You can use the Web Interface to manage directory data in Microsoft Active Directory Lightweight Directory Services (AD LDS). Similarly to Active Directory domains, directory data can be managed in only the AD LDS instances that are registered with Active Roles (managed AD LDS instances).
The application directory partitions found on the managed AD LDS instances are grouped together in the AD LDS (ADAM) container, thus making it easy to locate the AD LDS data. Each directory partition is represented by a separate container (node) so you can browse the partition tree the same way you do for an Active Directory domain.
The Web Interface supports a wide range of administrative operations on AD LDS users, groups and other objects, so you can create, view, modify, and delete directory objects, such as users, groups, containers and organizational units, in AD LDS the same way you do when managing data in Active Directory.
To browse the directory tree in AD LDS directory partitions
- On the Navigation bar, click Directory Management.
- In the Browse pane, click the Tee tab.
- On the Tree tab, do the following:
- Expand the AD LDS (ADAM) container.
- Under AD LDS (ADAM), expand a directory partition object to view its top-level containers.
- Expand a top-level container to view the next level of objects in that container.
- Do one of the following:
- To move down a directory tree branch, continue expanding the next lowest container level on the Tree tab.
- To administer a directory object at the current directory level, click a container on the Tree tab and use the instructions that follow.
To manage directory data in AD LDS
On the Tree tab in the Browse pane, under AD LDS (ADAM), click the container that holds the data you want to manage.
- In the list of objects, select the object that represents the directory data you want to manage.
- Use commands in the Command pane to perform management tasks.
NOTE: In the list of objects, clicking the name of a leaf object, such as a user or group, displays a page intended to view or modify object properties; clicking a container object, such as a partition or an organizational unit, displays a list of objects held in that container.
You can use the Web Interface to manage the following computer resources:
- Services Start or stop a service, view or modify properties of a service.
- Network file shares Create a file share, view or modify properties of a file share, stop sharing a folder.
- Logical printers Pause, resume or cancel printing, list documents being printed, view or modify properties of a printer.
- Documents being printed (print jobs) Pause, resume, cancel or restart printing of a document, view or modify properties of a document being printed.
- Local groups Create or delete a group, add or remove members from a group, rename a group, view or modify properties of a group. Unavailable on domain controllers.
- Local users Create or delete a local user account, set a password for a local user account, rename a local user account, view or modify properties of a local user account. Unavailable on domain controllers.
- Devices View or modify properties of a logical device, start or stop a logical device.
To manage computer resources
- In the Web Interface, locate the computer that hosts resources you want to manage. For instructions on how to locate objects in the Web Interface, see Locating directory objects earlier in this document.
- Select the computer in the list of objects, and then click Manage in the Command pane.
- In the list of resource types, click the type of resource you want to manage.
- In the list of objects that appears, select the resource you want to manage.
- Use commands in the Command pane to perform management tasks on the selected resource.
To manage print jobs
- Repeat Steps 1–2 of the previous procedure, to start managing computer resources.
- In the list of resource types, click Printers to view a list of printers found on the computer you selected.
- In the list of printers, select a printer whose print jobs you want to manage.
- In the Command pane, click Print Jobs to view a list of documents being printed.
- In the list of documents, select a document to pause, resume, restart, or cancel printing.
- Use commands in the Command pane to perform management tasks on the selected document.
The Web Interface can be used to restore deleted objects in any managed domain that is configured to enable Active Directory Recycle Bin—a feature of Active Directory Domain Services introduced in Microsoft Windows Server 2008 R2.
To undo deletions, Active Roles relies on the ability of Active Directory Recycle Bin to preserve all attributes, including the link-valued attributes, of the deleted objects. This makes it possible to restore deleted objects to the same state they were in immediately before deletion. For example, restored user accounts regain all group memberships that they had at the time of deletion.
This section provides instructions on how to restore deleted objects by using the Web Interface. For more information, see the “Recycle Bin” chapter in the Active Roles Administration Guide.
If Active Directory Recycle Bin is enabled in a managed domain, the Web Interface provides access to the Deleted Objects container that holds the deleted objects from that domain. On the Tree tab in the Browse pane, the Deleted Objects container appears at the same level as the domain object, under the Active Directory node. If multiple managed domains have Active Directory Recycle Bin enabled, then a separate container is displayed for each domain. To tell one container from another, the name of the container includes the domain name (for example, MyDomain.MyCompany.com - Deleted Objects).
When you select the Deleted Objects container, the Web Interface lists all the deleted objects that exist in the corresponding domain. The list can be sorted or filtered as appropriate to locate particular objects (see Managing the list of objects earlier in this document). If you click an object in the list, a menu appears that displays all actions you can perform on that object.