Using a remote desktop connection
From the Active Roles Console, you can access a computer through Remote Desktop Connection. The Connect via RDP command on a computer object allows you to establish a Remote Desktop Connection session to the computer represented by that computer object in Active Directory.
By supporting Remote Desktop Connection, Active Roles enables you to access a remote computer from your computer running the Active Roles Console. However, the object representing the remote computer must be available in the Console. This requires that the remote computer be a member of one of the domains managed by Active Roles. Additionally, the commonly-known requirements must be met that apply to Remote Desktop Connection: The remote computer must have Remote Desktop enabled, it must be available on the network, and it must be configured so that the user has permission to connect.
To access a computer through Remote Desktop Connection
-
In the Active Roles Console, locate the desired computer object.
-
Right-click the computer object and click Connect via RDP.
Viewing BitLocker recovery passwords
Active Roles allows you to locate and view BitLocker recovery passwords that are stored in Active Directory. This tool helps to recover data on a drive that has been encrypted by using BitLocker. You can examine a computer object’s property pages to view the corresponding BitLocker recovery passwords. Additionally, you can perform a domain-wide search for a BitLocker recovery password.
Administrators can configure BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives to Active Directory. Recovery information includes the recovery password for each BitLocker-protected drive, and the information required to identify which computers and drives the recovery information applies to. Backing up recovery passwords for BitLocker-protected drives allows administrators to recover the drive if it is locked, thereby ensuring that authorized persons can always access encrypted data belonging to the enterprise.
To view BitLocker recovery passwords, you must have been granted the appropriate permissions in Active Roles. The following Access Template provides sufficient permissions to view BitLocker recovery passwords:
-
Computer Objects - View BitLocker Recovery Keys
-
In addition, viewing BitLocker recovery passwords in a given Active Directory domain requires the following:
-
The domain must be configured to store BitLocker recovery information. For more information, see Backing Up BitLocker and TPM Recovery Information to AD DS.
-
The computers protected by BitLocker must be joined to the domain.
-
BitLocker Drive Encryption must have been enabled on the computers.
The following procedures describe the most common tasks that apply to locating and viewing BitLocker recovery passwords.
To view the BitLocker recovery passwords for a computer
-
In the Active Roles Console, locate the desired computer object.
-
Right-click the computer object, then click Properties.
-
In the Properties dialog, click the BitLocker Recovery tab to view the BitLocker recovery passwords that are associated with the computer you selected.
To copy the BitLocker recovery password for a computer
-
Follow the steps in the previous procedure to view the BitLocker recovery passwords.
-
On the BitLocker Recovery tab of the Properties dialog, perform the following steps:
-
In the BitLocker Recovery Passwords list, click the desired password ID.
-
Right-click in the Details box, click Select All, then click Copy.
-
Press Ctrl+V to paste the copied text to a destination location, such as a text file or spreadsheet.
You can use the Active Roles Web Interface to view the BitLocker recovery passwords for a computer. To do so, select the computer object, then choose the BitLocker Recovery command.
To locate a BitLocker recovery password
-
In the Active Roles Console or Web Interface, select the domain object, then choose the Find BitLocker Recovery Password command.
-
On the Find BitLocker Recovery Password page, type the first eight characters of the BitLocker recovery key identification in the Password ID (first 8 characters) box, then click Search.
You can also search for a BitLocker recovery password in all managed domains by choosing the Find BitLocker Recovery Password command on the Active Directory node in the Active Roles Console or Web Interface.
Organizational Unit management
Organizational Unit management
Organizational Units (OUs) are containers in Active Directory. OUs can contain user accounts, groups, computer accounts, and other OUs. An object can be included in only one OU.
When you expand the Active Directory node in the Active Roles Console, the Console tree displays icons representing domains. You can double-click a domain icon to see containers that are defined in the domain. OUs are marked with the following icon:
When you select an OU in the Console tree, the details pane lists objects included in the OU, and the Action menu provides commands to create new objects in the OU, search for objects in the OU, and manage OU properties.
The following section guides you through the Active Roles Console to manage Organizational Units. You can also use the Active Roles Web Interface to perform management tasks on Organizational Units.
Creating an Organizational Unit
You can create new Active Directory Organizational Units (OUs) with the Active Roles Console.
To create an Organizational Unit
-
In the Console tree, locate and select the folder in which you want to add the OU.
-
Right-click the folder, point to New and click Organizational Unit to start the New Object - Organizational Unit wizard.
-
(Optional) Select the Protect container from accidental deletion check box.
-
Follow the wizard pages to specify properties of the new OU, such as the name of the OU.
-
If you want to set values for additional properties (those for which the wizard pages do not provide data entries), click Edit Attributes on the completion page of the wizard.
-
After setting any additional properties, click Finish on the completion page of the wizard.
NOTE: Consider the following when creating an Organizational Unit:
-
To create an OU, you can also click the domain node or folder in which you want to add the OU, then click on the toolbar.
-
By selecting the Protect container from accidental deletion check box you ensure that the newly created OU cannot be deleted, whether using Active Roles or other tools for Active Directory administration. When somebody attempts to delete an OU for which this check box is selected, the operation returns an error indicating that access is denied. For an existing OU, you can view or change this setting on the Object tab in the Properties dialog.