Active Directory Users and Computers (ADUC) is a common tool used past administrators to carry out daily tasks and much more in Active Directory Advertisement. Some of the tasks an administrator tin can perform with the help of this MMC snap-in are as follows:

  • Create and manage Advertising objects, such as users, computers, groups, and contacts, along with their attributes.
  • Create Organizational Units (OU), movement users and computers in and effectually them, and delete OUs.
  • Delegate permissions to users to manage Group Policy.
  • Define avant-garde security and auditing in Advertising.
  • Bargain with FSMO roles such equally RID primary, PDC Emulator and Infrastructure master.
  • Raise the domain functional level.
  • Avant-garde feature settings that help to manage the LostAndFound container, NTDS Quotas, Program Data, and System information.

How to Install Active Directory Users and Computers

The procedure to install ADUC for Windows 10 1809 and above differs from the process for Windows 10 1803 and beneath. Here are the 2 processes for installing ADUC:

Installing Active Directory Users and Computers for Windows 1809 and higher

  1. Become to Start, select Settings, and and so Apps.
  2. Click on Manage Optional Features.
  3. In the new window, click on Add characteristic.
  4. Select R Sat: Active Directory Domain Services and Lightweight Directory Tools, and and so click Install.

The installation of Active Directory Domain Services and Lightweight Directory Tools will contain the ADUC console. To verify, become to Start. Information technology will now accept Windows Administrative Tools on the list.

Installing Active Directory Users and Computers for Windows 1803 and lower, and Windows 8

  1. Download Remote Server Administrator Tools for your version of Windows, and install information technology. You can download the tool from the Microsoft Download Center.
  2. Go to Beginning, and select Control Console.
  3. Navigate to Programs > Programs and Features > Turn Windows features on or off.
  4. Roll down and expand Remote Server Administration Tools, so navigate to Role Assistants Tools > Advert DS and AD LDS Tools.
  5. Check Advertizing DS Tools, and and then click OK.

When the installation process is done, you lot will have ADUC on your figurer. To verify, go to Start. The menu will have a folder called Authoritative Tools which should contain Active Directory Users and Computers.

How to open Active Directory Users and Computers

The following are some means to open Agile Directory Users and Computers on a DC:

Method one: Through RUN command

  • Get to Kickoff, and click Run.
  • Type dsa.msc, and striking Enter.
Running dsa.msc to open up ADUC
Opening ADUC from Run

Method 2: From the Start menu

  • Go to ShowtimeAdministrative ToolsAgile Directory Users and Computers.

Method iii: From the Control Console

  • Get to Get-goControl Console.
  • Click System and Security and select Administrative Tools.
  • From the list of bachelor tools, select Active Directory Users and Computers.
ADUC dialog box from control panel
Opening ADUC from the Control Console

Now that ADUC has been installed and opened, let'due south see how you can perform the various functions using the console.

Creating a new user business relationship

  • In the left pane of ADUC, right-click on the folder where the user business relationship is to be created.
  • Click New and so click User.
  • Type in the details such as Showtime name, User logon name, etc., and click Adjacent.
  • Enter the user'due south countersign and confirm it in the advisable fields. Cheque the required password options.
Creating new user account using ADUC
Creating a new user object

Enabling or disabling a user account

  • In the left pane of ADUC, expand the folder containing the user account to be enabled/disabled.
  • Right-click the user account and click Enable or Disable to enable or disable the user account as necessary.
How to enable or disable a user account using ADUC
Enable/Diasble a user account using ADUC

Resetting a user account password

  • In the left pane of ADUC, expand the folder containing the user business relationship whose password is to be reset.
  • Right-click on the account, and select Reset Password.
  • Type and confirm the password in the appropriate fields. Select other password-related options if needed.
Resetting a user account password using Active Directory Users and Computers
Reset passwords of locked out users

Creating a new grouping account

  • In the left pane of ADUC, right-click the folder where the group account is to be created.
  • Click New, and and so click Group.
  • Type in a suitable proper noun for the group. For group scope, select i among domain local, global, and universal. For group type, select either security or distribution.
  • Click Use, and and so click OK.
Create a new group using the NEw Object - Group dialog box
New Object – Group dialog box

Adding a member to a group

  • In the left pane of ADUC, right-click the folder containing the grouping business relationship to which you lot want to add together a member.
  • Right-click on the grouping and select Properties.
  • Click the Members tab, and then click Add.
  • Type in the name of the objects yous desire to add to the group.
  • Click OK.
The Members tab will help you add users and computers to a particular group.
Add users, contacts, and computers to a group from the Members tab

Changing the grouping type or group telescopic

  • In the left pane of ADUC, correct-click the folder containing the grouping whose type or telescopic is to exist modified.
  • Right-click on the group and click Properties.
  • Select the required scope or type for the group.
  • Click Apply, and then click OK.
The group properties tab will help you change the group scope.
Select the required grouping scope from the group backdrop tab.

Creating a new calculator account

  • In the left pane of ADUC, right-click the folder where the computer business relationship is to be created.
  • Click New, and then click Calculator.
  • Blazon in a suitable proper name for the computer.

Resetting a computer account

  • In the left pane of ADUC, right click the folder where the computer account is to be created.
  • Click New, and and so click Estimator.
  • Type in a suitable proper noun for the computer.

Creating a new organizational unit (OU)

  • In the left pane of ADUC, right click the domain name.
  • Click New, and then click Organizational Unit of measurement.
  • Type in a suitable name for the OU.

Deleting a users, computers, and OUs

  • In the left pane of ADUC, right click the folder where the object is located.
  • Right-click on the object, and select Delete.

At present, let us expect at some advanced tasks that will come in handy for an administrator managing users, computers, and other objects in Agile Directory.

Advanced Settings in ADUC

ADUC contains multiple advanced functionalities that allow administrators to work with complex settings and containers that are otherwise not visible in the console.

To enable advanced features, you can perform the post-obit steps:

  • Go to Start -> Authoritative Tools, and click on Active Directory Users and Computers. The ADUC console will open.
  • In the ADUC console, click View and Enable Advanced Features.

The advanced settings are at present enabled. Now, to view the user and computer attributes, you can perform the following steps:

  • In the left pane of ADUC, right click on the object whose attributes you want to see.
  • Click on Properties, and then click the Attribute Editor tab. A listing all the attributes pertaining to the object tin can be viewed.

Protecting Objects from Adventitious Deletion

This action denies the permission to delete the object, and when attempting to do so it displays an error message.

The following steps illustrate how to protect AD objects from accidental deletion:

  • Become to Beginning -> Administrative Tools, and click on Active Directory Users and Computers. The ADUC panel volition open.
  • In the left pane of ADUC, right click on the object that is to exist protected from accidental deletion, and click on Backdrop.
  • Select the Object tab, and check the Protect object from accidental deletion option.

Searching for Objects

Objects in AD tin be located using the Discover dialog box in the ADUC console. The post-obit steps illustrate how to perform the search:

  • Go to Start -> Administrative Tools, and click on Agile Directory Users and Computers. The ADUC console will open.
  • In the left pane of ADUC, right click on the container object where the search is to be made.
  • Select Observe from the shortcut menu.
  • In the Observe Users, Contacts, and Groups dialog box that appears, specify the object type that is to be searched, and also the container where the search is to be carried out.
  • To streamline the search, click on the Avant-garde tab.
  • In the dialog box that appears, select the attribute search in the field list box. To refine the search further, use the weather drop-downward list. Specify a value for the provisional search in the value box. Yous may use the add button to include more conditions.
  • Click Find Now to display the search results.

An alternate method to search for objects is using the DSquery command line tool. To acquire how, you tin can check out this article.

Creating a Saved Query

Saved Queries in ADUC allows administrators to access and audit information in AD and filter simply those objects that meet a certain criteria.

The following steps illustrate how yous can create a Saved Query:

  • Get to Beginning -> Administrative Tools, and click on Active Directory Users and Computers. The ADUC console will open up.
  • In the left pane of ADUC, right click Saved Queries and click New followed by Query.
  • Type in a suitable name for the saved query and click Define Query.
  • Select the required object tab and define the variables of your query.
  • Click OK to save the query.

This will list only those accounts that fulfil the criteria specified in the query.