About computer accounts
Computer accounts are Active Directory objects used to represent physical computers. Computer accounts allow computers to join the domain, and control their access to resources on the network. The operating system uses computer account information to determine access permissions for a computer.
Active Roles provides the facility to perform administrative tasks such as create, modify, and delete computer accounts. Active Roles can also be used to disable and enable accounts, add and remove accounts from groups, and reset accounts.
The following section describes how to use the Active Roles console to manage computer accounts. You can also use the Active Roles Web Interface to perform management tasks on computer accounts.
Computer account management tasks
This section covers the following tasks:
Creating a computer account
You can create a computer account as follows: in the console tree, right-click the container where you want to add the account, select New | Computer, and then follow the instructions in the wizard.
In the wizard, some property labels may be displayed as hyperlinks. In the following figure, these are Computer name and the Computer name (pre-Windows 2000). The hyperlink indicates that Active Roles enforces certain policy restrictions on the property. To examine policy details, click the hyperlink: the policy information is displayed (see Getting policy-related information earlier in this document).
Figure 18: Creating a computer account
The policy information is also displayed whenever you supply a property value that violates a policy restriction. The wizard cannot proceed until you enter an acceptable value.
Steps for creating a computer account
To create a computer account
- In the console tree, locate and select the folder in which you want to add the computer account.
- Right-click the folder, point to New and click Computer to start the New Object - Computer wizard.
- Follow the wizard pages to specify properties of the new computer account, such as the computer name and pre-Windows 2000 computer name.
- If you want to set values for additional properties (those for which the wizard pages do not provide data entries), click Edit Attributes on the completion page of the wizard.
- After setting any additional properties for the new computer account, click Finish on the completion page of the wizard.
- Normally, the rights of a domain administrator are required to join a computer to the domain through the use of an existing, newly created computer account. If you want to authorize a certain user or group to perform this task, you can do so when creating the computer account: Under The following user or group can join this computer to a domain, click Change, and then select the user or group you want.
- If the computer to be associated with the computer account you are creating is running a pre-Windows 2000 operating system, select the Allow pre-Windows 2000 computers to use this account check box.