Security Principals Tools and Settings

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security Principals Tools and Settings

In this section

  • Security Principals Tools

  • Related Information

This section contains information about the tools that are associated with security principals.

Security Principals Tools

The following tools are associated with security principals.

Dsa.msc: Active Directory Users and Computers

Category

Active Directory Users and Computers is an Active Directory Administrative Tools Microsoft Management Console (MMC) snap-in. This tool is installed automatically when you install Active Directory, and it is available on the Start menu under Programs and then Administrative Tools. This tool also ships with the Windows Server 2003 Administration Tools Pack (Adminpak.msi).

Version compatibility

Active Directory Users and Computers runs on domain controllers that are running Windows Server 2003 and Windows 2000 Server.

The Windows Server 2003 version of Active Directory Users and Computers (which you can install on a domain controller or on an administrative workstation by using the Administration Tools Pack) can target domain controllers that are running Windows Server 2003 and Windows 2000 Server.

You can manage the following objects and their properties with this tool:

  • User objects

  • Group objects

  • Computer objects

Dsadd.exe: Dsadd

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use this tool to add specific types of objects to the directory.

For more information about Dsadd, see “Dsadd” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Dsget.exe: Dsget

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use this tool to display the selected properties of a specific object in the directory.

For more information about Dsget, see “Dsget” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Dsmod.exe: Dsmod

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use this tool to modify an existing object of a specific type in the directory.

For more information about Dsmod, see “Dsmod” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Dsmove.exe: Dsmove

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use this tool to move a single object, within a domain, from its current location in the directory to a new location or to rename a single object without moving it in the directory tree.

For more information about Dsmove, see “Dsmove” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Dsquery.exe: Dsquery

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use this tool to query Active Directory according to specified criteria.

For more information about Dsquery, see “Dsquery” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Dsrm.exe: Dsrm

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use this tool to delete an object of a specific type or any general object from the directory.

For more information about Dsrm, see “Dsrm” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Ldifde.exe: Ldifde

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

You can use Ldifde to create, modify, and delete directory objects on domain controllers running Windows Server 2003. You can also use Ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services.

For more information about Ldifde, see “Ldifde” in “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

Ldp.exe: Active Directory Administration Tool

Category

This tool ships with the Windows Server 2003 Support Tools.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003.

Ldp.exe is a Lightweight Directory Access Protocol (LDAP) graphical user interface (GUI) tool that you can use to perform operations, such as connect, bind, search, modify, add, and delete, against any LDAP-compatible directory, such as Active Directory. You can also use Ldp.exe to view objects that are stored in Active Directory, along with their metadata, such as security descriptors and replication metadata.

To find more information about Ldp.exe, see “Support Tools Help” in Tools and Settings Collection.

Lusrmgr.msc: Local Users and Groups

Category

Local Users and Groups is an MMC snap-in. This tool is included as part of the Windows Server 2003, Windows XP Professional, and Windows 2000 operating systems, and it is available in the Administration Tools Pack (Adminpak.msi).

Version compatibility

Local Users and Groups is supported for administering local groups on Windows Server 2003, Windows XP Professional, and Windows 2000.

Local Users and Groups manages users and groups of users for your computer. You can create new users and groups, add users to groups, remove users from groups, disable user and group accounts, and reset passwords.

You might need to be logged on as an administrator or a member of the Administrators group to perform some tasks.

For more information about Local Users and Groups, search for “Local users and groups overview” in Help and Support Center in Windows Server 2003.

Net localgroup

Category

This tool ships with Windows Server 2003.

Version compatibility

This tool is compatible with computers running Windows Server 2003.

You can use this tool to add, display, or modify local groups. When it is used without parameters, Net localgroup displays the name of the server and the names of local groups on the computer.

For more information about Net localgroup, search for “Net localgroup” in Help and Support Center in Windows Server 2003.

Whoami

Category

Whoami is a command-line tool in Windows Server 2003. This tool is also included in the Windows 2000 Resource Kit.

Version compatibility

Whoami is supported for Windows Server 2003 and Windows 2000.

You can use Whoami to display the complete contents of a user’s access token in the command window.

Whoami displays the following:

  • User name and security identifier (SID)

  • Groups and their SIDs

  • Privileges and their status (for example, enabled or disabled)

  • Logon ID

To find more information about Whoami, see “Command-line reference A-Z” in Help and Support Center in Windows Server 2003.

The following resources contain additional information that is relevant to this section: