+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 32
Network and Classroom Management Thread, Teacher wants to access active directory... in Technical; hi A teacher who has the role of "data manager" wants an i-teach-esque way of ammending/viewing people's profiles. I realise ...
  1. #1

    Join Date
    Aug 2007
    Location
    Margate
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Teacher wants to access active directory...

    hi

    A teacher who has the role of "data manager" wants an i-teach-esque way of ammending/viewing people's profiles.

    I realise that for her to be able to do such things I'd have to give her admin rights. which would enable her to roam free-range around the server.

    There is no way I am giving her nor anyother teacher admin rights (nightmares of the possible horrors). I'd rather say there is no method that wouldnt comprimise the security of the server.

    Is there another way?
    Any suggestions welcome!

    lol

    My first post!

  2. #2

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Teacher wants to access active directory...

    Delegate control?

    Create a Microsoft Management Console with the specific permissions of exactly what you would like the user to be able to perform. Ensure you delegate the control to only the OU you would like them to manage.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448

    Re: Teacher wants to access active directory...

    I think you can use delegate control so it will let her into active directory on a normal user and edit items. If you don't want her to edit things by default standard users can view things in AD but not change anything.

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448

    Re: Teacher wants to access active directory...

    Beat me to it!

  5. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,616
    Thank Post
    648
    Thanked 1,618 Times in 1,448 Posts
    Rep Power
    421

    Re: Teacher wants to access active directory...

    What exactly do you mean by amending/viewing peoples profiles?

    What are they wanting to acheive?

    Ben

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,957
    Thank Post
    886
    Thanked 1,700 Times in 1,477 Posts
    Blog Entries
    12
    Rep Power
    448

    Re: Teacher wants to access active directory...

    Do you mean profiles asin the users settings or the users account in Active Directory?

  7. #7

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Teacher wants to access active directory...

    This article will describe delegating control and how to set it up:

    http://www.windowsecurity.com/articl...istration.html

    This article describes creating a custom MMC:

    http://support.microsoft.com/kb/230263

  8. #8
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104

    Re: Teacher wants to access active directory...

    Give her your mcp server 2003 book along with the XP one and the networking one and possibly the active directory one.

    Tell her that when she passes the exams she can come poke around your server under supervision. Even limited rights to admin users would not get past me, one click and its a head ache for me.

    Her f*** up costs you your job. And I would not let anyone touch my servers that didnt know at least what I do and certainly not without me breathing down their necks and taking notes. As for admin rights, when hell freezes over.

  9. #9

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    639
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: Teacher wants to access active directory...

    I think this problem is more of a managerial one. Why does the Data Manager want access to ammend/edit user profiles - surely this is what the Network Manager and/or IT Technicians are for?

    I second ICT_GUY's suggestion :P

  10. #10

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Teacher wants to access active directory...

    I use the above method for allowing ICT Teachers to only reset student passwords!

  11. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595

    Re: Teacher wants to access active directory...

    She wants to see profiles? I presume that you mean files in home areas (not all here have profiles and home areas in the same place).

    Fine ... using RMTSHARE and XCACLs to add a group called 'teacher_view) with read permissions to student homeareas ... put her in the group ... and then give her an excel spreadsheet with student details ...

    column 1 - student name
    column 2 - year
    column 3 - form
    column 4 - UNC location of home area.

    She can then create her own filter views on the file and get access to whoever she wants.

    The AD is not a thing for non-admins to play with ... delegation of control of the AD is one way but if all she wants is a searchable list of home areas and links to them ... give her the above file.

  12. #12

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Teacher wants to access active directory...

    Quote Originally Posted by GrumbleDook
    She wants to see profiles? I presume that you mean files in home areas (not all here have profiles and home areas in the same place).

    Fine ... using RMTSHARE and XCACLs to add a group called 'teacher_view) with read permissions to student homeareas ... put her in the group ... and then give her an excel spreadsheet with student details ...

    column 1 - student name
    column 2 - year
    column 3 - form
    column 4 - UNC location of home area.

    She can then create her own filter views on the file and get access to whoever she wants.

    The AD is not a thing for non-admins to play with ... delegation of control of the AD is one way but if all she wants is a searchable list of home areas and links to them ... give her the above file.
    Fantastic idea.

    The amount of ICT teachers I have had almost argue the point with me is astounding. I mean- throw away my MCP and HNC etc and just hand over the reigns to a teacher who because they have "ICT" in their title think that being an administrator on the network is some kind of power right. I like your idea of filter views.

    Of course another way of doing it is by setting permissions for a group of your creation (teacher_admins or whatever) and then mapping a drive in a logon script so that teachers who need access to home areas can get it within the limitation of their own accounts. I had this method suggested to me this past month.

    Great idea though Tony- thanks!

    Paul

  13. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Teacher wants to access active directory...

    hmm. profiles.
    send her a copy of the user.dat and get her to open it with a text editor. It's quite easy to understand, really.

  14. #14

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,915
    Thank Post
    1,189
    Thanked 1,063 Times in 754 Posts
    Rep Power
    329

    Re: Teacher wants to access active directory...

    Are you sure it's user profiles and not their documents as in their my docs directory.

    I delegate the mmc out to teachers so that they can reset user passwords and give out more printer credits they can also go into user accounts and see the pupils work as well. It also gives them the capacity to turn off the internet for that user.

  15. #15
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104

    Re: Teacher wants to access active directory...

    I have a VB prog that I wrote that opens every students homefolder in a particular class. Also antother that puts files into them.

    Teachers were trying to do this manually and wating 1 hour of PPA time.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. active directory all messed up
    By alonebfg in forum Windows
    Replies: 2
    Last Post: 7th January 2008, 08:25 PM
  2. PDA and Active Directory
    By localzuk in forum Windows
    Replies: 4
    Last Post: 10th October 2007, 03:54 PM
  3. script for active directory
    By chalkwellstu in forum Scripts
    Replies: 8
    Last Post: 24th September 2007, 01:53 PM
  4. Active Directory Design
    By tscnmuk in forum Windows
    Replies: 7
    Last Post: 27th February 2007, 03:13 PM
  5. Replies: 4
    Last Post: 10th November 2006, 11:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •