Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Active Directory

Run Active Directory Management Tools as Another User

How can I run Active Directory management tools as another user (one with administrative privileges)?

As a security best practice, it is recommended that you do not log on to your computer with administrative credentials. Running your computer as a member of the Administrators group makes the system vulnerable to Trojan horses attacks and other security risks.

It is recommended that you use a regular, non-administrative user account to perform routine tasks, including running programs and visiting Internet sites. When it becomes necessary to perform administrative tasks on the local computer or in Active Directory, use RUNAS to start a program using administrative credentials.

RUNAS allows you to accomplish administrative tasks without exposing your computer or data stored in Active Directory to unnecessary risk.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

However, using the RUNAS command can turn out as a real bugger when you need to perform regular administrative operations such as adding a new user, resetting someone’s password, stopping or starting a system service and so on.

In Windows 2000 we welcomed the new addition – the RUNAS command. However, in Windows Server 2003 the RUNAS command got even easier to use.

Therefore I recommend using the following method to make your administrative tasks a bit easier to accomplish:

  1. When logged in as a normal, non-privileged user, right-click on an empty spot on your desktop and create a new shortcut.

  1. In the Create Shortcut window type the following text (see other examples below):
​runas /savecred /user:dpetri'administrator "mmc dsa.msc"

Note: The /savecred parameter indicates if credentials have been previously used by this user then the command will not prompt for them a second time. This parameter does NOT work on Windows 2000.

Lamer Note: Use your own domain name and user name… Duh…

  1. Give the shortcut a descriptive name such as “AD Users & Computers”

Click Finish.

  1. Double-click your new shortcut. You’ll get a black Command Prompt window asking you for the administrator’s password. If the shortcut was previously used in the current session – no password will be required.

  1. If you gave a valid username and password then Active Directory Users and Computers will now open giving you the full permissions to manage it with admin privileges.

That’s it.

Other valuable RUNAS example might include any .MSC snap-in you want to run. You can easily find them by performing a search on the %systemroot% folder for files that have the .MSC extension. For example:

​runas /savecred /user:dpetri'administrator "mmc domain.msc"

runas /savecred /user:dpetri'administrator "mmc dssite.msc"

runas /savecred /user:dpetri'administrator "mmc dsa.msc"

runas /savecred /user:dpetri'administrator "mmc compmgmt.msc"

runas /savecred /user:dpetri'administrator "mmc gpmc.msc"

runas /savecred /user:dpetri'administrator "mmc services.msc"

Create shortcuts for these RUNAS commands on the desktop of your non-administrative user account:

Related articles

You may find these related articles of interest to you:

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Run Active Directory Management Tools as Another User”

  1. Windows | Pearltrees

    [...] Run Active Directory Management Tools as Another User This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a road-map to determine what ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network. [...]

Leave a Reply

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By