Difference between revisions of "Installing RSAT"

(Adding information about the missing Server for NIS Tools in Windows 10 RSAT)
m (Removed unnecessary word)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
= Introduction =
 
= Introduction =
  
The easiest way to administrate a Samba Domain and Active Directory is by using Microsofts RSAT (Remote Server Administration Tools) on a Windows workstation.
+
To administer Active Directory (AD) from Windows, use the Microsoft Remote Server Administration Tools (RSAT). The tools are available for all platforms, Microsoft actively supports.
 
 
"samba-tool" already contains many features for common administration jobs, but compared with the RSAT, it is still missing many options. Another big advantage of using RSAT is that it increases the available documentation (books, online, etc.), because it's the same way that Windows administrators are doing the tasks.
 
  
  
Line 11: Line 9:
 
= Download =
 
= Download =
  
* Windows 10: https://www.microsoft.com/en-us/download/details.aspx?id=45520 (See [[#Note_about_RSAT_for_Windows_10_-_Server_for_NIS_Tools|Note about RSAT for Windows 10 - Server for NIS Tools]])
+
* Windows 10: https://www.microsoft.com/en-us/download/details.aspx?id=45520
  
 
* Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296
 
* Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296
Line 20: Line 18:
  
 
* Windows Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
 
* Windows Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
 +
 +
In Windows Server operating systems, the Microsoft Remote Server Administration Tools (RSAT) are included.
  
  
Line 27: Line 27:
 
= Installation =
 
= Installation =
  
* Install RSAT using the downloaded installer.
+
== Windows 8 and later ==
 +
 
 +
* Start the downloaded installer and follow the instructions. All features are installed automatically.
 +
 
 +
 
 +
 
 +
== Windows Vista and 7 ==
 +
 
 +
* Start the downloaded installer and follow the instructions.
 +
 
 +
* Click <code>Start</code>, enter <code>Programs and Features</code> into the search field and start the application.
 +
 
 +
* Select the features to install:
 +
: The following are the recommended features to administer a Samba Active Directory installation:
 +
 
 +
:{| class="wikitable"
 +
!Feature
 +
!Description
 +
|-
 +
|Group Policy Management Tools
 +
|Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor.
 +
|-
 +
|Active Directory Module for Windows PowerShell
 +
|Optional. Enables Active Directory (AD) PowerShell cmdlets.
 +
|-
 +
|AD DS Tools
 +
|Provides the <code>Active Directory Users and Computers</code> (ADUC) and <code>Active Directory Sites and Services</code> MMC Snap-in.
 +
|-
 +
|Server for NIS Tools
 +
|Adds the <code>UNIX Attributes</code> tab to ADUC objects properties. It enables you to configure [[Idmap_config_ad|RFC2307 attributes]].
 +
|-
 +
|DNS Server tools
 +
|DNS MMC Snap-in for remote DNS management.
 +
|-
 +
|Remote Desktop Services Tool
 +
|Optional. Adds the <code>Remote Desktop Services Profile</code> tab to the ADUC user object's properties and installs the <code>RDP server administration</code> MMC Snap-in. Install this feature to configure remote desktop protocol (RDP) settings in ADUC.
 +
|}
 +
 
 +
* Click <code>OK</code> to install the features.
 +
 
 +
You can find the installed tools in the <code>Administrative tools</code> menu in your start menu. Alternatively, add the Snap-ins in the MMC using the <code>File</code> / <code>Add/Remove Snap-in</code> menu.
 +
 
 +
 
 +
 
 +
== Windows Server ==
 +
 
 +
* Start the <code>Server Manager</code>.
 +
 
 +
* On Windows Server 2012, 2012 R2, and 2016:
 +
:* Click <code>Add roles and features</code>.
 +
:* Select <code>Role-based or feature-based installation</code>.
 +
:* Select the host on which to install the features.
 +
:* Click <code>Next</code> on the <code>Roles</code> page.
 +
 
 +
* On Windows Server 2008 and 2008 R2:
 +
:*Select <code>Features</code> in the navigation tree and click <code>Add Features</code>.
 +
 
 +
* Select the features to install:
 +
: The following are the recommended features to administer a Samba Active Directory installation:
 +
 
 +
:{| class="wikitable"
 +
!Feature
 +
!Description
 +
|-
 +
|Group Policy Management
 +
|Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor.
 +
|-
 +
|AD DS Snap-Ins and Command-Line Tools
 +
|Optional. Provides the <code>Active Directory Users and Computers</code> (ADUC) and <code>Active Directory Sites and Services</code> MMC Snap-in.
 +
|-
 +
|Server for NIS Tools
 +
|Adds the <code>UNIX Attributes</code> tab to ADUC objects properties. It enables you to configure [[Idmap_config_ad|RFC2307 attributes]].<br />This feature is not supported in Windows Server 2016. For details, see [[#Missing_.22Unix_Attributes.22_tab_in_ADUC_on_Windows_10|Missing "Unix Attributes" tab in ADUC on Windows 10 and Windows Server 2016]].
 +
|-
 +
|Active Directory Module for Windows PowerShell
 +
|Enables Active Directory (AD) PowerShell cmdlets.
 +
|-
 +
|DNS Server tools
 +
|DNS MMC Snap-in for remote DNS management.
 +
|}
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Enabling the <code>Advanced Features</code> Mode =
 +
 
 +
Many Remote Server Administration Tools (RSAT) provide additional features and options after enabling the <code>Advanced Features</code> option. To activate:
 +
 
 +
* Select the root of the navigation tree on the left side.
  
* Open „Programs and Features“ (use the startmenu/metro search to locate the tool).
+
* Open the <code>View</code> menu.
  
* Click to „Turn Windows features on or off“.
+
* Select <code>Advanced Features</code>.
  
:Depending on the administrative tasks you want to perform, you choose which features to install. The following are recommended options to be installed for Samba AD backends:
+
:[[Image:ADUC_Enabling_Advanced_Features.png]]
  
:[[Image:Turn_Windows_features_on_or_off_RSAT.png]]
 
  
:Feature explanation:
 
:* <u>Group Policy Management Tools</u>: Provides Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor)
 
:* <u>Active Directory Module for Windows PowerShell</u>: Administrating AD via PowerShell. See [https://technet.microsoft.com/de-de/library/dd378937%28v=ws.10%29.aspx https://technet.microsoft.com/de-de/library/dd378937%28v=ws.10%29.aspx]
 
:* <u>AD DS Tools</u>: Provides Active Directory Users and Computers (ADUC) MMC snap-in
 
:* <u>Server for NIS Tools</u>: Adds the „UNIX Attributes“ tab to ADUC objects properties ('''required for [[General_information_on_RFC2307|RFC2307]] administration!'''). Windows 10 users, see [[#Note_about_RSAT_for_Windows_10_-_Server_for_NIS_Tools|Note about RSAT for Windows 10 - Server for NIS Tools]].
 
:* <u>DNS Server tools</u>: Provides the DNS MMC Snap-in for remote DNS management.
 
:* <u>Remote Desktop Services Tool</u>: Extends user properties in ADUC with several tabs about RDP settings and installs MMC Snap-ins for RDP server administration.
 
  
* After clicking „OK“, the features are getting activated and can be found in the „Administrative tools“ menu. If not found there, start "mmc.exe" and add the required snap-ins via "File" / "Add/Remove Snap-in...".
 
  
  
 +
= Missing <code>Unix Attributes</code> tab in ADUC on Windows 10 and Windows Server 2016 =
  
 +
Windows 10 and Windows Server 2016 do not support the <code>Server for NIS Tools</code> option. Without this feature, the Active Directory User and Computer (ADUC) console does not show the <code>Unix Attributes</code> tab on user and group objects. To work around this problem, set the attributes in Active Directory (AD) manually or use a different Windows operating system.
  
 +
To manually set the attributes, use the <code>Attributes</code> tab on user and group object's properties. Note that this tab is only visible if you enabled the advanced features in ADUC. For further details, see [[#Enabling_the_Advanced_Features_Mode|Enabling the "Advanced Features" Mode]].
  
= Enabling the „Advanced Features“ view =
+
The fields from the <code>Unix Attributes</code> tab are mapped to the following AD attributes of the object:
  
Most of the RSAT tools hide content and menu options in their default setting. To enable all features and display the whole content in each program, go to the „View“ menu and activate „Advanced Features“. Typically this option is only visible, when you've marked the root of the tree view. E. g. in ADUC, you see the option in the „View“ menu only when you have clicked to the „Active Directory Users and Computers“ node.
+
* Users:
  
:[[Image:ADUC_enabling_Advanced_Features.png]]
+
:{| class="wikitable"
 +
!Field on the "Unix Attributes" tab
 +
!Active Directory attribute
 +
|-
 +
|NIS Domain
 +
|msSFU30NisDomain
 +
|-
 +
|UID
 +
|uidNumber
 +
|-
 +
|Logon Shell
 +
|loginShell
 +
|-
 +
|Home Directory
 +
|unixHomeDirectory
 +
|-
 +
|Primary group name/GID
 +
|primaryGroupID
 +
|}
  
 +
* Groups:
  
 +
:{| class="wikitable"
 +
!Field on the "Unix Attributes" tab
 +
!Active Directory attribute
 +
|-
 +
|NIS Domain
 +
|msSFU30NisDomain
 +
|-
 +
|GID (Group ID)
 +
|gidNumber
 +
|}
  
 +
{{Imbox
 +
| type = note
 +
| text = If you set user IDs (UID) and group IDs (GID) manually, you must also track the last used UID and GID numbers manually.
 +
}}
  
  
= Note about RSAT for Windows 10 - Server for NIS Tools =
 
  
RSAT on Windows 10 doesn't ship the "Server for NIS Tools" any more. Dies means you don't have the "Unix attributes" tab in "Active Directory User and Computer" (ADUC) any more for filling those attributes in a form. However, you still can edit the attributes via the "Attributes" tab in the ADUC properties (requires the [[#Enabling_the_.E2.80.9EAdvanced_Features.E2.80.9C_view|advanced features]] option enabled). In the following, we list the attributes, that were filled by the fields on the "Unix Attributs" tab of previous RSAT versions:
 
  
<u>User objects:</u>
 
* NIS Domain: msSFU30NisDomain
 
* UID: uidNumber
 
* Logon Shell: loginShell
 
* Home Directory: unixHomeDirectory
 
* Primary group name/GID: primaryGroupID
 
  
<u>Group objects:</u>
 
* NIS Domain: msSFU30NisDomain
 
* GID (Group ID): gidNumber
 
  
 +
= Reporting Problems and Incompatibilities =
  
 +
To report problems or incompatibilities when using the Microsoft Remote Server Administration Tools (RSAT), see [[Bug_Reporting|Bug Reporting]].
  
  
  
= Reporting incompatibilities and problems =
 
  
If you encounter any problems using the Microsoft tools for administrating your Active Directory, please [[Bug_Reporting|report a bug]]
 
  
As well as the problem description, please attach a level 10 debug log and if possible a network capture. It would also be a great help if you can provide a network capture against a Microsoft Server as comparison.
+
----
 +
[[Category:Active Directory]]
 +
[[Category:User Management]]
 +
[[Category:Group Policy Management]]
 +
[[Category:DNS]]

Latest revision as of 06:51, 1 June 2017

Introduction

To administer Active Directory (AD) from Windows, use the Microsoft Remote Server Administration Tools (RSAT). The tools are available for all platforms, Microsoft actively supports.



Download

In Windows Server operating systems, the Microsoft Remote Server Administration Tools (RSAT) are included.



Installation

Windows 8 and later

  • Start the downloaded installer and follow the instructions. All features are installed automatically.


Windows Vista and 7

  • Start the downloaded installer and follow the instructions.
  • Click Start, enter Programs and Features into the search field and start the application.
  • Select the features to install:
The following are the recommended features to administer a Samba Active Directory installation:
Feature Description
Group Policy Management Tools Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor.
Active Directory Module for Windows PowerShell Optional. Enables Active Directory (AD) PowerShell cmdlets.
AD DS Tools Provides the Active Directory Users and Computers (ADUC) and Active Directory Sites and Services MMC Snap-in.
Server for NIS Tools Adds the UNIX Attributes tab to ADUC objects properties. It enables you to configure RFC2307 attributes.
DNS Server tools DNS MMC Snap-in for remote DNS management.
Remote Desktop Services Tool Optional. Adds the Remote Desktop Services Profile tab to the ADUC user object's properties and installs the RDP server administration MMC Snap-in. Install this feature to configure remote desktop protocol (RDP) settings in ADUC.
  • Click OK to install the features.

You can find the installed tools in the Administrative tools menu in your start menu. Alternatively, add the Snap-ins in the MMC using the File / Add/Remove Snap-in menu.


Windows Server

  • Start the Server Manager.
  • On Windows Server 2012, 2012 R2, and 2016:
  • Click Add roles and features.
  • Select Role-based or feature-based installation.
  • Select the host on which to install the features.
  • Click Next on the Roles page.
  • On Windows Server 2008 and 2008 R2:
  • Select Features in the navigation tree and click Add Features.
  • Select the features to install:
The following are the recommended features to administer a Samba Active Directory installation:
Feature Description
Group Policy Management Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor.
AD DS Snap-Ins and Command-Line Tools Optional. Provides the Active Directory Users and Computers (ADUC) and Active Directory Sites and Services MMC Snap-in.
Server for NIS Tools Adds the UNIX Attributes tab to ADUC objects properties. It enables you to configure RFC2307 attributes.
This feature is not supported in Windows Server 2016. For details, see Missing "Unix Attributes" tab in ADUC on Windows 10 and Windows Server 2016.
Active Directory Module for Windows PowerShell Enables Active Directory (AD) PowerShell cmdlets.
DNS Server tools DNS MMC Snap-in for remote DNS management.



Enabling the Advanced Features Mode

Many Remote Server Administration Tools (RSAT) provide additional features and options after enabling the Advanced Features option. To activate:

  • Select the root of the navigation tree on the left side.
  • Open the View menu.
  • Select Advanced Features.
ADUC Enabling Advanced Features.png



Missing Unix Attributes tab in ADUC on Windows 10 and Windows Server 2016

Windows 10 and Windows Server 2016 do not support the Server for NIS Tools option. Without this feature, the Active Directory User and Computer (ADUC) console does not show the Unix Attributes tab on user and group objects. To work around this problem, set the attributes in Active Directory (AD) manually or use a different Windows operating system.

To manually set the attributes, use the Attributes tab on user and group object's properties. Note that this tab is only visible if you enabled the advanced features in ADUC. For further details, see Enabling the "Advanced Features" Mode.

The fields from the Unix Attributes tab are mapped to the following AD attributes of the object:

  • Users:
Field on the "Unix Attributes" tab Active Directory attribute
NIS Domain msSFU30NisDomain
UID uidNumber
Logon Shell loginShell
Home Directory unixHomeDirectory
Primary group name/GID primaryGroupID
  • Groups:
Field on the "Unix Attributes" tab Active Directory attribute
NIS Domain msSFU30NisDomain
GID (Group ID) gidNumber




Reporting Problems and Incompatibilities

To report problems or incompatibilities when using the Microsoft Remote Server Administration Tools (RSAT), see Bug Reporting.