How do I prevent Admins from using native tools (ADU&C) from managing objects in AD? (NETIQKB53328)

  • 7753328
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal

How do I prevent Admins from using native tools like Active Directory Users and Computers (ADU&C) to manage objects in AD?



goal

How do I force Admins to use DRA and not ADU&C?



fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fact
Directory and Resource Administrator 8.0

fix

To prevent Admins from using ADU&C to manage objects in AD, you must remove any native permissions Admins may have, such as membership in the Domain Admins group, Local Admins group, or any other group that grants permissions in AD. Once you remove any native permissions for Admin accounts, you can assign Admin accounts to ActiveViews or add them to Assistant Admin groups in DRA. Removing all native permissions forces Admin accounts to use DRA to manage objects in AD.



Additional Information

Formerly known as NETIQKB53328