Show
Active Directory is an essential part of Windows Server. It allows IT pros to manage computer resources on the network. In this guide, we’ll show you how to install Active Directory Users and Computers and the basics of working with it so you can manage Active Directory. Table of Contents
Active Directory Users and Computers (ADUC) is built as an add-on for the Microsoft Management Console (MMC), and it’s the go-to tool for IT Pros to manage their Active Directory (AD) environments. You can use ADUC to:
How to install Active Directory Users and ComputersTo install Active Directory Users and Computers on Windows 10 and Windows 11, open the Settings app and go into Apps. From there, add the ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools‘ optional feature. Keep reading to learn in more detail about the various methods you can use to install ADUC on your computer. Why you should install Active Directory Users and Computers on a management workstationBefore we proceed, I want to make the point, as I have in previous articles, that it is highly recommended to install the Active Directory Domain Services tools on your workstation or whatever management workstation you use for daily tasks. Although the tool is installed automatically on your domain controllers (DCs) when you add the Active Directory Domain Services role, it is not recommended to directly work on your DCs interactively. ADUC vs Active Directory Administrative Center (ADAC)I will briefly mention that there are actually two tools installed when you follow the steps here to add the Remote Server Administration Tools (RSAT) for Windows: Active Directory Users and Computers (ADUC) and the Active Directory Administrative Center (ADAC). The latter was written more recently and provides a more intuitive and clean interface for your HelpDesk support representative/”junior admins”. Install Active Directory Users and Computers on Windows 10 and laterAlright, let’s go through the various methods you can use to install Active Directory Users and Computers on your Windows 10/11 workstation. As you’ll see, based on the version of Windows 10 you’re using, you’ll either install an MSI file with the RSAT tools, or access optional features in Windows Settings to install the tools already built-in to Windows 10 as of version 1809. If you’re running Windows 10 version 1809 or newer, or Windows 11, follow these steps to install the tool. Make sure you are online and are Internet-enabled (The screens for Windows 11 are slightly different, but you should be able to follow along just fine).
How to install Active Directory Users and Computers on older versions of WindowsIf you are still running Windows 10 version 1803 or older (really? Come on. These versions are long out of support…), you can still install Active Directory Users and Computers.
How to open Active Directory Users and ComputersNow that you have the tool installed, let me describe a few ways you can launch the tool. You can use the ‘Run’ command, the Start Menu, and even the Control Panel. Let’s consider each option one by one. Method 1: The ‘Run’ command
Method 3: Control Panel
How to create and manage user accounts with Active Directory Users and ComputersNow that we have the tool installed, it would be pretty prudent to show you the basics of how to use it. Right? Sure, let’s get started by adding a user. Creating an Active Directory user account
There is our new user, John Smith. There’s our brand-new user!Enabling or disabling an Active Directory user account
Note: A disabled account can not log in to the domain. How to reset an Active Directory user account passwordIf you need to reset a user’s password for any reason, you can do so right on the user object.
How to delete a user account
How to create and manage Active Directory groups with Active Directory Users and ComputersNow, throughout your administration of Active Directory, it’s definitely recommended to use groups to help ease the administrative overhead of managing hundreds or even thousands of users. Instead of granting permissions for 433 people individually to a file server share, you can create a group with those 433 users as members. Then, all you need to do is add your group to the Access Control List (ACL) for the share. The result is one Access Control Entry (ACE) vs. 433! Creating an Active Directory group
How to add a member to an Active Directory groupThere are two common methods you use to add a user to a group.
You should see the confirmation window below. Success! We’ve added the user to the group
Active Directory security versus distribution groupsThe first core attribute of a group in Active Directory is its type: Security or Distribution. The only real difference you need to know is that a distribution group can not be added to an ACL related to the sharing of files. Only a security group can be added. However, both types of groups can be used for email delivery purposes: You can choose to send an email to a security group, its members will receive the email. What’s the difference between domain local, global, and universal AD group scopes?The other core attribute of a group is the scope: Domain local, global, or universal. Here are the main differences between them:
How to delete a group
How to manage Active Directory computer accounts with Active Directory Users and ComputersA computer account in Active Directory is actually kind of similar to a user account: It allows a computer to log in to the domain. This grants a token to the computer itself, allowing access to resources on the network and for Group Policy to apply. Every 30 days, the computer will verify that its computer account password is in sync with Active Directory. How to create a new computer account
How to reset a computer account and why you might need to
There may be times when you get the dreaded error “Trust Relationship Between This Workstation And The Primary Domain Failed.” If you do, please read my recent article about how to resolve this. How to delete a computer account
What to manage Active Directory Organizational Units (OUs) in Active Directory Users and ComputersOrganization Units (OUs) let you logically group user, service accounts, or computer accounts. You can use these OUs to delegate rights and permissions to administrators (or users), and apply Group Policy in an ordered and logical fashion. How to create a new Organizational UnitCreating an OU is similar to creating a user or group.
How to delete an OU
Wait, what? Remember when we created the OU? There was a checkbox, on by default, that protects the object from accidental deletion. I’ll show you that in more detail very soon. How to view hidden containers and attributes in Active Directory Users and ComputersBy default, Active Directory Users and Computers will not display hidden containers and attributes in your domain. You need to enable the ‘Advanced Features‘ option.
How to protect objects from accidental deletionNow, as I mentioned above, when I tried to delete an OU, I was ‘blocked’ because the object was protected. Let me show you that setting again.
By the way, with this attribute enabled, even command line and Windows PowerShell cmdlets will get blocked if you attempt to delete an AD object. How to search for objects in Active Directory Users and ComputersYou can well imagine how difficult it could be to locate an object in a domain with hundreds and thousands of OUs, groups, users, etc. Instead of needing to drill down to find the object, we can use the ‘Find’ function in ADUC.
If you want to search for a computer, you first need to change the ‘Find:‘ field in the upper left to Computers. Then, you can do your search using the same methods. Searching for Computer objects in ADUCHow to save search queriesIf you find yourself performing the same or very similar searches often, you can get a nice boost in efficiency by saving your query.
ConclusionIn this guide, we’ve detailed how to install Active Directory Users and Computers (ADUC) on Windows 10 and Windows 11. This is an essential tool for managing Active Directory user accounts, computer accounts, groups, and OUs. However, there are other tools you can use to manage Active Directory such as the Active Directory Administrative Center (ADAC) and Active Directory Sites and Services (ADDS). If you want to learn more about these tools, please check out our previous guide on How to Access Active Directory on Petri. How do I run ADUC on Windows 10?In Windows 10 version 1809 or higher, you can enable ADUC by going to Settings > Apps and Features > Optional features > Add a feature. In older versions of Windows, to get ADUC, you need to download and install the RSAT package manually.
How do I Install RSAT tools on Windows 10?Starting with Windows 10 October 2018 Update, RSAT is included as a set of "Features on Demand" right from Windows 10. Do not download an RSAT package from this page. Instead, just go to "Manage optional features" in Settings and click "Add a feature" to see the list of available RSAT tools.
How do I Install RSAT tools on Windows 10 20h2?To install RSAT in Windows 10, go to Settings -> Apps -> Manage Optional Features -> Add a feature. The list of optional Windows features includes such components as OpenSSH server, built-in ssh client, SNMP service, etc. Select the required RSAT components and click Install.
How do I Install RSAT Active Directory Users and computers on Windows 10?RSAT for Windows 10, version 1809 or later versions
RSAT is now part of the Operating System an can be installed via Optional Features. To enable the tools, click Start, click Settings, click Apps, and then click Optional features, after that click on the panel Add a feature and enter Remote in the search bar.
|