Computer Roles Overview
Microsoft® Windows® 2000 Scripting Guide
In enterprise settings, computers are not just pieces of hardware used to type memos or prepare spreadsheets; computers are dynamic role players that are largely responsible for ensuring that the IT infrastructure runs at peak efficiency. System administrators might supervise the network, but computers are responsible for carrying out such key tasks as authenticating user logons, handing out IP addresses, and maintaining the integrity of the Active Directory® directory service.
Of course, no entity could be entrusted with such important duties without having to undergo authentication itself; after all, you would not want users to take any old computer and configure it to be a domain controller or a global catalog server. Instead, computers are security principals within Active Directory. To have full access to network resources, computers must have valid accounts within Active Directory. In turn, the fact that computers are security principals and role players charges system administrators with:
Creating, managing, and deleting computer accounts in Active Directory.
Managing the roles played by computers. These management tasks include such things as identifying the roles played by a single computer, enumerating all the key role players in Active Directory, and changing computer roles as circumstances dictate.
By using both Windows Management Instrumentation (WMI) and Active Directory Service Interfaces (ADSI), you can create scripts that help you manage computers as dynamic role players.