By default, not all folders and objects are displayed.
To view everything, you have to go to the "View" menu and click on "Advanced Features".
For example, by default, the "ForeignSecurityPrincipals" folder appears empty.
But once the advanced features are enabled, special accounts of the "Foreign Security Principal" type will appear.
You will also find other folders, such as :
In the "System" folder of the Active Directory, you will find, for example, data about :
Enabling the advanced features of this "Active Directory Users and Computers" console will also add 3 tabs in the properties of each Active Directory object :
In the "Object" tab, you will find :
In the "Security" tab, you will find the list of permissions granted to specific users and/or user groups on the desired Active Directory object.
When you create delegations of control over some objects or a part of your Active Directory infrastructure, it's via this tab that you can modify or delete the permissions created transparently by the "Delegation of Control Wizard".
In the "Attributes Editor" tab, you can find out and modify the attributes of the desired object if you wish.
You can, for example, know the full LDAP name of an object by selecting its "distinguishedName" attribute and clicking "View" to see the full value.
If your Active Directory domain has many objects per folder, be aware that you can easily filter the type of object displayed by clicking on : View -> Filter Options.
To finish with this console, here are the different actions that you can perform by right-clicking on the name of your Active Directory domain.
To get started, you can create a delegation of control.
Delegations of control allow you to delegate the management of some tasks to some users and/or groups.
Thanks to these, you will be able to authorize users and/or user groups to :
You will be able to search for different types of objects in your Active Directory domain :
By clicking on "Change Domain", you can connect the console to another Active Directory domain (or subdomain).
By clicking on the "Browse" button, the list of domains to which you have access will be displayed.
By clicking on "Change Domain Controller", you will be able to connect to another domain controller.
This can be useful in the event that you are physically on a read-only domain controller (RODC), but need to create or modify some objects.
You will be able to raise the domain functional level to benefit from more features.
That being said, domain controllers running a version earlier than the one selected will therefore no longer be supported in your Active Directory infrastructure.
By clicking on "Operations Master", you can find out which domain controller owns which FSMO role and change the owner of these different roles if you have the rights to do so and the console is currently connected to the destination server of this role.
Note that a read-only domain controller (RODC) obviously can't be designated as master for FSMO roles since this domain controller is read-only.
Here you can know the owner for the following FSMO roles :
If you click on "Properties", you will find the DNS and NETBIOS domain name of your Active Directory domain, as well as the functional level of your domain and that of the forest in which it's located.
If you click on "All Tasks -> Resultant Set of Policy (Planning)", you can quickly test the application of your group policies.
Knowing that this is not 100% reliable, as there is often a difference between what you configure in policies and what is applied and/or supported by client PCs.
It's therefore important to not rely solely on the result that this feature will show you.
You select a computer and a user to test both the "Computer Configuration" and the "User Configuration" of your Group Policies (GPO).
And this "Resultant Set of Policy" feature shows you what the client PC will receive as a configuration.
And it tells you which settings are set or not, what value has been set for them, and from which GPO those settings come from.
Windows Server 11/12/2011
Windows Server 1/9/2013
Windows Server 6/4/2021
Windows Server 7/31/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2021 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.