How do I configure an ActiveView to allow Assistant Admins to create and delete computer accounts? (NETIQKB373)

  • 7700373
  • 02-Feb-2007
  • 20-Jun-2007

Resolution

goal
How do I configure an ActiveView to allow Assistant Admins to create and delete computer accounts?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fix

Follow these steps to create an ActiveView in Directory and Resource Administrator (DRA) to allow Assistant Admins to create and delete computer accounts:

For DRA 6.x versions:

  1. Launch the MMC interface on the Primary DRA server while logged on as an Assistant Admin with, at minimum, the Built-in Security Role.
  2. Expand ActiveView management.
  3. Highlight ActiveViews and click New.
  4. Type in a name for the ActiveView and click Finish.
  5. In the Add objects dialog box, select Custom rule and click Next.
  6. Select the Include option and click Next.
  7. Highlight Computers and click Next.
  8. Highlight in any domain and click Next.
  9. Highlight All computers and click Next.
  10. Click Next.
  11. Type in a name for this rule and click Finish.
  12. In the What would you like to do next? dialog box, click Add more objects.
  13. In the Add objects dialog box, select Target Containers (OUs) for create operations and click Next.
  14. Highlight in specific domain and click the link in the Rule Description box.
  15. Specify the managed domain and click OK.
  16. Click Next.
  17. Highlight Specific OU.
  18. Click the link in the Rule Description box, select the OU in which the object is to be created and click Next.
  19. Type in a name for this rule and click Finish.
  20. In the What would you like to do next? dialog box, click the Assign Assistant Admins button.
  21. Click the Add users button.
  22. Highlight a user account, click Add, click OK, and then click Next.
  23. Click Add powers.
  24. Expand the Computers category.
  25. Expand the Create a Computer Account category.
  26. Click All Properties - Create a Computer Account.
  27. Click Delete a Computer Account and click Add.
  28. Click Next .
  29. Click Finish.

In the above ActiveView, the assigned Assistant Admin will be able to delete any computer account in the domain but will only be able create computer accounts in the OU specified in step 17.

For DRA 7.x versions: 

  1. Launch the Delegation and Configuration console on the Primary DRA server while logged on as an Assistant Admin with, at minimum, the Built-in Security Role.
  2. Expand the Delegation Management node.
  3. Select ActiveViews and right click and select New Active View.
  4. Click Next.
  5. Click Add and select Objects that match a rule.
  6. On the Select Object Type page, select Computers.
  7. Select any OU and specific OU.
  8. Select the OU that will be managed by this ActiveView (Child OUs are managed by default).
  9. Click Add.
  10. Select Target containers for create operations...
  11. Select the OU in which computer accounts should be created, then click OK.
  12. Click OK and give the ActiveView a name.
  13. Click Finish.
  14. Click Next and Add.
  15. Choose to add User(s), Groups, or Advanced (Assistant Admin Groups) to specify who you are delegating this ability for and select Add.
  16. Click OK and Next.
  17. Click Add and Roles.
  18. Type Create and Del.
    ete Computer Accounts 
    and click Find Now.
  19. Select Create and Delete Computer Accounts and click Add.
  20. Click OK and Next.
  21. Click Next and Finish.

In the above ActiveView, the assigned Assistant Admin will be able to delete any computer account in the domain but will only be able create computer accounts in the OU specified in step 11.

.


Additional Information

Formerly known as NETIQKB373