Skip to content

RDS Remote Application: Active Directory Users and Computers (MMC Snap-in; dsa.msc)

Active Directory Users and Computers (ADUC) is a Microsoft Management Console (MMC) snap-in used to manage Domain Users, Groups, and Computer objects. When integrated with the 12Port Access Broker via Remote Desktop Services (RDS), ADUC (dsa.msc) enables Zero Trust access for a fully monitored and credential-injected session, enabling the remote management of Active Directory objects.

Installation and Configuration

1. Download Required Files
* Executable:
https://bin.12port.com/product/remote-apps/app-mmc-dsa/app-mmc-dsa.exe
* Configuration File (.ini):
Not required.

Source file: https://bin.12port.com/product/remote-apps/app-mmc-dsa/app-mmc-dsa.au3

* Place the Executable (.exe) in the directory on the RDS Server where the Remote Application will be published. For example: C:\12Port-RDSApps.
* RSAT (Remote Server Administration Tools) is installed on the RDS server, specifically the AD DS and AD LDS Tools feature which includes dsa.msc.
* The User stored in the asset, in the format domain\user, has the required Active Directory administrative privileges to use this snap-in.
* The RDS server is domain-joined.

2. Modify Configuration (Optional)

No .ini configuration file is included or required with this Remote Application.

3. Publish the Remote Application
Use the following PowerShell command as an example to publish the MMC DSA snap-in console as a RemoteApp on the RDS server. This command must be executed from an elevated (Administrator) PowerShell session:

New-RDRemoteApp `
  -CollectionName "QuickSessionCollection" `
  -Alias "app-mmc-dsa" `
  -DisplayName "app-mmc-dsa" `
  -FilePath "C:\12Port-RDSApps\app-mmc-dsa\app-mmc-dsa.exe" `
  -ShowInWebAccess $true `
  -CommandLineSetting "Allow"

Ensure the CommandLineSetting is set to "Allow" to enable the Access Broker to pass connection parameters to the application.

Note

Make sure the -FilePath value accurately reflects the location of the executable on the RDS server.

RDS Application Asset Configuration

To enable Zero Trust access to the AD Users and Computers snap-in console via the 12Port Access Broker:

  • In the RDS Remote Application asset, set the Remote App field to: 
    ||app-mmc-dsa

  • Set the Remote Arguments field to: 

    User,Password

    • Specify User (in the exact format domain\user) as a privileged account for zero trust access. This user must have Active Directory Administrator privileges.

    • Specify Password for the privileged account for zero trust access.

Active Directory Users and Computers MMC Console - Asset View

These values allow the Access Broker to inject credentials into the RDP connection without exposing them to the user.

RDS Session - Active Directory Users and Computers MMC Console

Note

In Windows default configuration, User Account Control (UAC) consent is required to run this application. During RDS session initialization the end user must manually confirm the UAC prompt by selecting Yes before the executable will run. Verify that the executable is code‑signed and that the publisher is listed as 12 Port Inc in the UAC dialog prior to proceeding.
RDS Session - Active Directory Users and Computers MMC Console UAC Prompt
If you are using your own custom executable, we recommend signing it as required and instructing users to the expected Verified publisher in the UAC dialog before they proceed.