Home

   Benefits

   Join

   Support

   Tech-Pages

 

 

Active Directory : Tech-Pages
Managing AD Users and Computers

Author Mark N. Goedert
mgoedert@uic.edu

Introduction

This guide provides an overview using the UIC Active Directory to manage workstations, users, and other resources with the Microsoft Management Console (MMC).

Prerequisites

  • Your workstation must run Windows 2000 or Windows XP operating system.
  • You must be a local administrator on your workstation to install the Administration tools.
  • You should have a basic understanding of AD concepts such as users, groups, and group policies.
  • You need to be included in the OU administrators group for your department.

Installing the Tools

The first step in leveraging the Active Directory is to install the needed software to manage users and computers. The Management Console (MMC) for Active Directory Users and Computers only needs to be installed on the REACH person’s computers. You can have multiple installations of the software on different machines however only a REACH person will have sufficient rights to use the software.

Download and install the adminpak.msi on your workstation. The software can be found at;

http://www.microsoft.com/downloads
Keyword search: adminpak.msi

The Administrators Took Pack installs about 30 different tools on your workstation. As a REACH member you only need, and only have rights to, one tool. The program you are looking for is called “Active Directory Users and Computers”. The rest of the programs can be deleted from your workstation.

Setup the AD Users and Computers MMC

You will need the following information to setup the AD Users and Computers MMC to access your branch of the AD tree.

Domain: ad.uic.edu
User Name: ad\<YourNetID>

* The ACCC grants requested NetIDs administrative access to the branch of the AD tree when the branch is initially created.

* This branch is referred to as your Organizational Unit or "OU" in Active Directory. You told us the name of your OU when you initiall filled out the request to use the UIC AD. The format will generally be:

<DeptOU>.depts.ad.uic.edu

Where <DeptOU> is the name you provided when you requested the creation of your UIC-AD OU.

Using the Tools

Once you click on Active Directory Users and Computers you will see a window similar to the one pictured here. The ACCC has granted an OU or “Organizational Unit” for your department. The OU is where you will store and manage all of your computers and resources.

In the picture above the office of Admissions and Records (OAR) is highlighted. Under the OAR container there is a sub container for the computers in the office. There are also two groups in the OAR container, they are;

  • DL-OAR Admins – Has full rights to the ou: OAR.Depts.ad.uic.edu
  • GG-OAR Admins – Contains the Administrators for OAR.Depts.ad.uic.edu

These groups should not be deleted. The REACH person can edit the membership of “GG-OAR Admins” to grant or deny Administrative rights to the OAR container. The “DL-OAR Admins” group membership should not be touched and the Domain Local Group should only contain “GG-OAR Admins”.

That does it for the basics in Active Directory Users and Computers.

Page Last Updated 5/30/2008

 

Copyright © 2008 The Board of Trustees of the University of Illinois