Installing RSAT: Difference between revisions
(Created page with "= Samba AD management from Windows = We need install Windows 2003 Adminpak into Windows XP in order to use GUI tools to manage the domain. Before you begin, make sure that the …") |
Mmuehlfeld (talk | contribs) (Added example values for user/group attributes to the table to make it help people understand what need to be set in these attributes.) |
||
(43 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
|||
= Samba AD management from Windows = |
|||
To administer Active Directory (AD) from Windows, use the Microsoft Remote Server Administration Tools (RSAT). The tools are available for all platforms, Microsoft actively supports. |
|||
We need install Windows 2003 Adminpak into Windows XP in order to use |
|||
GUI tools to manage the domain. Before you begin, make sure that the domain |
|||
administrators have administrative rights to control your computer.(To |
|||
give any user administrative rights in Windows XP Pro, right click My |
|||
Computer, select Manage-> choose Groups-> double click Administrators |
|||
and add members from domain into the member list. When you add |
|||
members from Active Directory, it will prompt you to enter an |
|||
Active Directory username and password). |
|||
== Step 1: Installing Windows Remote Administration Tools onto Windows == |
|||
=== Windows 7/Vista === |
|||
#Download the Windows Remote Administration Tools from: |
|||
#* http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960&displaylang=en (Vista) |
|||
#* http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en (Windows 7) |
|||
#Follow the "Install RSAT" instructions |
|||
=== Windows XP Pro === |
|||
= Download = |
|||
==== Administration Tools Pack & Support Tools ==== |
|||
# Download adminpak and supporttools from: |
|||
#* http://www.microsoft.com/downloads/en/details.aspx?FamilyID=86b71a4f-4122-44af-be79-3f101e533d95 |
|||
#* http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd1-981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe |
|||
#:If you installed an older version of the adminpak, you'll notice the dial-in tab is missing from property pages. Just follow the link above to get SP2 which does not have this issue. |
|||
# Run through the installation. |
|||
# Press start->run, type 'dsa.msc', if a window 'active directory users and computers' prompt up, it mean you had install adminpak it successfully. You can also find this at Start>Programs>Administrative Tools, which should have a lot more items now. |
|||
# Go to c:\Program Files\Support Tools to check whether the support tools were installed correctly; if yes, then your XP workstation is ready to manage the Samba 4 Active Directory. |
|||
* Windows 10 (1809 and later): Installing RSAT is now integrated in these Windows 10 versions. |
|||
==== Group Policy Management Console ==== |
|||
# You may also find the Group Policy Management Console useful. You can download it from |
|||
#* http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en |
|||
#:This is primarily useful when you have larger installs and are managing many machines. You may need to download the .NET Framework first. |
|||
* Windows 10 (1703 - 1803): https://www.microsoft.com/en-us/download/details.aspx?id=45520 |
|||
== Step 2: Viewing Samba Active Directory Content == |
|||
* Windows 8.1: http://www.microsoft.com/en-us/download/details.aspx?id=39296 |
|||
# When logged on as a Domain Administrator, start the Active Directory Users and Computers Snap-In, either by clicking Start -> Programs\Administrative Tools\Active Directory Users and Computers, or by clicking Start -> Run 'dsa.msc' |
|||
# Expand the samdom.example.com tree to see existing objects in the domain. |
|||
#:[[Image:Samba4dsa.msc.jpg]] |
|||
* Windows 8: http://www.microsoft.com/en-us/download/details.aspx?id=28972 |
|||
*Note: You can also manage users using the normal Windows AD user management tools. |
|||
* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887 |
|||
* Windows Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090 |
|||
In Windows Server operating systems, the Microsoft Remote Server Administration Tools (RSAT) are included. |
|||
= Installation = |
|||
== Windows 10 (1809 and later) == |
|||
In Window 10 1809 and later, you install RSAT as an optional feature. Note that this requires an active internet connection. |
|||
To install RSAT: |
|||
* Click <code>Start</code>, enter <code>Apps & Features</code> into the search field, and start the application. |
|||
* Click <code>Optional features</code>. |
|||
* Click <code>Add a feature</code>. |
|||
* Select a feature and click <code>Install</code>. |
|||
:{| class="wikitable" |
|||
!Feature |
|||
!Description |
|||
|- |
|||
|RSAT: Group Policy Management Tools |
|||
|Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor. |
|||
|- |
|||
|RSAT: Active Directory Domaini Services and Lightweight Directory Services Tools |
|||
|Provides the <code>Active Directory Users and Computers</code> (ADUC) and <code>Active Directory Sites and Services</code> MMC Snap-in. |
|||
|- |
|||
|RSAT: DNS Server Tools |
|||
|DNS MMC Snap-in for remote DNS management. |
|||
|- |
|||
|RSAT: Remote Desktop Services Tool |
|||
|Optional. Adds the <code>Remote Desktop Services Profile</code> tab to the ADUC user object's properties and installs the <code>RDP server administration</code> MMC Snap-in. Install this feature to configure remote desktop protocol (RDP) settings in ADUC. |
|||
|} |
|||
== Windows 8 and Windows 10 (1703 - 1803) == |
|||
* Start the downloaded installer and follow the instructions. All features are installed automatically. |
|||
== Windows Vista and 7 == |
|||
* Start the downloaded installer and follow the instructions. |
|||
* Click <code>Start</code>, enter <code>Programs and Features</code> into the search field, and start the application. |
|||
* Select the features to install: |
|||
: The following are the recommended features to administer a Samba Active Directory installation: |
|||
:{| class="wikitable" |
|||
!Feature |
|||
!Description |
|||
|- |
|||
|Group Policy Management Tools |
|||
|Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor. |
|||
|- |
|||
|Active Directory Module for Windows PowerShell |
|||
|Optional. Enables Active Directory (AD) PowerShell cmdlets. |
|||
|- |
|||
|AD DS Tools |
|||
|Provides the <code>Active Directory Users and Computers</code> (ADUC) and <code>Active Directory Sites and Services</code> MMC Snap-in. |
|||
|- |
|||
|Server for NIS Tools |
|||
|Adds the <code>UNIX Attributes</code> tab to ADUC objects properties. It enables you to configure [[Idmap_config_ad|RFC2307 attributes]]. |
|||
|- |
|||
|DNS Server tools |
|||
|DNS MMC Snap-in for remote DNS management. |
|||
|- |
|||
|Remote Desktop Services Tool |
|||
|Optional. Adds the <code>Remote Desktop Services Profile</code> tab to the ADUC user object's properties and installs the <code>RDP server administration</code> MMC Snap-in. Install this feature to configure remote desktop protocol (RDP) settings in ADUC. |
|||
|} |
|||
* Click <code>OK</code> to install the features. |
|||
You can find the installed tools in the <code>Administrative tools</code> menu in your start menu. Alternatively, add the Snap-ins in the MMC using the <code>File</code> / <code>Add/Remove Snap-in</code> menu. |
|||
== Windows Server == |
|||
* Start the <code>Server Manager</code>. |
|||
* On Windows Server 2012, 2012 R2, and 2016: |
|||
:* Click <code>Add roles and features</code>. |
|||
:* Select <code>Role-based or feature-based installation</code>. |
|||
:* Select the host on which to install the features. |
|||
:* Click <code>Next</code> on the <code>Roles</code> page. |
|||
* On Windows Server 2008 and 2008 R2: |
|||
:*Select <code>Features</code> in the navigation tree and click <code>Add Features</code>. |
|||
* Select the features to install: |
|||
: The following are the recommended features to administer a Samba Active Directory installation: |
|||
:{| class="wikitable" |
|||
!Feature |
|||
!Description |
|||
|- |
|||
|Group Policy Management |
|||
|Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor. |
|||
|- |
|||
|AD DS Snap-Ins and Command-Line Tools |
|||
|Optional. Provides the <code>Active Directory Users and Computers</code> (ADUC) and <code>Active Directory Sites and Services</code> MMC Snap-in. |
|||
|- |
|||
|Server for NIS Tools |
|||
|Adds the <code>UNIX Attributes</code> tab to ADUC objects properties. It enables you to configure [[Idmap_config_ad|RFC2307 attributes]].<br />This feature is not supported in Windows Server 2016. For details, see [[#Missing_.22Unix_Attributes.22_tab_in_ADUC_on_Windows_10|Missing "Unix Attributes" tab in ADUC on Windows 10 and Windows Server 2016]]. |
|||
|- |
|||
|Active Directory Module for Windows PowerShell |
|||
|Enables Active Directory (AD) PowerShell cmdlets. |
|||
|- |
|||
|DNS Server tools |
|||
|DNS MMC Snap-in for remote DNS management. |
|||
|} |
|||
= Enabling the <code>Advanced Features</code> Mode = |
|||
Many Remote Server Administration Tools (RSAT) provide additional features and options after enabling the <code>Advanced Features</code> option. To activate: |
|||
* Select the root of the navigation tree on the left side. |
|||
* Open the <code>View</code> menu. |
|||
* Select <code>Advanced Features</code>. |
|||
:[[Image:ADUC_Enabling_Advanced_Features.png]] |
|||
= Missing <code>Unix Attributes</code> tab in ADUC on Windows 10 and Windows Server 2016 = |
|||
Windows 10 and Windows Server 2016 do not support the <code>Server for NIS Tools</code> option. Without this feature, the Active Directory User and Computer (ADUC) console does not show the <code>Unix Attributes</code> tab on user and group objects. To work around this problem, set the attributes in Active Directory (AD) manually or use a different Windows operating system. |
|||
To manually set the attributes, use the <code>Attributes</code> tab on user and group object's properties. Note that this tab is only visible if you enabled the advanced features in ADUC. For further details, see [[#Enabling_the_Advanced_Features_Mode|Enabling the "Advanced Features" Mode]]. |
|||
The fields from the <code>Unix Attributes</code> tab are mapped to the following AD attributes of the object: |
|||
* Users: |
|||
:{| class="wikitable" |
|||
!Field on the "Unix Attributes" tab |
|||
!Active Directory attribute |
|||
!Example value |
|||
|- |
|||
|NIS Domain |
|||
|msSFU30NisDomain |
|||
|samdom |
|||
|- |
|||
|UID |
|||
|uidNumber |
|||
|10000 |
|||
|- |
|||
|Logon Shell |
|||
|loginShell |
|||
|/bin/bash |
|||
|- |
|||
|Home Directory |
|||
|unixHomeDirectory |
|||
|/home/user_name |
|||
|- |
|||
|Primary group name/GID |
|||
|primaryGroupID |
|||
|10000 |
|||
|} |
|||
:Adapt the example values to match your environment. |
|||
* Groups: |
|||
:{| class="wikitable" |
|||
!Field on the "Unix Attributes" tab |
|||
!Active Directory attribute |
|||
!Example value |
|||
|- |
|||
|NIS Domain |
|||
|msSFU30NisDomain |
|||
|samdom |
|||
|- |
|||
|GID (Group ID) |
|||
|gidNumber |
|||
|10000 |
|||
|} |
|||
:Adapt the example values to match your environment. |
|||
{{Imbox |
|||
| type = note |
|||
| text = If you set user IDs (UID) and group IDs (GID) manually, you must also track the last used UID and GID numbers manually. |
|||
}} |
|||
= Reporting Problems and Incompatibilities = |
|||
To report problems or incompatibilities when using the Microsoft Remote Server Administration Tools (RSAT), see [[Bug_Reporting|Bug Reporting]]. |
|||
---- |
|||
[[Category:Active Directory]] |
|||
[[Category:User Management]] |
|||
[[Category:Group Policy Management]] |
|||
[[Category:DNS]] |
Revision as of 02:42, 25 September 2019
Introduction
To administer Active Directory (AD) from Windows, use the Microsoft Remote Server Administration Tools (RSAT). The tools are available for all platforms, Microsoft actively supports.
Download
- Windows 10 (1809 and later): Installing RSAT is now integrated in these Windows 10 versions.
- Windows 10 (1703 - 1803): https://www.microsoft.com/en-us/download/details.aspx?id=45520
In Windows Server operating systems, the Microsoft Remote Server Administration Tools (RSAT) are included.
Installation
Windows 10 (1809 and later)
In Window 10 1809 and later, you install RSAT as an optional feature. Note that this requires an active internet connection.
To install RSAT:
- Click
Start
, enterApps & Features
into the search field, and start the application.
- Click
Optional features
.
- Click
Add a feature
.
- Select a feature and click
Install
.
Feature Description RSAT: Group Policy Management Tools Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor. RSAT: Active Directory Domaini Services and Lightweight Directory Services Tools Provides the Active Directory Users and Computers
(ADUC) andActive Directory Sites and Services
MMC Snap-in.RSAT: DNS Server Tools DNS MMC Snap-in for remote DNS management. RSAT: Remote Desktop Services Tool Optional. Adds the Remote Desktop Services Profile
tab to the ADUC user object's properties and installs theRDP server administration
MMC Snap-in. Install this feature to configure remote desktop protocol (RDP) settings in ADUC.
Windows 8 and Windows 10 (1703 - 1803)
- Start the downloaded installer and follow the instructions. All features are installed automatically.
Windows Vista and 7
- Start the downloaded installer and follow the instructions.
- Click
Start
, enterPrograms and Features
into the search field, and start the application.
- Select the features to install:
- The following are the recommended features to administer a Samba Active Directory installation:
Feature Description Group Policy Management Tools Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor. Active Directory Module for Windows PowerShell Optional. Enables Active Directory (AD) PowerShell cmdlets. AD DS Tools Provides the Active Directory Users and Computers
(ADUC) andActive Directory Sites and Services
MMC Snap-in.Server for NIS Tools Adds the UNIX Attributes
tab to ADUC objects properties. It enables you to configure RFC2307 attributes.DNS Server tools DNS MMC Snap-in for remote DNS management. Remote Desktop Services Tool Optional. Adds the Remote Desktop Services Profile
tab to the ADUC user object's properties and installs theRDP server administration
MMC Snap-in. Install this feature to configure remote desktop protocol (RDP) settings in ADUC.
- Click
OK
to install the features.
You can find the installed tools in the Administrative tools
menu in your start menu. Alternatively, add the Snap-ins in the MMC using the File
/ Add/Remove Snap-in
menu.
Windows Server
- Start the
Server Manager
.
- On Windows Server 2012, 2012 R2, and 2016:
- Click
Add roles and features
. - Select
Role-based or feature-based installation
. - Select the host on which to install the features.
- Click
Next
on theRoles
page.
- Click
- On Windows Server 2008 and 2008 R2:
- Select
Features
in the navigation tree and clickAdd Features
.
- Select
- Select the features to install:
- The following are the recommended features to administer a Samba Active Directory installation:
Feature Description Group Policy Management Provides the Group Policy MMC Snap-ins: Management Tool, Management Editor and Starter GPO Editor. AD DS Snap-Ins and Command-Line Tools Optional. Provides the Active Directory Users and Computers
(ADUC) andActive Directory Sites and Services
MMC Snap-in.Server for NIS Tools Adds the UNIX Attributes
tab to ADUC objects properties. It enables you to configure RFC2307 attributes.
This feature is not supported in Windows Server 2016. For details, see Missing "Unix Attributes" tab in ADUC on Windows 10 and Windows Server 2016.Active Directory Module for Windows PowerShell Enables Active Directory (AD) PowerShell cmdlets. DNS Server tools DNS MMC Snap-in for remote DNS management.
Enabling the Advanced Features
Mode
Many Remote Server Administration Tools (RSAT) provide additional features and options after enabling the Advanced Features
option. To activate:
- Select the root of the navigation tree on the left side.
- Open the
View
menu.
- Select
Advanced Features
.
Missing Unix Attributes
tab in ADUC on Windows 10 and Windows Server 2016
Windows 10 and Windows Server 2016 do not support the Server for NIS Tools
option. Without this feature, the Active Directory User and Computer (ADUC) console does not show the Unix Attributes
tab on user and group objects. To work around this problem, set the attributes in Active Directory (AD) manually or use a different Windows operating system.
To manually set the attributes, use the Attributes
tab on user and group object's properties. Note that this tab is only visible if you enabled the advanced features in ADUC. For further details, see Enabling the "Advanced Features" Mode.
The fields from the Unix Attributes
tab are mapped to the following AD attributes of the object:
- Users:
Field on the "Unix Attributes" tab Active Directory attribute Example value NIS Domain msSFU30NisDomain samdom UID uidNumber 10000 Logon Shell loginShell /bin/bash Home Directory unixHomeDirectory /home/user_name Primary group name/GID primaryGroupID 10000
- Adapt the example values to match your environment.
- Groups:
Field on the "Unix Attributes" tab Active Directory attribute Example value NIS Domain msSFU30NisDomain samdom GID (Group ID) gidNumber 10000
- Adapt the example values to match your environment.
If you set user IDs (UID) and group IDs (GID) manually, you must also track the last used UID and GID numbers manually. |
Reporting Problems and Incompatibilities
To report problems or incompatibilities when using the Microsoft Remote Server Administration Tools (RSAT), see Bug Reporting.