Active Roles 7.3.1 - User Guide

Introduction Getting Started User or Service Account Management Group Management Computer Account Management Organizational Unit Management Management of Contacts Management of Exchange Recipients

Steps for deleting a computer account

Steps for deleting a computer account

To delete a computer account

  1. In the console tree, locate and select the folder that contains the computer account.
  2. In the details pane, right-click the computer account, and then click Delete.

NOTE:

  • You can delete multiple computer accounts at a time: Select the accounts, right-click the selection, and click Delete. To select multiple accounts, press and hold down CTRL, and then click each account.
  • Once a computer account has been deleted, all permissions and memberships associated with that computer account are permanently deleted. Because the security ID (SID) for each account is unique, a new computer account with the same name as a previously deleted computer account does not automatically assume the permissions and memberships of the previously deleted account. To duplicate a deleted computer account, all permissions and memberships must be manually recreated.
  • You can use the Find function of Active Roles in order to locate the computer accounts you want to delete. Once you have found the computer accounts, you can delete them as follows: Select the accounts in the list of search results, right-click the selection, and click Delete.
  • When deleting a computer account, you may encounter an error message stating that access is denied. A possible cause of this error is that the computer account is protected from deletion. To delete a protected computer account, you should first go to the Object tab in the Properties dialog box for that computer account, and clear the Protect object from accidental deletion check box.

Managing a remote computer

Managing a remote computer

The Active Roles console allows you to open the Computer Management console from which you can administer a remote computer. Computer Management combines several administration utilities into a single console, providing easy access to the computer’s administrative properties and tools. You must have administrative rights on the computer to view certain information or to modify computer properties using Computer Management.

To manage a remote computer

  1. In the console tree, locate and select the folder that contains the computer account of the computer you want to manage.
  2. In the details pane, right-click the computer account, and then click Manage to open the Computer Management console.

NOTE: You can use the Find function of Active Roles to locate the computer account of the computer you want to manage. Once you have found the computer account, you can start Computer Management as follows: Right-click the computer account in the list of search results, and then click Manage.

Using Remote Desktop Connection

Using Remote Desktop Connection

From the Active Roles console, you can access a computer through Remote Desktop Connection. The Connect via RDP command on a computer object allows you to establish a Remote Desktop Connection session to the computer represented by that computer object in Active Directory.

By supporting Remote Desktop Connection, Active Roles enables you to access a remote computer from your computer running the Active Roles console. However, the object representing the remote computer must be available in the console. This requires that the remote computer be a member of one of the domains managed by Active Roles. Additionally, the commonly-known requirements must be met that apply to Remote Desktop Connection: The remote computer must have Remote Desktop enabled, it must be available on the network, and it must be configured so that the user has permission to connect.

To access a computer through Remote Desktop Connection

  1. In the Active Roles console, locate the desired computer object.
  2. Right-click the computer object and then click Connect via RDP.

Viewing BitLocker recovery passwords

Viewing BitLocker recovery passwords

Active Roles allows you to locate and view BitLocker recovery passwords that are stored in Active Directory. This tool helps to recover data on a drive that has been encrypted by using BitLocker. You can examine a computer object’s property pages to view the corresponding BitLocker recovery passwords. Additionally, you can perform a domain-wide search for a BitLocker recovery password.

Administrators can configure BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives to Active Directory. Recovery information includes the recovery password for each BitLocker-protected drive, and the information required to identify which computers and drives the recovery information applies to. Backing up recovery passwords for BitLocker-protected drives allows administrators to recover the drive if it is locked, thereby ensuring that authorized persons can always access encrypted data belonging to the enterprise.

To view BitLocker recovery passwords, you must have been granted the appropriate permissions in Active Roles. The following Access Template provides sufficient permissions to view BitLocker recovery passwords:

  • Computer Objects - View BitLocker Recovery Keys
  • In addition, viewing BitLocker recovery passwords in a given Active Directory domain requires the following:
  • The domain must be configured to store BitLocker recovery information (see “Backing Up BitLocker and TPM Recovery Information to AD DS” at http://technet.microsoft.com/en-us/library/dd875529.aspx).
  • The computers protected by BitLocker must be joined to the domain.
  • BitLocker Drive Encryption must have been enabled on the computers.
Related Documents