Active Directory is a key part of Windows 2000. It provides a wide variety of manageability, security, and interoperability features. The main administration tool is a snap-in called Active Directory Users and Computers.
Active Directory does not support the concept of roles. Therefore, you must simulate the Enterprise Manager roles in Active Directory using the concept of groups.
For detailed information about how to perform the following steps, see the documentation provided with Active Directory.
Start the Active Directory Users and Computers administration tool.
Right-click the root node and select New > Organizational Unit.
The New Object - Organization Unit dialog box appears.
In the Name field, enter a value (for example, EntMgrRoles).
Click OK.
Under the organizational unit, create the following groups:
Deployment
User Management
Read-Only Monitor
Controlling Monitor
JMS Read-Only Monitor
JMS Read-Write Monitor
Manager
After you add the groups, they appear under the organizational unit.
Add the admin user and the Administrator user as members of all the groups that you created by double-clicking each group and selecting admin and Administrator from the dialog box.