Active directory windows 10 pro

Оснастка Active Directory Users and Computers (или ADUC) – это одна из наиболее часто используемых консолей управления объектами в домене Active Directory. Вы можете установить mmc оснастку ADUC как на Windows Server, так и на десктопные Windows 10 и 11. Консоль ADUC входит в состав набора компоненту администрирования Microsoft Remote Server Administration Tools (RSAT). В этой статье мы покажем, как установить и использовать консоль управление Active Directory Users and Computers в Windows.

Установка оснастки RSAT Active Directory в Windows 10 и 11

В современных версиях Windows 10 (начиная с билда 1809) и в Windows 11 инструменты администрирования RSAT устанавливаются онлайн в виде Features on Demand. Чтобы установить инструменты администрирования RSAT Active Directory в Windows 10/11, перейдите в Settings -> Apps -> Optional Features -> Add an optional feature (View features).

Наберите в поисковой строке Active Directory и выберите для установки компонент RSAT: Active Directory Domain Services and Lightweight Directory Services Tool.

Нажмите Next-> Install для начала установки.

Картинка с сайта: winitpro.ru

Windows подключится к серверам Microsoft, скачает и установит набор инструментов для управления Active Directory (включает в себя графические консоли Active Directory, утилиты командной строки и модуль Active Directory PowerShell).

Либо вы можете установить набор компонентов администрирования AD с помощью PowerShell:

Add-WindowsCapability –online –Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

В предыдущих билдах Windows 10, а также в Windows 8.1, установить RSAT можно с помощью MSU обновления. Скачать RSAT можно здесь:

• RSAT для Windows 10 1803/1709 — https://www.microsoft.com/en-us/download/details.aspx?id=45520
• RSAT для Windows 8.1 — https://www.microsoft.com/en-us/download/details.aspx?id=39296

Картинка с сайта: winitpro.ru

Скачайте версию файла RSAT в зависимости от разрядности вашей операционной системы и установите его. Дважды щелкните по файлу для начала установки:

Картинка с сайта: winitpro.ru

Или установите MSU файл RSAT из командной строки в «тихом» режиме:

wusa.exe c:\Install\WindowsTH-RSAT_TP5_Update-x64.msu  /quiet /norestart

После окончания установки RSAT нужно перезагрузить компьютер.

Осталось активировать необходимый функционал RSAT. Для этого:

1. Щелкните ПКМ по кнопке Start и выберите Control Panel (Панель управления)
2. Выберите Programs and Features (Программы и компоненты)
3. В левой панели нажмите кнопку Turn Windows features on or off
4. В дереве компонентов разверните Remote Server Administration Tools-> Role Administration Tools -> AD DS and AD LDS Tools
5. Отметьте раздел AD DS Tools и нажмите OK.
   

   Картинка с сайта: winitpro.ru

Установка оснастки ADUC также может быть выполнена из командой строки. Последовательно выполните 3 команды:

dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns

Картинка с сайта: winitpro.ru

После установки оснасток управления, в разделе Administrative Tools панели управления (Control Panel\System and Security\Windows Tools) появится ссылка на консоль Active Directory Users and Computers.

Картинка с сайта: winitpro.ru

Как пользоваться консолью Active Directory?

Чтобы запустить консоль ADUC, щелкните по ярлыку в панели управления или выполните команду:

dsa.msc

Все аутентифицированные пользователи домена могут использовать консоль ADUC для просмотра объектов Active Directory.

Если ваш компьютер состоит в домене Active Directory, то консоль ADUC подключится к контролеру домена, на основании текущего Logon сервера. Имя контроллера домена, с которого вы получаете информации указано в верху.

Вы можете подключиться к другому контроллеру домена AD или другому домену, щелкнув по корню консоли и выбрав пункт в контекстном меню.

Картинка с сайта: winitpro.ru

В консоли Active Directory отображается древовидная структура организационных юнитов (Organizational Unit, OU) вашего домена (и отдельный раздел с сохраненными запросами/ Saved Queries AD).

Картинка с сайта: winitpro.ru

Администратор домена может создавать контейнеры (OU) в соответствии с физической или логической структуры предприятиями. С помощью контекстного меню можно создать новые объекты в AD (пользователей, группы, компьютеры, OU, контакты), переименовать, переместить или удалить объекты. В зависимости от типа объекта, который вы выбрали пункты контекстного меню могут отличаться.

Например, у пользователя есть опции на сброс пароля в AD или блокировку/разблокировку учетной записи.

Вы можете использовать контекстное меню Search для поиска объектов в AD.

Администратор может делегировать права на создание/редактирование/удаление объектов в Active Directory другим пользователям или группам.

С помощью меню View -> Add/Remove columns можно добавить атрибуты объектов, которые вы хотите отображать в консоли ADUC.

В консоли ADUC можно посмотреть или изменить свойства объектов домена. Например, можно открыть свойства пользователя и изменить его настройки. Часть свойств пользователя находится на соответствующих вкладках, а полный список атрибутов пользователя доступен на вкладке редактора атрибутов AD (Attribute Editor).

Картинка с сайта: winitpro.ru

Можно добавить отдельную вкладку с фотографией пользователя AD.

Чтобы показывать системные контейнеры и свойства объектов в оснастке AD (по умолчанию скрыты), включите опцию View -> Advanced features.

Картинка с сайта: winitpro.ru

После этого у всех объектов появится ряд системных вкладок. Например, на вкладке Object можно получить каноническое имя объекта, дату создания учетной записи и включить опцию защиты от удаления (protect object from accidental deletion).

Подключение консоли ADUC к домену из рабочей группы

Если вы хотите подключится консолью ADUC к контроллеру домена с компьютера, который не включен в домен (состоит в рабочей группе), воспользуйтесь таким методом:

1. Запустите командную строку и выполните команду запуска оснастки от имени другого пользователя:
   runas /netonly /user:winitpro\aaivanov mmc
2. В пустой консоли MMC выберите File->Add/Remove Snap-In
3. Перенесите оснастку Active Directory Users and Computers в правую панель и нажмите Add;
   

   Картинка с сайта: winitpro.ru

4. Чтобы подключится к домену, щелкните по корню консоли и выберите Change domain. Укажите имя домена.
   

   Картинка с сайта: winitpro.ru

В результате консоль ADUC подключится к контроллеру домена, получит и отобразит структуру контейнеров (OU) данного домена Active Directory.

If you’ve ever wanted to manage users and computers in your network seamlessly, installing Active Directory on Windows 10 is your go-to solution. In just a few simple steps, you can turn your Windows 10 into a mini server, letting you control your network and resources effortlessly. Let’s dive into the nitty-gritty!

Installing Active Directory on Windows 10 involves turning your system into a local server by enabling the RSAT (Remote Server Administration Tools). This tutorial will break down each part of the process, making it easy for you to follow along. By the end, your Windows 10 will have Active Directory installed and ready to manage your network.

Step 1: Open Settings

Navigate to the Start menu and click on ‘Settings’.

Opening Settings is the first step to accessing the necessary tools for installing Active Directory. You can find the Settings menu by clicking the Start button at the bottom-left corner of your screen, then clicking the gear icon.

Step 2: Go to Apps

From Settings, select ‘Apps’.

In the Settings window, click on ‘Apps’. This section houses all programs and features installed on your computer, including optional features that you’ll need.

Step 3: Select Optional Features

Click on ‘Optional features’ on the left-hand side, then select ‘Add a feature’.

‘Optional features’ is your gateway to additional tools that aren’t installed by default. This includes the RSAT tools necessary for Active Directory.

Step 4: Install RSAT: Active Directory Domain Services and Lightweight Directory Tools

Scroll down and find ‘RSAT: Active Directory Domain Services and Lightweight Directory Tools’ and click ‘Install’.

This step is crucial. By installing this specific RSAT feature, you’re equipping your computer with the essential tools to run Active Directory.

Step 5: Open Active Directory Users and Computers

After installation, search for ‘Active Directory Users and Computers’ in the Start menu.

Once installed, you can access Active Directory by typing ‘Active Directory Users and Computers’ in the Start menu search bar. This will open the management console where you can configure and manage your network resources.

After completing these steps, your Windows 10 will be equipped with Active Directory tools. You can now create users, manage groups, and control access to network resources.

Tips for Installing Active Directory on Windows 10

• Check Windows Edition: Ensure you’re running a Pro or Enterprise version of Windows 10, as RSAT is not available on the Home version.
• Enable Windows Update: Make sure your Windows Update is turned on to download the latest RSAT tools.
• Administrative Rights: You need administrative rights to install RSAT tools, so ensure you’re logged in as an admin.
• Network Connectivity: For best results, ensure your computer is connected to the network where you plan to manage resources.
• Restart After Installation: Sometimes a restart is necessary for all changes to take effect properly.

Frequently Asked Questions about Installing Active Directory on Windows 10

Why can’t I find RSAT tools in my options?

You might be running a Windows Home edition, which doesn’t support RSAT. Upgrade to Pro or Enterprise to access these tools.

Do I need an internet connection to install RSAT?

Yes, an internet connection is required to download the RSAT tools from Microsoft’s servers.

Can I uninstall RSAT after installing Active Directory?

You can, but you will lose the ability to manage Active Directory from this machine.

Is there a cost associated with RSAT tools?

No, RSAT tools are free for Windows Pro and Enterprise editions.

Can I install Active Directory on Windows 10 Home?

No, Active Directory requires RSAT, which is not available on Windows 10 Home edition.

Summary of Steps

1. Open Settings.
2. Go to Apps.
3. Select Optional Features.
4. Install RSAT: Active Directory Domain Services and Lightweight Directory Tools.
5. Open Active Directory Users and Computers.

Conclusion

Installing Active Directory on Windows 10 is a straightforward process but requires an understanding of your system’s capabilities and a few administrative tweaks. By enabling RSAT, you turn your machine into a powerful management tool, allowing you to control users, groups, and resources within your network efficiently. This guide has walked you through each step, ensuring you have everything you need to get started.

If you’re looking to dive deeper into Active Directory, consider exploring Microsoft’s official documentation or checking out online courses that can give you a more comprehensive understanding. Whether you’re managing a small office network or a home setup, Active Directory can simplify your tasks and make network management a breeze. So, what are you waiting for? Get started today and transform your Windows 10 into a robust network management tool!

Many people struggle with installing Active Directory Users and Computers (ADUC), often feeling lost in the technical details and worried about the impact of potential mistakes. It’s a common concern that the setup might be too complex or that one error could jeopardize the whole network.

This blog post is here to ease those fears. We’ll provide you with a straightforward, step-by-step guide to installing ADUC, ensuring you can handle the setup confidently and correctly. Let’s simplify this technical task together, making it accessible for everyone.

What Is Active Directory Users And Computers (ADUC)?

Active Directory Users and Computers (ADUC) is a tool included in the Remote Server Administration Tools (RSAT), specifically designed for managing users, computers, groups, and organizational units within a Windows Active Directory environment. Administrators use ADUC to perform various tasks like creating user accounts, managing group memberships, assigning permissions, and configuring policies for computers and users.

ADUC provides a user-friendly interface, allowing IT administrators to manage access controls, ensuring that each user or system has the right level of access to the network’s resources. In a networked environment, administrators rely on ADUC to add new users, reset passwords, disable accounts, and control the overall structure of the Active Directory.

By accessing ADUC, network administrators can apply security policies across the organization, enforce compliance, and organize network resources. It’s particularly helpful in large organizations where central control of user accounts, computers, and group policies becomes necessary. ADUC is part of the broader Active Directory management framework, helping IT professionals organize and manage the network’s infrastructure, keeping resources and user roles in sync.

Note: RSAT can be installed only on computers that are running the Professional or Enterprise versions of Windows.

How To Install Active Directory Users And Computers (ADUC)?

Installing Active Directory Users and Computers (ADUC) is a necessary step if you need to manage users, computers, and groups in a Windows network environment. The process involves enabling the RSAT (Remote Server Administration Tools) feature, which includes ADUC, on your system. Whether you’re using Windows 10 or Windows 11, you can follow these steps to get ADUC up and running.

Install ADUC On Windows 10 Pro 1809+ And Above Versions

In Windows 10 Pro (version 1809 and above), you can install Active Directory Users and Computers (ADUC) by using either the graphical user interface (GUI) or PowerShell. The process is quite efficient, and both methods are fairly simple. You can choose whichever method suits your preference.

Below are step-by-step instructions for both methods.

Using PowerShell:

PowerShell offers a quick and efficient way to install ADUC on Windows 10 Pro 1809+ versions.

• Open PowerShell As Admin: Click on the “Start” button and search for “Windows PowerShell (Admin)”. Then Right click on it and select “Run as administrator”.
• Check For RSAT Capabilities: Run the following command to list the available RSAT features:

Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, Name, State

Картинка с сайта: www.electronicshub.org

• This command will return a list of RSAT versions available for your system.
• Choose The RSAT Version: From the list, find the RSAT: Active Directory Domain Services and Lightweight Directory Tools and note the name of the feature.
• Install ADUC via PowerShell: Run the following command to install the ADUC feature:

Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

Картинка с сайта: www.electronicshub.org

• The installation will begin, and once complete, you’ll see a success message.
• Verify Installation: After installation, type Active Directory Users and Computers in the Windows search bar to confirm that ADUC is installed.

Without PowerShell:

If you prefer not to use PowerShell, you can install ADUC using the standard Windows Settings app.

• Open Settings: Click the “Start” menu and select “Settings.”
• Search For Optional Features: In the Settings window, type “Optional Features” in the search bar and select it from the list.
• Add RSAT Feature: Click on “Add a feature.” In the search bar, type “RSAT” to display the list of available tools.

Картинка с сайта: www.electronicshub.org

• Select And Install ADUC: From the list, select “RSAT: Active Directory Domain Services and Lightweight Directory Tools.”

Картинка с сайта: www.electronicshub.org

• Then click “Install.”

Картинка с сайта: www.electronicshub.org

• Confirm Installation: Once the installation is complete, type Active Directory Users and Computers in the search bar to access ADUC.

Install ADUC On Windows 10 Version 1803 And Below Versions

For Windows 10 versions 1803 and below, the installation process for Active Directory Users and Computers (ADUC) is different from later versions. These versions require you to manually download the Remote Server Administration Tools (RSAT), as they aren’t included as an optional feature in the system settings.

Here’s how you can install ADUC on Windows 10 version 1803 or earlier:

• Download RSAT From Microsoft: Go to the Microsoft Download Center and search for the correct version of RSAT that matches your Windows version. Ensure you select the package specific to Windows 10 version 1803 or below.
• Run The Installer Package: Once you have downloaded the RSAT installer, open the file and follow the on-screen instructions to begin the installation. The setup process is straightforward, and you’ll need to follow each prompt to complete it.
• Enable ADUC Through Windows Features: After the installation is complete, you will need to enable ADUC manually:
  • Click the “Start” button and go to the “Control Panel.”

Картинка с сайта: www.electronicshub.org

• • Navigate to “Programs > Programs and Features,” then select “Turn Windows features on or off.”

Картинка с сайта: www.electronicshub.org

• Activate AD DS Tools: In the Windows Features window:
  • Scroll down and expand the “Remote Server Administration Tools” section.
  • Expand “Role Administration Tools.”
  • Further expand the section labeled “AD DS and AD LDS Tools.”

Картинка с сайта: www.electronicshub.org

• • Check the box for “AD DS Tools” and click “OK” to confirm.

By following these steps, you’ll successfully install and enable ADUC on Windows 10 version 1803 or earlier.

How To Use Active Directory Users And Computers?

Active Directory Users and Computers (ADUC) is a central tool used by IT administrators to manage network resources like users, computers, and groups within an organization. Below, we’ll go through how to use ADUC for some of the most common tasks, such as creating users, managing groups, and resetting passwords.

1. Opening Active Directory Users And Computers

Before you can start managing your network, you need to access ADUC. It’s easy to locate, and once open, you’ll have a view of all the users, computers, and organizational units (OUs) in your domain.

• Go to the Windows search bar and type Active Directory Users and Computers.
• Select it from the search results to open the console.
• The left pane of the console shows your domain structure, including folders like Users, Computers, and OUs.

2. Creating A New User

Creating user accounts is one of the most frequent tasks in ADUC. New accounts give employees access to network resources and services.

• In ADUC, navigate to the Users container or any OU where you want to create the new account.
• Right-click the container, then select New > User.
• A wizard will guide you through entering the user’s details like first name, last name, and logon name.
• Set a password for the user and configure options like whether the user needs to change their password upon first logon.
• Click Next and then Finish to complete the user creation.

3. Creating A New Organizational Unit (OU)

An Organizational Unit (OU) helps group resources like users or computers for easier management. OUs are useful for applying policies and managing permissions on specific sections of your network.

• In ADUC, right-click your domain or an existing OU and select New > Organizational Unit.
• Name the new OU based on its purpose (e.g., “Sales” or “IT Department”).
• Click OK to create the OU. You can now move users, computers, or groups into this OU for better organization and management.

4. Managing User Properties

You may need to update or change details for existing user accounts, such as group memberships, logon restrictions, or contact information.

• In the ADUC console, navigate to the Users container or OU where the user is located.
• Right-click the user account and select Properties.
• The Properties window allows you to modify various details, including:
• General Information (name, description)
• Group Membership (which groups the user belongs to)
• Account Settings (logon restrictions, password settings)
• Once changes are made, click OK to save them.

5. Resetting User Passwords

When a user forgets their password, you can easily reset it through ADUC, allowing them to regain access to their account.

• Locate the user account in ADUC.
• Right-click on the user account and choose Reset Password.
• Enter the new password, confirm it, and choose whether the user must change their password upon next login.
• Click OK to reset the password.

6. Managing Computers

ADUC isn’t just for managing users; you can also add and manage computers in your network. This ensures that all devices are properly tracked and managed within your organization.

• In ADUC, navigate to the Computers container or an OU where you want to add a new computer.
• Right-click the container, then select New > Computer.
• Enter a name for the computer and click Next.
• Click Finish to complete the process. The computer is now part of the Active Directory.

7. Deleting Users Or Computers

When users leave the organization or computers are no longer in use, it’s important to remove them from Active Directory to maintain an organized and secure network.

• Navigate to the Users or Computers container, or find the object in its OU.
• Right-click on the user or computer you want to remove and select Delete.
• Confirm the deletion when prompted. The object is permanently removed from Active Directory.

8. Group Management

Groups help simplify the management of access permissions by allowing you to assign roles or permissions to multiple users at once.

• In ADUC, right-click on a container or OU and select New > Group.
• Name the group, choose the group scope (Global, Domain Local, or Universal), and select the group type (Security or Distribution).
• Click OK to create the group.
• To add users to the group, right-click on the group, select Properties, go to the Members tab, and click Add to include the relevant users.

By using ADUC effectively, network administrators can manage user accounts, computers, and permissions in an organized and secure manner. Each of these tasks plays a key role in maintaining a well-structured and efficient network environment.

Other Tools In RSAT Package

The Remote Server Administration Tools (RSAT) package includes a variety of tools that provide administrators with the ability to manage different aspects of Windows Server environments. Along with Active Directory Users and Computers (ADUC), many other useful tools are included in RSAT. Below are some key tools that help streamline network and system administration:

• Active Directory Administrative Center (ADAC): ADAC offers a modern, user-friendly interface for managing users, groups, and computers within the Active Directory environment. It includes advanced features like fine-grained password policies and the Active Directory Recycle Bin, which allows for the recovery of deleted objects.
• Active Directory Module For Windows PowerShell: This module enables administrators to manage Active Directory through PowerShell. It allows for automation of tasks like user creation, group management, and configuring policies via scripts. Administrators can run PowerShell cmdlets to perform bulk operations, making the management of large networks more efficient.
• Active Directory Sites And Services: This tool is used to manage site topology within an Active Directory environment. It allows administrators to configure replication between domain controllers in different physical locations, ensuring that data is synchronized across all sites efficiently. It’s especially important for large organizations with geographically distributed offices.
• DNS Manager: This tool allows for the management of Domain Name System (DNS) settings. It helps administrators create, configure, and maintain DNS zones and records, and troubleshoot name resolution issues. DNS is critical for mapping domain names to IP addresses, ensuring network stability and performance.
• DHCP Manager: With Dynamic Host Configuration Protocol (DHCP) Manager, administrators can manage DHCP servers to configure IP address scopes, reservations, and settings for devices in the network. This tool ensures that all devices receive the correct IP configurations automatically.
• File Services Tools: These tools allow for the management of file servers, enabling administrators to configure shared folders, storage quotas, and Distributed File System (DFS) namespaces. They help maintain control over file access and resource sharing across the network.
• Group Policy Management Console (GPMC): GPMC is used to create, manage, and apply Group Policy Objects (GPOs). Administrators can enforce security settings, configure software installations, and apply system configurations network-wide, ensuring uniformity and compliance across all devices.
• Hyper-V Manager: This tool is essential for managing virtual machines (VMs) on Hyper-V hosts. It allows administrators to create, configure, and monitor virtual environments, making it a critical tool for virtualized infrastructure.
• Windows Server Update Services (WSUS): WSUS tools help manage software updates across Windows Server environments. Administrators can approve or decline updates, schedule installations, and generate reports on update compliance to ensure that systems are patched and secure.
• Failover Cluster Manager: This tool is used to manage failover clusters in Windows Server environments. It allows administrators to monitor cluster nodes, configure high-availability services, and ensure continuous uptime by providing redundancy in case of server failure.
• IP Address Management (IPAM): IPAM helps administrators monitor and manage IP address spaces, DHCP server configurations, and DNS settings across the network. It’s especially useful for large networks with a complex address structure.
• Certificate Authority Management Tools: These tools help manage Public Key Infrastructure (PKI), allowing administrators to issue, manage, and revoke digital certificates, which are critical for securing communication in a network.

Each tool included in RSAT plays a significant role in the day-to-day management and maintenance of network infrastructure. Having access to these tools makes it easier to perform tasks like monitoring servers, managing resources, and enforcing policies across the network.

Tips To Manage ADUC Effectively

Managing Active Directory Users and Computers (ADUC) can become complex, especially in larger environments. However, there are strategies and best practices that can simplify this process and help ensure the network runs smoothly. Below are some tips to manage ADUC more efficiently, making your administrative tasks easier and more organized.

• Use Organizational Units (OUs) For Structure: Organize users, computers, and groups into OUs based on department, location, or role. This simplifies management and allows for easy application of Group Policies.
• Leverage Group Policies: Apply Group Policy Objects (GPOs) at the OU level to enforce security settings, manage software deployments, and configure system settings across multiple users or computers.
• Implement Naming Conventions: Use clear, consistent naming conventions for users, computers, and OUs. This makes it easier to search, organize, and manage Active Directory objects.
• Set Password Expiration Policies: Regularly enforce password changes by setting expiration policies through ADUC. This ensures stronger security and reduces the risk of compromised accounts.
• Use Security Groups For Access Control: Assign users to Security Groups to manage access permissions efficiently. Rather than assigning permissions individually, you can grant access to resources based on group membership.
• Audit And Clean Up Unused Accounts: Periodically review and disable inactive user and computer accounts. This reduces clutter in the Active Directory and prevents security risks from unused or outdated accounts.
• Delegate Administrative Tasks: Delegate specific administrative responsibilities to other users, such as resetting passwords or managing specific OUs, using Delegate Control in ADUC. This reduces the workload for primary administrators and improves efficiency.
• Enable Account Lockout Policies: Set policies that lock out user accounts after a certain number of failed login attempts. This helps to prevent brute-force attacks on user credentials.
• Monitor Group Membership Changes: Regularly review changes in group membership to ensure that users have the correct level of access. This helps prevent unauthorized access to sensitive resources.
• Use Logon Hours For Enhanced Security: Set logon hours for users who should only have access to the network during specific times. This adds an extra layer of security by limiting when users can log in.

Following these tips can significantly enhance the way you manage your Active Directory environment, ensuring both efficiency and security.

FAQs:

Conclusion

We hope this guide has made the process of installing Active Directory Users and Computers (ADUC) clearer and more manageable for you. By breaking down each step, our goal was to help you navigate the setup with confidence, ensuring your network runs smoothly. Did you find the instructions helpful? Let us know if there are any additional details you’d like us to cover or if there’s anything else we can assist you with!

Active Directory Users and Computers (ADUC) is part of Microsoft’s Active Directory (AD). This system manages all the critical user details, such as names, emails, addresses, and crucial login information like passwords. In the IT world, when people talk about “Active Directory”, they’re often referring to ADUC. It’s the go-to tool for organizing and controlling access within your network.

If you want to learn more about Active Directory Users and Computers, consider enrolling in our free Active Directory Fundamentals course at the link below:

How to Install Active Directory Users and Computers on Windows 10

Installing Active Directory Users and Computers (ADUC) on Windows 10 is straightforward. The process varies slightly depending on your version of Windows 10, but it’s nothing too complicated. Let’s break it down into two parts based on the Windows 10 version you’re using.

Verify Your Version of Windows

Before proceeding with the installation steps outline below, be sure to confirm which version of Windows you have. It’s also important to note what edition of Windows you have since that will require different steps.

To verify your version of Windows, click the windows button, and search for “system info,” and select “System Information” from the search results:

Картинка с сайта: serveracademy.com

Look for “OS Name” and “Version”.

Картинка с сайта: serveracademy.com

Install ADUC on Windows 10 Pro 1809+, and Windows 11 with PowerShell

If you’re using Windows 11 (Home or Pro), execute the following PowerShell command to see what you have available:

Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, Name, State

This returns a list shown below. I want to install the first option, which for my computer is “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”.

Картинка с сайта: serveracademy.com

I can install this with the following PowerShell command:

Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

For Windows 10 Pro Version 1809 and Above without PowerShell

If you’re using Windows 10 Pro version 1809 or later, installing ADUC is part of adding the ‘RSAT: Active Directory Domain Services and Lightweight Directory Tools’ feature. Here’s how to do it:

1. Open Settings: Click on the Start menu and select ‘Settings’.
2. Access Apps & Features: Navigate to ‘Apps’ and then to ‘Optional Features’.
3. Add a Feature: Click on ‘Add a feature’ at the top of the page.
4. Find and Install RSAT Tools: Scroll or search for ‘RSAT: Active Directory Domain Services and Lightweight Directory Tools’. Select it and click ‘Install’.
5. Wait for Installation: The installation might take a few minutes. Once done, you’ll have ADUC available to use.

This is a pretty hassle-free process, and it’s nice that Microsoft made these tools readily available without needing additional downloads.

For Windows 10 Version 1803 and Below

For older versions of Windows 10 or for Windows 10 Home, like version 1803 and below, you’ll need to download the RSAT package manually. Here’s how:

1. Visit Microsoft’s Download Center: Search for ‘RSAT for Windows 10’ in your web browser and visit the Microsoft Download Center link.
2. Download the RSAT Installer: Choose the correct version of the RSAT installer based on your Windows 10 version.
3. Run the Installer: Once downloaded, run the installer and follow the on-screen instructions.
4. Enable ADUC: After installation, go to ‘Control Panel’, select ‘Programs’, then ‘Turn Windows features on or off’. Here, check the box for ‘AD DS and AD LDS Tools’.

How to Start Active Directory Users and Computers (ADUC)

Once you’ve successfully installed Active Directory Users and Computers (ADUC) on your Windows 10 machine, the next step is to actually start using it. Launching ADUC is a breeze, and once you’re in, you’ll find a range of options to manage your network’s users and computers effectively. Let’s walk through how to get it up and running.

Accessing ADUC

To open ADUC, you’ll typically use the Windows search function:

1. Open the Start Menu: Click the Windows icon on your taskbar.
2. Search for ADUC: In the search bar, type “Active Directory Users and Computers”.
3. Launch the Tool: Click on the ADUC application that appears in the search results.

If it’s your first time using ADUC, you might want to pin it to your Start menu or taskbar for quick access in the future. Simply right-click on the ADUC app in the search results and choose ‘Pin to Start’ or ‘Pin to Taskbar’.

Navigating the ADUC Interface

When you first open ADUC, you’ll be greeted with a tree-view of your Active Directory environment.

Картинка с сайта: serveracademy.com

Here, you’ll see your domain and a series of folders representing various organizational units (OUs) and groups.

Navigating through this interface is straightforward. You can expand each OU to see the objects (like user accounts and groups) within them. Right-clicking on objects or the space in the console gives you a context-specific menu, offering various administrative tasks you can perform, like resetting passwords or creating new users.

Some Quick Tips

• Use the ‘Find’ Feature: If you’re looking for a specific user or group, the ‘Find’ function is incredibly handy. It’s a bit like using the search function on your computer – simple and efficient.
• Familiarize Yourself with Context Menus: Right-clicking on different items in the ADUC gives you a lot of options. Spend some time getting to know these – they’re great time-savers.

Basic Features and Functionalities of Active Directory Users and Computers

Active Directory Users and Computers (ADUC) is chock-full of features that can simplify the life of a network administrator. Understanding its core functionalities is key to leveraging its full potential. Let’s delve into some of the basic yet powerful features of ADUC.

User Account Management

At its core, ADUC is about managing user accounts. Here are some of the things you can do:

• Create New User Accounts: You can set up new user accounts, complete with detailed personal information and login credentials.
• Modify Existing Accounts: Need to update a user’s details or change their group memberships? It’s just a few clicks away in ADUC.
• Delete or Disable Accounts: When a user leaves or needs to be temporarily removed from the network, you can either disable or delete their account.

Group Management

Groups help organize your AD objects like Users and Computers. Create groups based on department, role, access needs, or anything else you can think of. This allows you to apply Group Policies Objects (or GPOs) to the specific groups and configure specific settings for that group.

Organizational Units (OUs)

OUs are like folders that help you organize and manage users, groups, and other AD objects more efficiently. Once you create an OU, like groups, you can apply specific Group Policy Objects to that organizational unit.

You can create OUs any way you see fit and whatever makes sense to you while organizing your domain, but it should be created with the idea that later you’ll come back and apply GPOs and apply security settings.

Finding and Managing Objects

ADUC comes with a robust search feature that lets you quickly find any object in your directory. It’s particularly useful when you’re managing a large number of users and groups.

Security and Permissions

Managing security settings and permissions is a big part of ADUC. You can:

• Set Permissions: Define what users can and cannot access.
• Manage Security Groups: Use security groups to apply permissions to a set of users.

Conclusion

That provides a basic overview of Active Directory Users and Computers including it’s installation. If you want a more indepth tutorial on Active Directory, you can check out our other blog post titled Active Directory 101: A Step-by-Step Tutorial for Beginners. If you want more formal training, consider our free Active Directory Fundamentals course below:

Leave a comment below and let us know what you thought in the comments below!

Any Windows Server administrator must have used the Active Directory Users and Computers (ADUC) Microsoft Management Console on a Domain Controller (DC). Using this console, you can control and manage users, user groups, computers, and the Organizational Units (OUs) in the domain.

The ADUC console is no longer limited to servers anymore. You can install the Active Directory Users and Computers snap-in on a Windows 11 or Windows 10 computer as well, which performs the same functions as the original Server console. This snap-in is part of the Remote Server Administration Tools (RSAT) for Windows operating systems.

We have written separate posts for installing any RSAT tools on Windows 11 and Windows 10. This article focuses on installing specifically the Active Directory Users and computers snap-in on a Windows PC and then using it to manage your domain.

How to Install Active Directory Users and Computers (ADUC) on Windows

All RSAT tools, including the Active Directory Users and Computers snap-in, allow you to manage the different Active Directory components as if you are on the server itself. This way, you do not always have to access the server, neither physically nor remotely, to perform an action.

You can download and install the Active Directory Users and Computers snap-in using the Settings app, from the Command Prompt, and Windows PowerShell.

Note: On Windows 10 v1803 and older, you must download and install all RSAT tools using the MSI files. You can find the MSI files for your version of Windows here.

Install Active Directory Users and Computers from Settings App

The easiest way to install the ADUC snap-in on a Windows PC is from the settings app. It does involve more steps than the other methods shared below, but this is the only method using the Windows GUI.

Use these steps to install the ADUC snap-in from the Settings app:

1. Navigate to the following:

   Settings app >> Apps >> Optional Features

2. Click “View features.”

   

   Картинка с сайта: www.itechtics.com

3. Search for “Active Directory,” select “RSAT: Active Directory Domain Services and Lightweight Directory Services Tools,” and click Next.

   

   Картинка с сайта: www.itechtics.com

4. Click “Install.”

   

   Картинка с сайта: www.itechtics.com

5. Once installed, restart the computer.

The Active Directory Users and Computers snap-in will now be installed. If you prefer installing it using the command line, refer to the sections below. To learn how to use the snap-in, continue reading down.

Install Active Directory Users and Computers from Command Prompt

Below are the simple steps to install Active Directory Users and Computers snap-in using the Command Prompt:

1. Open an elevated Command Prompt instance.

2. Run the following command:

   DISM /Online /Add-Capability /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

   

   Картинка с сайта: www.itechtics.com

The ADUC snap-in should now be installed. Run the following command in Command Prompt to confirm that the Active Directory Users and Computers snap-in has been installed:

DISM.exe /Online /Get-CapabilityInfo /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

Картинка с сайта: www.itechtics.com

You should see “Installed” in front of Status.

Install Active Directory Users and Computers from PowerShell

Use the following steps to install the Active Directory Users and Computer snap-in using PowerShell:

1. Launch an elevated PowerShell instance.

2. Run the following command to install ADUC:

   Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0

   

   Картинка с сайта: www.itechtics.com

The ADUC snap-in should now be installed. To confirm its status, run the following command in PowerShell:

Get-WindowsCapability -Online | Where-Object {$_.Name -like "RSAT.ActiveDirectory*"}

Картинка с сайта: www.itechtics.com

You should see “Installed” in front of State.

These are all the methods to install the Active Directory Users and Computers snap-in on a Windows 11/10 PC. Let us now continue to see how to use this tool.

How to Use Active Directory Users and Computers

How to Open Active Directory Users and Computers Snap-In

Now that Active Directory Users and Computers is installed, you can open it by searching for it in the Start menu, or running the following in the Run Command box:

dsa.msc

Alternatively, you can also open the ADUC snap-in through the Control Panel at the following location:

Control Panel >> System and Security >> Windows Tools

Картинка с сайта: www.itechtics.com

If your computer is connected to a domain and you are logged in from an authorized domain account, then the ADUC snap-in will automatically connect to the server. However, if one is not connected, then you must connect to the Domain Controller.

Connect ADUC to Domain Controller

Use these steps to connect to a Domain Controller. You can also use these to change your domain/Domain Controller.

1. From the ADUC console, click “Action,” and then click “Change Domain Controller.”

   

   Картинка с сайта: www.itechtics.com

   The Change Directory Server window will now open.

2. Select the “This Domain Controller or AD LDS instance” radio button, then select the Domain Controller from the give list and click Ok.

   

   Картинка с сайта: www.itechtics.com

The ADUC will now connect to the Domain Controller and populate the fields.

Картинка с сайта: www.itechtics.com

Now that you are connected to the Domain Controller, you can now begin making changes and managing the different components of the domain.

Manage Users, Computers, Organizational Unit using ADUC

Картинка с сайта: www.itechtics.com

You can now begin adding new users, computers, printers, and Organizational Units to the domain. Simply right-click on the OU that you want to add the new device/user to, expand “New”, and select the element that you want to add.

Once you have selected the element to add, the respective window will open, where you can then configure the component to add.

You can now also use other operators to manage the users, devices, and other elements configured inside the domain directly from your Windows PC.

Additionally, you can also manage what you see inside the snap-in. Click “View” from the top menu and select the things that you want to see. You can then also click “Filter options” to open the advanced viewing options.

Картинка с сайта: www.itechtics.com

The list does not end here. There are a bunch of other management options you can perform directly from the ADUC snap-in on a Windows PC. We suggest that you play around to discover all the options. However, we advise caution and only use the console if you know what you are doing.

What is Active Directory Users and Computers Used For

By now, we have a pretty good understanding of what the ADUC snap-in can be used for. However, there is more to it than meets the eye. The Active Directory Users and Computers RSAT tool can be used to perform the following actions:

• Create and manage user accounts, computers, and Active Directory groups.
• View and edit AD object attributes with ADSI Edit.
• Search for AD objects.
• Change or reset user password in Active Directory.
• Create organizational units and build hierarchical structures for AD objects. You can also delegate administrative permission on these OUs to other domain users.
• Delegate administrative permissions.
• Raise domain functional level, and transfer FSMO roles with PowerShell to another domain controller.

From this, it is understood how useful the ADUC snap-in is for administrators that use Windows client PCs.