Password in the right pane and select the user who you want to Delegate Reset Password such as Abbie in the right pane. Click Next.
13. The Task Name will be filled in with Reset Password. Click Next.
14. Select an Icon and click Next then Finish. The New Task Wizard will be launched. Click Next.
15. Select Menu command radio button then Next.
16. Select Properties from Available commands and select Abbie and Next. We need to select Properties to read the properties of the User. Only Unlock will be writeable.
17. Use Unlock as the task name and click Next.
18. Select an Icon and click Next then Finish.
19. Abbie can perform resetting passwords and Unlock accounts.
Locking down the console.
Now you have finished the taskpad, you must set the console so that users can only use the commands in the console and not do other tasks.
1. Select View from the Console menu and click Customize.
2. Uncheck any unwanted items and click OK.
3. Click File ‘ Options and change Console mode to User mode and uncheck Allow the users to customize views and check Do not save changes and click OK to Exit.
4. Reopen the Sales Taskpad. Select any user and the Icons will appear below to reset password and unlock accounts.
Install RSAT on Target computer where you will use the Sales Taskpad.
Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 from a computer that is running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
1. You will need to install RSAT on any computer to use this Taskpad because it is based on ADUC and non Domain Controllers will not have this snap-in. Trying to open this Sales Taskpad will give an initialization error.
2. To install RSAT 2016 on Server 2016 use the powershell command
Install-Windowsfeature -IncludedAllSubfeatures RSAT
3. To install RSAT on Windows 10 download it from Microsoft.
Future builds on Windows 10 starting with 1809 should have this available to be installed via powershell.
You cannot install RSAT on computers that are running Home or Standard editions of Windows. You can install RSAT only on Professional or Enterprise editions of the Windows client operating system.
End of David Papkin post in Active Directory Admin tasks using taskpads
David Papkin favorite movies