Computer accounts are Active Directory objects used to represent physical computers. Computer accounts allow computers to join the domain, and control their access to resources on the network. The operating system uses computer account information to determine access permissions for a computer.
Active Roles provides the facility to perform administrative tasks such as create, modify, and delete computer accounts. Active Roles can also be used to disable and enable accounts, add and remove accounts from groups, and reset accounts.
The following section describes how to use the Active Roles console to manage computer accounts. You can also use the Active Roles Web Interface to perform management tasks on computer accounts.
You can create a computer account as follows: in the console tree, right-click the container where you want to add the account, select New | Computer, and then follow the instructions in the wizard.
In the wizard, some property labels may be displayed as hyperlinks. In the following figure, these are Computer name and the Computer name (pre-Windows 2000). The hyperlink indicates that Active Roles enforces certain policy restrictions on the property. To examine policy details, click the hyperlink: the policy information is displayed (see Getting policy-related information earlier in this document).
Figure 18: Creating a computer account
The policy information is also displayed whenever you supply a property value that violates a policy restriction. The wizard cannot proceed until you enter an acceptable value.