
close
close
How can I easily perform management operations in AD from a customized Taskpad?
As your AD infrastructure grows, and the number of objects within it constantly changes, you might find that managing the growing number of users, groups and computers is becoming more than a headache. Fortunately for us, one of Active Directory’s best features is the ability to delegate administrative control over specific objects to lower-level administrators.
You can read more about the administrative tasks delegation in an article that will be published shortly.
In this article I’ll show how to create a custom tool (called Taskpad) from the Active Directory Users and Computers snap-in, and how to use this custom tool to ease some of your daily user management tasks.
Let’s assume that your organization has an AD domain with several thousands of users. This domain consists of several distinctive divisions or departments. You have already created the right OU (Organization Unit) structure, and have already placed the right users accounts, groups and computers in their respective OUs.
We will also assume that one user named David will be responsible for managing all the user objects within the Sales OU. Other users might be responsible for other management tasks (such as adding computer objects, controlling Group Policy Objects or managing group membership, but for now let us concentrate on David).
This is how your AD domain structure looks like:
Note: This is only an example, you should use your own OU structure, based upon management and GPO functionality considerations.
In this step I’ve chosen the Properties task, but you can choose your own tasks.
Note that although all right-click tasks are available for you to choose from, creating a task in this stage will not give the user that’s supposed o use this Taskpad any additional permissions on the objects. I.e. if I choose New > Group from the available tasks and the user that’s going to use this tool does NOT have the permission to create a new group in the Sales OU, he or she will NOT see the task button, although I’ve specifically added it to the task buttons.
When done click Next.
This time I chose Delete.
Follow steps 13 to 14 and re-run the wizard.
Here are some of the options available:
New User:
Reset Password:
Disable Account:
Enable Account:
Find:
Refresh:
Notice how the original tree display is still visible. We will fix this right away.
Now let us test the Taskpad:
When you click on Find, a Find dialog box appears:
and when you click on User, a new user dialog box appears:
In conclusion, the Taskpad views are powerful add-ons to the administrator’s arsenal, and can be used in various scenarios. Remember that the Taskpad view is not just limited to the AD Users & Computers snap-in, but can be used in virtually and available snap-in. Also, as a security measure, do NOT rely on the Taskpad’s available buttons to prevent a user from doing harm. Use good permission strategy to protect your resources, and only use the Taskpad as a method of easing your administrative burden, not as a security measure.
You might also want to read the following related articles:
Delegate! Passing Administrative Control with Active Directory
More in Active Directory
Microsoft Launches New On-Premises Unified Update Platform To Manage Windows Updates
Jul 27, 2022 | Rabia Noureen
How to Fix The "Trust Relationship Between This Workstation And The Primary Domain Failed" Error
Jul 27, 2022 | Michael Reinders
CISA Advises Federal Agencies to Patch Windows LSA Flaw Affecting Domain Controllers
Jul 5, 2022 | Rabia Noureen
Most popular on petri