Monday, 15 April 2013

Tip - Using Active Directory Users & Computers to Manage Another Domain

Today a colleague asked me how to connect to our forest root domain from an admin workstation in our child domain when using Active Directory Users & Computers (ADUC).  The forest root domain contains only a small number of servers, and they all have Windows 2012 Standard (Core) installed so no GUI.  What he wanted to do was quickly look at something with ADUC an not mess around with Windows PowerShell.  I thought it would be easy, but it isn't as easy as I thought, I figured it out in the end, but was a bit surprised this isn't built into the GUI tools.

This is what we did.

1.  On the admin workstation (a child domain member) launched an elevated command prompt with an admin level account local to the child domain (and probably would have worked with an admin level account that was only a workstation admin)

2.  Run the following command using credentials from the parent domain:

runas /netonly /user:DOMAIN01\TechGuy "mmc.exe dsa.msc"

This worked a treat and my colleague was able to do what he needed to do.  Is there a better way?

No comments:

Post a Comment