
close
close
How can I easily perform management operations in AD from a customized Taskpad?
As your AD infrastructure grows, and the number of objects within it constantly changes, you might find that managing the growing number of users, groups and computers is becoming more than a headache. Fortunately for us, one of Active Directory’s best features is the ability to delegate administrative control over specific objects to lower-level administrators.
You can read more about the administrative tasks delegation in an article that will be published shortly.
In this article I’ll show how to create a custom tool (called Taskpad) from the Active Directory Users and Computers snap-in, and how to use this custom tool to ease some of your daily user management tasks.
Let’s assume that your organization has an AD domain with several thousands of users. This domain consists of several distinctive divisions or departments. You have already created the right OU (Organization Unit) structure, and have already placed the right users accounts, groups and computers in their respective OUs.
We will also assume that one user named David will be responsible for managing all the user objects within the Sales OU. Other users might be responsible for other management tasks (such as adding computer objects, controlling Group Policy Objects or managing group membership, but for now let us concentrate on David).
This is how your AD domain structure looks like:
Note: This is only an example, you should use your own OU structure, based upon management and GPO functionality considerations.
advertisment
advertisment
advertisment
In this step I’ve chosen the Properties task, but you can choose your own tasks.
Note that although all right-click tasks are available for you to choose from, creating a task in this stage will not give the user that’s supposed o use this Taskpad any additional permissions on the objects. I.e. if I choose New > Group from the available tasks and the user that’s going to use this tool does NOT have the permission to create a new group in the Sales OU, he or she will NOT see the task button, although I’ve specifically added it to the task buttons.
When done click Next.
This time I chose Delete.
Follow steps 13 to 14 and re-run the wizard.
Here are some of the options available:
New User:
Reset Password:
Disable Account:
Enable Account:
Find:
Refresh:
Notice how the original tree display is still visible. We will fix this right away.
Now let us test the Taskpad:
When you click on Find, a Find dialog box appears:
and when you click on User, a new user dialog box appears:
In conclusion, the Taskpad views are powerful add-ons to the administrator’s arsenal, and can be used in various scenarios. Remember that the Taskpad view is not just limited to the AD Users & Computers snap-in, but can be used in virtually and available snap-in. Also, as a security measure, do NOT rely on the Taskpad’s available buttons to prevent a user from doing harm. Use good permission strategy to protect your resources, and only use the Taskpad as a method of easing your administrative burden, not as a security measure.
You might also want to read the following related articles:
Delegate! Passing Administrative Control with Active Directory
More from Daniel Petri
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Active Directory
Microsoft Rolls Out Azure AD Verifiable Credentials Service to More Customers
May 11, 2022 | Rabia Noureen
Best Practices for Installing Active Directory Domain Controllers in a Virtual Machine
Apr 15, 2022 | Michael Taschler
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group