Оснастка Active Directory Users and Computers (или ADUC) – это одна из наиболее часто используемых консолей управления объектами в домене Active Directory. Вы можете установить mmc оснастку ADUC как на Windows Server, так и на десктопные Windows 10 и 11. Консоль ADUC входит в состав набора компоненту администрирования Microsoft Remote Server Administration Tools (RSAT). В этой статье мы покажем, как установить и использовать консоль управление Active Directory Users and Computers в Windows.
Содержание:
- Установка оснастки RSAT Active Directory в Windows 10 и 11
- Как пользоваться консолью Active Directory?
- Подключение консоли ADUC к домену из рабочей группы
Установка оснастки RSAT Active Directory в Windows 10 и 11
В современных версиях Windows 10 (начиная с билда 1809) и в Windows 11 инструменты администрирования RSAT устанавливаются онлайн в виде Features on Demand. Чтобы установить инструменты администрирования RSAT Active Directory в Windows 10/11, перейдите в Settings -> Apps -> Optional Features -> Add an optional feature (View features).
Наберите в поисковой строке Active Directory и выберите для установки компонент RSAT: Active Directory Domain Services and Lightweight Directory Services Tool.
Нажмите Next-> Install для начала установки.
Windows подключится к серверам Microsoft, скачает и установит набор инструментов для управления Active Directory (включает в себя графические консоли Active Directory, утилиты командной строки и модуль Active Directory PowerShell).
Либо вы можете установить набор компонентов администрирования AD с помощью PowerShell:
Add-WindowsCapability –online –Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
В изолированных сетях, в которых нет доступа в интернет, вы можете установить инструменты RSAT Active Directory с помощью ISO образа Windows 10 Features on Demand (образ FoD можно скачать из кабинета лицензирования Microsoft).
Для установки инструментов Active Directory, из сетевого каталога с содержимым образа FoD выполните команду:
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -LimitAccess -Source \\fs01\Distr\Windows10-FOD\
В предыдущих билдах Windows 10, а также в Windows 8.1, установить RSAT можно с помощью MSU обновления. Скачать RSAT можно здесь:
- RSAT для Windows 10 1803/1709 — https://www.microsoft.com/en-us/download/details.aspx?id=45520
- RSAT для Windows 8.1 — https://www.microsoft.com/en-us/download/details.aspx?id=39296
Скачайте версию файла RSAT в зависимости от разрядности вашей операционной системы и установите его. Дважды щелкните по файлу для начала установки:
Или установите MSU файл RSAT из командной строки в «тихом» режиме:
wusa.exe c:\Install\WindowsTH-RSAT_TP5_Update-x64.msu /quiet /norestart
После окончания установки RSAT нужно перезагрузить компьютер.
Осталось активировать необходимый функционал RSAT. Для этого:
- Щелкните ПКМ по кнопке Start и выберите Control Panel (Панель управления)
- Выберите Programs and Features (Программы и компоненты)
- В левой панели нажмите кнопку Turn Windows features on or off
- В дереве компонентов разверните Remote Server Administration Tools-> Role Administration Tools -> AD DS and AD LDS Tools
- Отметьте раздел AD DS Tools и нажмите OK.
Установка оснастки ADUC также может быть выполнена из командой строки. Последовательно выполните 3 команды:
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns
После установки оснасток управления, в разделе Administrative Tools панели управления (Control Panel\System and Security\Windows Tools) появится ссылка на консоль Active Directory Users and Computers.
Как пользоваться консолью Active Directory?
Чтобы запустить консоль ADUC, щелкните по ярлыку в панели управления или выполните команду:
dsa.msc
Все аутентифицированные пользователи домена могут использовать консоль ADUC для просмотра объектов Active Directory.
Если ваш компьютер состоит в домене Active Directory, то консоль ADUC подключится к контролеру домена, на основании текущего Logon сервера. Имя контроллера домена, с которого вы получаете информации указано в верху.
Вы можете подключиться к другому контроллеру домена AD или другому домену, щелкнув по корню консоли и выбрав пункт в контекстном меню.
В консоли Active Directory отображается древовидная структура организационных юнитов (Organizational Unit, OU) вашего домена (и отдельный раздел с сохраненными запросами/ Saved Queries AD).
Администратор домена может создавать контейнеры (OU) в соответствии с физической или логической структуры предприятиями. С помощью контекстного меню можно создать новые объекты в AD (пользователей, группы, компьютеры, OU, контакты), переименовать, переместить или удалить объекты. В зависимости от типа объекта, который вы выбрали пункты контекстного меню могут отличаться.
Например, у пользователя есть опции на сброс пароля в AD или блокировку/разблокировку учетной записи.
Вы можете использовать контекстное меню Search для поиска объектов в AD.
Администратор может делегировать права на создание/редактирование/удаление объектов в Active Directory другим пользователям или группам.
С помощью меню View -> Add/Remove columns можно добавить атрибуты объектов, которые вы хотите отображать в консоли ADUC.
В консоли ADUC можно посмотреть или изменить свойства объектов домена. Например, можно открыть свойства пользователя и изменить его настройки. Часть свойств пользователя находится на соответствующих вкладках, а полный список атрибутов пользователя доступен на вкладке редактора атрибутов AD (Attribute Editor).
Можно добавить отдельную вкладку с фотографией пользователя AD.
Чтобы показывать системные контейнеры и свойства объектов в оснастке AD (по умолчанию скрыты), включите опцию View -> Advanced features.
После этого у всех объектов появится ряд системных вкладок. Например, на вкладке Object можно получить каноническое имя объекта, дату создания учетной записи и включить опцию защиты от удаления (protect object from accidental deletion).
Подключение консоли ADUC к домену из рабочей группы
Если вы хотите подключится консолью ADUC к контроллеру домена с компьютера, который не включен в домен (состоит в рабочей группе), воспользуйтесь таким методом:
- Запустите командную строку и выполните команду запуска оснастки от имени другого пользователя:
runas /netonly /user:winitpro\aaivanov mmc - В пустой консоли MMC выберите File->Add/Remove Snap-In
- Перенесите оснастку Active Directory Users and Computers в правую панель и нажмите Add;
- Чтобы подключится к домену, щелкните по корню консоли и выберите Change domain. Укажите имя домена.
В результате консоль ADUC подключится к контроллеру домена, получит и отобразит структуру контейнеров (OU) данного домена Active Directory.
Active Directory Users and Computers (ADUC) is part of Microsoft’s Active Directory (AD). This system manages all the critical user details, such as names, emails, addresses, and crucial login information like passwords. In the IT world, when people talk about “Active Directory”, they’re often referring to ADUC. It’s the go-to tool for organizing and controlling access within your network.
If you want to learn more about Active Directory Users and Computers, consider enrolling in our free Active Directory Fundamentals course at the link below:
Course: Active Directory Fundamentals
This free course will teach you the fundamentals of Active Directory. You’ll learn how to create and…
10 Lessons
1 Quizzes
1 Labs
1 Hr
How to Install Active Directory Users and Computers on Windows 10
Installing Active Directory Users and Computers (ADUC) on Windows 10 is straightforward. The process varies slightly depending on your version of Windows 10, but it’s nothing too complicated. Let’s break it down into two parts based on the Windows 10 version you’re using.
Verify Your Version of Windows
Before proceeding with the installation steps outline below, be sure to confirm which version of Windows you have. It’s also important to note what edition of Windows you have since that will require different steps.
To verify your version of Windows, click the windows button, and search for “system info,” and select “System Information” from the search results:
Look for “OS Name” and “Version”.
Install ADUC on Windows 10 Pro 1809+, and Windows 11 with PowerShell
If you’re using Windows 11 (Home or Pro), execute the following PowerShell command to see what you have available:
Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, Name, StateThis returns a list shown below. I want to install the first option, which for my computer is “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”.
I can install this with the following PowerShell command:
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0For Windows 10 Pro Version 1809 and Above without PowerShell
If you’re using Windows 10 Pro version 1809 or later, installing ADUC is part of adding the ‘RSAT: Active Directory Domain Services and Lightweight Directory Tools’ feature. Here’s how to do it:
- Open Settings: Click on the Start menu and select ‘Settings’.
- Access Apps & Features: Navigate to ‘Apps’ and then to ‘Optional Features’.
- Add a Feature: Click on ‘Add a feature’ at the top of the page.
- Find and Install RSAT Tools: Scroll or search for ‘RSAT: Active Directory Domain Services and Lightweight Directory Tools’. Select it and click ‘Install’.
- Wait for Installation: The installation might take a few minutes. Once done, you’ll have ADUC available to use.
This is a pretty hassle-free process, and it’s nice that Microsoft made these tools readily available without needing additional downloads.
For Windows 10 Version 1803 and Below
For older versions of Windows 10 or for Windows 10 Home, like version 1803 and below, you’ll need to download the RSAT package manually. Here’s how:
- Visit Microsoft’s Download Center: Search for ‘RSAT for Windows 10’ in your web browser and visit the Microsoft Download Center link.
- Download the RSAT Installer: Choose the correct version of the RSAT installer based on your Windows 10 version.
- Run the Installer: Once downloaded, run the installer and follow the on-screen instructions.
- Enable ADUC: After installation, go to ‘Control Panel’, select ‘Programs’, then ‘Turn Windows features on or off’. Here, check the box for ‘AD DS and AD LDS Tools’.
How to Start Active Directory Users and Computers (ADUC)
Once you’ve successfully installed Active Directory Users and Computers (ADUC) on your Windows 10 machine, the next step is to actually start using it. Launching ADUC is a breeze, and once you’re in, you’ll find a range of options to manage your network’s users and computers effectively. Let’s walk through how to get it up and running.
Accessing ADUC
To open ADUC, you’ll typically use the Windows search function:
- Open the Start Menu: Click the Windows icon on your taskbar.
- Search for ADUC: In the search bar, type “Active Directory Users and Computers”.
- Launch the Tool: Click on the ADUC application that appears in the search results.
If it’s your first time using ADUC, you might want to pin it to your Start menu or taskbar for quick access in the future. Simply right-click on the ADUC app in the search results and choose ‘Pin to Start’ or ‘Pin to Taskbar’.
Navigating the ADUC Interface
When you first open ADUC, you’ll be greeted with a tree-view of your Active Directory environment.
Here, you’ll see your domain and a series of folders representing various organizational units (OUs) and groups.
Navigating through this interface is straightforward. You can expand each OU to see the objects (like user accounts and groups) within them. Right-clicking on objects or the space in the console gives you a context-specific menu, offering various administrative tasks you can perform, like resetting passwords or creating new users.
Some Quick Tips
- Use the ‘Find’ Feature: If you’re looking for a specific user or group, the ‘Find’ function is incredibly handy. It’s a bit like using the search function on your computer – simple and efficient.
- Familiarize Yourself with Context Menus: Right-clicking on different items in the ADUC gives you a lot of options. Spend some time getting to know these – they’re great time-savers.
Basic Features and Functionalities of Active Directory Users and Computers
Active Directory Users and Computers (ADUC) is chock-full of features that can simplify the life of a network administrator. Understanding its core functionalities is key to leveraging its full potential. Let’s delve into some of the basic yet powerful features of ADUC.
User Account Management
At its core, ADUC is about managing user accounts. Here are some of the things you can do:
- Create New User Accounts: You can set up new user accounts, complete with detailed personal information and login credentials.
- Modify Existing Accounts: Need to update a user’s details or change their group memberships? It’s just a few clicks away in ADUC.
- Delete or Disable Accounts: When a user leaves or needs to be temporarily removed from the network, you can either disable or delete their account.
Group Management
Groups help organize your AD objects like Users and Computers. Create groups based on department, role, access needs, or anything else you can think of. This allows you to apply Group Policies Objects (or GPOs) to the specific groups and configure specific settings for that group.
Organizational Units (OUs)
OUs are like folders that help you organize and manage users, groups, and other AD objects more efficiently. Once you create an OU, like groups, you can apply specific Group Policy Objects to that organizational unit.
You can create OUs any way you see fit and whatever makes sense to you while organizing your domain, but it should be created with the idea that later you’ll come back and apply GPOs and apply security settings.
Finding and Managing Objects
ADUC comes with a robust search feature that lets you quickly find any object in your directory. It’s particularly useful when you’re managing a large number of users and groups.
Security and Permissions
Managing security settings and permissions is a big part of ADUC. You can:
- Set Permissions: Define what users can and cannot access.
- Manage Security Groups: Use security groups to apply permissions to a set of users.
Conclusion
That provides a basic overview of Active Directory Users and Computers including it’s installation. If you want a more indepth tutorial on Active Directory, you can check out our other blog post titled Active Directory 101: A Step-by-Step Tutorial for Beginners. If you want more formal training, consider our free Active Directory Fundamentals course below:
Course: Active Directory Fundamentals
This free course will teach you the fundamentals of Active Directory. You’ll learn how to create and…
10 Lessons
1 Quizzes
1 Labs
1 Hr
Leave a comment below and let us know what you thought in the comments below!
One of the main tools for performing administrative tasks in an Active Directory domain is the Active Directory Users and Computers (ADUC) MMC snap-in. The ADUC is a Microsoft Management Console snap-in dsa.msc which is used to manage users, groups, computers, and Organizational units in the AD domain.
In this article, we will look at how to install the Active Directory Users and Computers console on computers running Windows Server and desktop editions of Windows 10 and 11.
Installing Active Directory Users and Computers Snap-in on Windows Server
The ADUC console is automatically installed on a Windows server when it’s promoted to the domain controller as part of the Active Directory Domain Services (AD DS) role deployment. You can manually install the ADUC snap-in on any Windows Server member host.
You can install ADUC console on Windows Server 2022/2019/2016 using Server Manager (Add roles and features > Features > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS Tools > AD DS Snaps-Ins and Command Line Tools) or with the PowerShell command:
Install-WindowsFeature -Name RSAT-ADDS-Tools
Check that the ADUC console is installed on Windows Server:
Get-WindowsFeature -Name RSAT-ADDS-Tools
How to Install ADUC on Windows 10 and 11
An ADUC snap-in can be installed as part of the Remote Server Administration Tools (RSAT) on the Pro and Enterprise editions of Windows 10 and Windows 11 (but not on the Home editions). You can install ADUC on Windows 10 and 11 by using the Settings app or with PowerShell.
Enable Active Directory Users and Computers Console on Windows 10 and 11
On modern versions of Windows 10 and 11 (with build 1809 and later), you can install the ADUC console from the modern Settings app.
- Press the Start menu > Settings > System;
- Select Optional Features > Add a feature;
- From the list of optional features, select RSAT: Active Directory Domain Services and Lightweight Directory Tools, and press Install.
- Windows will download the ADUC RSAT binary files and install them on your computer.
- You will need to restart your computer when the RSAT installation is complete.
The RSAT was distributed as a separate MSU update file in previous versions of Windows. For example, to install RSAT on Windows 10 1803, you must download and install the KB2693643 update. You can then enable a specific RSAT option using the Control Panel > Turn Windows Features On or Off applet (optionalfeatures.exe).
Install the ADUC Snap-in on Windows 10 or 11 Using PowerShell
You can use PowerShell to install the Active Directory console on Windows 10 and 11. Open an elevated PowerShell prompt and run the command to check whether the RSAT Active Directory feature is installed on your computer:
Get-WindowsCapability -Online | Where-Object {$_.Name -like "RSAT.ActiveDirectory*"}
In this case the RSAT: Active Directory Domain Services and Lightweight Directory Services Tools feature is not installed (State > NotPresent).
If the RSAT ActiveDirectory Tools feature is missing, you can install it:
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
You can also use the DISM command to install the RSAT ADUC feature:
DISM /Online /Add-Capability /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
Check the AD RSAT status. The State should be changed to Installed.
Note. The PowerShell Active Directory module is also installed with the ADUC console.
Unable to Install RSAT Active Directory on Windows
The RSAT components in the latest versions of Windows are delivered as Features on Demand (FoD). Windows doesn’t store the local RSAT binaries on a local drive; instead, it downloads the RSAT files from the Microsoft Update servers. If your computer is in an isolated (disconnected) environment, you will receive an error when you try to install the ADUC snap-in:
0x800f0954 No features to install
You can use the FoD ISO image to install the RSAT components on offline computers. FoD DVD medias is available for download from your Volume License Servicing Center (VLSC) or on my.visualstudio.com.
Download and mount the FoD ISO image to a virtual drive (for example, to drive F:). You can then install the ADUC feature from local media using the command:
Add-WindowsCapability -online -name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -source -Source "F:\" –LimitAccess
If you are using WSUS or SCCM to deploy Windows updates to client devices, you must enable the special GPO option to correctly install Features on Demand (including ADUC) on computers.
- Open the local Group Policy Editor (gpedit.msc) and go to Computer Configuration > Administrative Templates > System;
- Enable the GPO option Specify settings for optional component installation and component repair and check the Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS);
- Update the Group Policy settings on the computer by using the command: gpupdate /force.
Without this option, Windows 11 will try to get RSAT from your local Windows Update Server (errors 0x8024402c and 0x800f081f).
How to Open and Use Active Directory (DSA.msc) Snap-in on Windows
To run the Active Directory snap-in on Windows 11, go to Start Menu > All Programs > Windows Tools.
On Windows 10 (and previous versions) the AD Management snap-ins are available in the Administrative Tools section of the Control Panel.
As you can see, it refers to the MMC console %SystemRoot%\system32\dsa.msc.
This means that you can quickly open the ADUC console by pressing Win+R, typing dsa.msc and clicking OK.
If your computer is joined to the Active Directory domain, the ADUC console will automatically connect to the nearest DC in your Active Directory site.
If the console can’t find the domain controller, you can use the PowerShell command to get the name of your LogonServer:
$env:LOGONSERVER
Right-click on the root in the ADUC console and select Change Domain Controller. Select the name of your logon DC from the list.
Always use the nearest domain controller when managing Active Directory from ADUC. The RSAT console may become slow when working with a domain controller at a remote site.
If you want to connect to AD using the dsa.msc snap-in from a non-domain joined computer, you must:
- Run the command:
runas /netonly /user:Domain_Name\Domain_USER mmc
- Select File > Add/Remove Snap-In;
- Add Active Directory Users and Computers snap-In to the right pane and press OK;
- Connect to the domain with right-click on ADUC > Connect to the domain and enter the domain name.
The ADUC snap-in should display your Active Directory domain structure.
You will see a standard set of Active Directory OUs and containers:
- Saved Queries — saved search criteria for quick searches against Active Directory (LDAP query supported);
- Builtin — built-in user accounts;
- Computers — default container for computer accounts;
- Domain Controllers — default container for domain controllers;
- ForeignSecurityPrincipals — contains information about objects from trusted external domains;
- Users — default container for user accounts.
Depending on the domain structure, the ADUC console may contain other containers. Some AD containers are not displayed by default. To display them, select View > Advanced Features in the top menu.
In the ADUC console, you can perform the following actions:
- Create and manage user accounts, computers, and Active Directory groups;
- View and edit AD object attributes with ADSI Edit;
- Search for AD objects;
- Change user password in Active Directory or reset it;
- Create Organizational Units and build hierarchical structures for AD objects. Enable or disable OU accidental deletion protection;
- Delegate administrative permission to OUs to non-admin domain users;
- Raise domain functional level, and move FSMO roles to another domain controller.
Cyril Kardashevsky
I enjoy technology and developing websites. Since 2012 I’m running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
ADUC is a Microsoft Management Console (MMC) snap-in that enables administrators to manage Active Directory objects and their attributes. For example, they can:
- Change passwords.
- Reset user accounts.
- Add users to security groups.
- Create and delete organizational units (OUs)
- Assign FSMO roles like RID Master, PDC Emulator and Infrastructure Master to domain controllers.
- Create and manage computers, groups and users and their attributes
- Delegate control of objects.
- Define advanced security and auditing in AD.
You can find more information about Active Directory in our AD tutorial for beginners. Majorly, Active Directory domain controllers will have ADUC installed by default in Windows. However,in some instances it may not be present, which would require you to opt for different ways you may add them in your current version of windows.
Following are the ways that enable you to add Active Directory Users and Computers in current version of windows.
Adding ADUC via Remote Server Administration Tools (RSAT)
In current version of Windows, Remote Server Administration Tools includes ADUC. Hence, to enable ADUC in current version of windows install Remote Server Administration Tools (RSAT).
Note: RSAT can be installed only on computers that are running the Professional or Enterprise versions of Windows.
RSAT enables administrators to run snap-ins and tools to control features, roles and role services on a remote server or other computer. RSAT comes bundled with the operating system starting with Windows Server 2008 R2. For earlier versions of Windows Server, as well as Windows 7 and Windows 8, RSAT is available as a package for download with installation instructions.
The remote administration tools included in the RSAT package include the following:
- Active Directory Users and Computers (ADUC) — Widely used by system administrators to create and manage Active Directory objects
- Active Directory Administrative Center — Used to manage the AD trash can and password policies and to display your PowerShell history
- Active Directory Module for Windows PowerShell — Provides PowerShell cmdlets for administering AD
- Active Directory Domains and Trusts — Allows you to manage functional level, forest functional level and user principal names (UPNs), as well as trusts between forests and domains
- Active Directory Sites and Services — Lets you view and manage your sites and services
- ADSI Edit — Provides some functionality for managing AD objects, though most experts recommend using ADUC
How to fix RSAT errors in Windows 10
RSAT can crash for various reasons, including a failed update, a corrupt installation file or operating system incompatibility. In addition, issues can occur if a server administrator attempts to modify any of its administration tools, especially the Active Directory Administrative Center (ADAC) component of RSAT. Here are some troubleshooting tips:
First, make sure you have the right RSAT version for your operating system. If not, uninstall RSAT and install the correct version.
If you get RSAT installation error 0x800f0954:
- Right-click the Start button > Choose Run > Type msc > Click OK.
- In the local group policy editor, navigate to Computer Configuration > Administrative Templates > System.
- Right-click the Specify settings for optional component installation and component repair policy > Set it to Enabled and check the box Download repair content and optional features directly from Windows Updates instead of Windows Server Updates Services (WSUS).
- Click Apply > Click OK.
- Right-click the Start button > Choose Run > Type gpupdate > Click OK.
RSAT installation error 0x80070003 is usually related to installation from an uncommon location. Copy the installation files to the target machine’s local drive and proceed.
How to Install ADUC on a Windows member server
To install ADUC, use the wizard in Server Manager, a management tool included with Windows Server, as follows:
- Launch Server Manager in one of the following ways:
- Click the Server Manager icon on the taskbar, as shown below:
- Click the Windows Start button and type Server Manager in the search box. Then click the Server Manager icon.
- To open the wizard, click Add roles and features.
- The first page describes what you can do with the wizard and the prerequisites for using it. Click Next to proceed.
- On the next page, select Role-based or feature-based installation and click Next.
- Select either a server from the server pool or a virtual hard disk. Click Next.
- The next page lists the roles you could install. We will skip this and simply click Next.
- On the next page, select Remote Server Administration Tools and AD DS and AD LDS Tools, which will automatically select the other Active Directory management tools. Click Next.
- The next page displays a summary of the tools being installed. Select the Restart the destination server automatically if required checkbox because some of the roles and features require a server restart. Click Install to start the installation.
- On the next page, you can view the installation progress. Click Close at any time to close the wizard; the installation will continue as a running task.
- After the installation succeeds, open Server Manager and click the Tools menu to see the installed tools. The following screenshot shows Active Directory Users and Computers along with other management tools:
How to find Windows version before installing ADUC
You can determine the Windows version by following any of the steps below.
Install ADUC on Windows 10 version 1809 and above
Following are the steps to install ADUC on Windows 10 version 1809 and above:
- Click the Start menu and then click Settings > Apps.
- Click Optional Features, and then click Add a feature.
- Click RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.
- Click Install.
When the installation completes, you will see a new item in the Start menu under Windows Administrative Tools.
Install ADUC using the command line
Alternatively, if you’re using Windows 10 version 1809 or later, you can install ADUC from the command line as follows:
- Click Start (or press Win+R). Type cmd and click Enter.
- Run following commands:
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIn
Install ADUC on Windows 8 or Windows 10 version 1803 and below
- Download Remote Server Administrator Tools for Windows 10 version 1803 and below from the Microsoft Download Center and install it.
- Click the Windows Start button and then click Control Panel > Programs. Under Programs and Features, click Turn Windows features on or off.
- Scroll down in the list of features and expand Role Administration Tools -> AD DS and AD LDS Tools. Check AD DS Tools. Then click OK.
- Once the system has installed the tools, click Restart now.
When the installation completes, the folder Windows Administrative Tools will appear in the Start menu, and ADUC will be in this folder.
Install ADUC on older versions of Windows
If you have an older version of Windows, you can download the appropriate RSAT package and then use Add Windows features in the Control Panel to add the necessary MMC snap-ins.
Note that if you install RSAT on a computer running Windows 7, you must enable the tools manually after RSAT installation.
Go to Start > Control Panel > Programs and Features and use Turn Windows Features On and Off.
ADUC console components
The Active Directory Users and Computers console has some key component that make it easy for system administrators to manage objects:
- Menu bar: Contains the File, Actions, View and Help menus
- Toolbar: Contains buttons to perform quick actions, such as create a new user or group and show/hide the Directory and Action panes
- Directory (Console Tree) pane: Shows the hierarchy of the domain you are connected with, as well as a list of the available containers and OUs
- Objects Pane: Show the objects and their attributes; you can edit the columns using the View menu
- Actions Pane: Shows the details of the selected object and offers a More Actions option
ADUC advanced settings
By default, ADUC shows some OUs and other containers. To work on other containers, click on the View menu and click Advanced Features.
Then you will see additional properties. Below, you can compare the tabs available in the normal view (on the left) with those in the advanced view (on the right):
How to use Active Directory Users and Computers (ADUC)
Create an organizational unit (OU)
Follow these steps to create an organizational unit:
- Right-click the domain or the OU under which you want to create the desired OU; then click New > Organizational Unit.
- Type a name for the new OU in the Name field, and specify whether to protect the OU from accidental deletion. Click OK to create the organizational unit.
Add a user account
- Select the domain where you want to add the user, and then expand its contents.
- Right-click the container you want to add a user to (usually Users), select New and then click User.
- Type the new user’s first name, last name and logon name. Then click Next.
- Type and confirm a new password for the user. Make sure you enable one of the following options to control how the user must manage their password:
- User must change password at next logon
- User cannot change password
- Password never expires
- Account is disabled
Click Next.
- Make sure everything you entered is correct and then click Finish.
Enable and disable user accounts
You can easily disable or enable a user account using the context menu in ADUC.
To enable a user account:
- Right-click a disabled user and click Enable Account.
To disable a user account:
- Right-click the user object you want to disable and click Disable Account.
Create a group object
Follow these steps to create a group using ADUC:
- Right-click the domain or the OU under which you want to create the new group.
- Specify the following:
- A name and a pre-Windows 2000 name for the group
- The group type: distribution or security
- The group scope: domain local, global or universal
- Click OK to create the group.
Add a user to a group
- Right-click the domain in which you want to add a user to a group and then select Find.
- Select Users, Contacts, and Groups in the Find dropdown list.
- Enter the name of the group you want to add the user to, click Find Now, select the desired group in the search results and click OK.
- Go to Action > Properties and click the Members tab. click Add.
- Type the name of the user you want to add and click Check Names. (Alternatively, you can use the Advanced button to search for the users one by one. If you specify multiple users, separate their names using semicolons.) Then click OK to confirm the addition.
Remove a user from a group
- Right-click the domain from which you want to remove the user and select Find.
- Select Users, Contacts, and Groups in the Find dropdown list.
- Enter the name of the group you want to remove the user from and click Find Now.
- Right-click the desired group and select Properties.
- Go to the Members tab, highlight the user and click Remove.
Reset a user’s password
- Navigate to the Users folder of the user’s domain.
- Right-click the user’s name, choose All Tasks and select Reset Password.
- Type a new password, type it again in the Confirm password box, and then click OK.
Move a user to another OU
- Right-click Active Directory Users and Computers and select Connect to Domain.
- Enter the name of the user’s domain and click OK.
- Right-click the user and select Move.
- Choose the container you want to move the user to and then click OK.
Change a user’s data
- Right-click Active Directory Users and Computers and select Connect to Domain.
- Enter the name of the user’s domain and click OK.
- Right-click the user and select Properties.
- Navigate to the tab containing the data you want to change, make your edits, and click OK.
Change a group’s type and scope
To change a group’s type or scope, take these steps:
- Right-click the desired group and select Properties.
- On the General tab, specify the new group type and/or scope. Then click OK.
Find objects in the directory
ADUC provides a powerful search for finding objects in the entire directory. You can find users, contacts, groups and OUs using the Find dialog box:
- Right click either the domain or an OU and click Find.
- In the Find dialog box, specify the following:
- In the Find drop-down, select Users, Contacts, and Groups.
- Using the In drop-down, select where to search: either a domain or the entire directory.
- To narrow your search, use the Browse button to select a particular OU.
- In the Name field, type the first or full name of the user or the name of the group you want to find.
Click Find Now.
- Review the search results. You can double-click an object to view its properties.
Delegate control to users
Using the Active Directory Delegation wizard, you can enable a user or group to perform specific tasks, such as creating user objects or managing specific domain controllers.
Take the following steps to delegate permissions to a specific user:
- Right-click the domain or the OU where you want to assign permissions to an object. Click Delegate Control to launch the Delegation of Control wizard.
- The Welcome page describes what you can do with this wizard. Click Next.
- On the next page, click Add to search for the user or group object you want to apply permissions on.
- Type the name of the user or group you want to delegate to, and click Check Names. From the list of matching objects, select the desired user and click OK.
- You will now see the object in the Selected users and groups field. Click Next.
- On the next page, select the Delegate the following common tasks radio button and click one or more of the checkboxes underneath it. Click Next.
- Select the scope of the delegation:
- Choosing This folder, existing objects in this folder, and creation of new objects in this folder will grant all the permissions to the object on the selected folder or OU.
- Selecting Only the following objects in the folder enables you to delegate permissions to only the objects in the folder that you specify.
Click Next.
- Select the permissions you want to delegate and click Next.
- Review your changes and click Finish.
Create and save queries
You can build complex LDAP queries using the Saved Queries feature in the ADUC console. You can save these queries and use them to:
- Quickly find AD objects.
- Swiftly complete routine AD object management activities, like selecting all employees of a company with mailboxes on a specific Exchange server or displaying a list of all disabled accounts in a domain.
- Perform activities with objects from different Active Directory OUs.
- Perform bulk lock/unlock, enable/disable, move, remove and rename activities.
- Bypass Active Directory’s OU hierarchy and gather all the required objects in a flat table view.
Take the following steps to create a query for an operation:
- Right-click the domain or OU where you want to perform the search operation and select New -> Query.
- Provide a name and description for the query. (If you want to select a different OU, click Browse.) Then open another dialog box for defining the query by clicking Define Query.
- Use the Find drop-down to select a common query, such as:
- Users, Contacts, and Groups
- Computers
- Printers
- Shared Folders
- Organizational Units
- Custom Search
- Common Queries
- Use the Users, Computers or Groups tab to define your query. Under the Users tab, for instance, you get options for limiting your query by:
- Disabled accounts
- Non-expiring passwords
- Days since the user last logged on to the domain
Click OK to create your query.
The context menu in ADUC appears when you click an object or click in the middle pane in an empty space. This menu displays common commands and options for the type of object you selected. Here are examples of the context menu for different types of objects:
Domain
OU
User
Group
Computer
Contact
How Netwrix can help
While ADUC can be a valuable tool for admins, it can be difficult for helpdesk technicians and business users to access, let alone use. Netwrix Directory Manager enables you to easily create web-based portals that make it easy to perform tasks like creating and editing groups and users, without any assistance from an administrator.
You can control what each user can view and change based on their role. To ensure data integrity, you can define workflows to verify supplied information before changes are applied.
FAQs about ADUC
What is Active Directory Users and Computers (ADUC)?
ADUC is a Microsoft Management Console (MMC) snap-in that enables administrators to manage Active Directory objects and their attributes. For example, they can:
- Change passwords.
- Reset user accounts.
- Add users to security groups.
- Create and delete organizational units (OUs).
- Handle FSMO roles like RID master, PDC Emulator and infrastructure master.
- Create and manage computers, groups and users and their attributes.
- Delegate control of objects.
- Define advanced security and auditing in AD.
You can find more information about Active Directory basics in our AD tutorial for beginners.
How do I get Active Directory Users and Computers on Windows 10?
In Windows 10 version 1809 or higher, you can enable ADUC by going to Settings > Apps and Features > Optional features > Add a feature. In older versions of Windows, to get ADUC, you need to download and install the Remote Server Administration Tools (RSAT) package manually.
What is Remote Server Administration Tools?
The Remote Server Administration Tool enables you to remotely manage Windows Server services and features from a Windows computer. It has a busload of tools, including ADUC, Active Directory Module for Windows PowerShell and Active Directory Administrative Center (ADAC).
How do I install RSAT on Windows 10?
Starting with the October 2018 update to Windows 10, RSAT is included as a set of “Features on Demand,” so you don’t need to install it. You simply need to enable the specific RSAT tools you require by going to Settings > Apps and Features > Optional features > Add a feature.
If you’re using an earlier version of Windows, you need to manually download and install RSAT.
How to open Active Directory Users and Computers console?
To start the ADUC console, do one the following:
- Go to Start > Click Run > Type dsa. msc > Hit Enter.
- Click Start > Navigate to Administrative Tools > Click Active Directory Users and Computers.
Since 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put Netwrix GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.
To install Active Directory Users and Computers (ADUC) on Windows 10, you’ll need to enable certain features, download required tools, and set up the necessary components to manage AD users and computers. This guide will provide a step-by-step tutorial on how to get ADUC up and running on your Windows 10 machine with ease. By the end, you’ll be fully equipped to manage user accounts, groups, and computers within a Windows domain.
Installing AD Users and Computers on your Windows 10 computer will allow you to manage users, groups, and computers within a Windows domain environment. This section will guide you through the process step by step.
Step 1: Ensure Your Windows 10 Version Supports ADUC
Make sure your version of Windows 10 is either Professional, Enterprise, or Education, as these versions support the installation of ADUC.
If you’re using a Windows 10 Home edition, you won’t be able to install ADUC since it lacks the necessary features. Consider upgrading your version if needed.
Step 2: Open the Control Panel
Access the Control Panel by typing “Control Panel” into the search bar and clicking on the application to open it.
The Control Panel is your gateway to managing various system settings, including enabling or disabling Windows features.
Step 3: Navigate to Programs and Features
Within the Control Panel, find and click on “Programs,” then choose “Programs and Features.”
In this section, you can manage installed programs and features, including adding Windows features like ADUC.
Step 4: Turn Windows Features On or Off
Click on “Turn Windows features on or off,” which will open a list of Windows features you can enable or disable.
This list contains optional features that you can turn on, including the RSAT (Remote Server Administration Tools), which contains ADUC.
Step 5: Enable RSAT: Active Directory Domain Services and Lightweight Directory Tools
Scroll down to find “RSAT: Active Directory Domain Services and Lightweight Directory Tools” and check the box next to it.
By enabling this feature, you are allowing the installation of the tools needed to manage Active Directory, including ADUC.
Step 6: Apply Changes and Restart
Click “OK” to apply the changes. Your computer may prompt you to restart to complete the installation.
Restarting your computer ensures that all necessary components are correctly installed and configured.
Once you’ve completed these steps, AD Users and Computers will be available in your Administrative Tools. You can now manage your domain’s users and computers effectively from your Windows 10 computer.
Tips for Installing AD Users and Computers on Windows 10
- Ensure your Windows 10 edition is compatible with RSAT before attempting the installation.
- Keep your system updated to avoid compatibility issues with newer RSAT features.
- If you struggle with enabling features via the Control Panel, consider using PowerShell for automation.
- Familiarize yourself with ADUC’s interface to quickly navigate its functionalities.
- Regularly back up your system before making significant changes, such as installing new features.
Frequently Asked Questions
What is Active Directory Users and Computers?
Active Directory Users and Computers (ADUC) is a Microsoft Management Console (MMC) that allows administrators to manage directory objects, including users, computers, and organizational units, within a Windows domain.
Can I install ADUC on Windows 10 Home?
No, Windows 10 Home does not support the installation of ADUC. Only Windows 10 Professional, Enterprise, and Education editions support this feature.
Why can’t I find the RSAT option in Windows Features?
If you can’t find RSAT in Windows Features, ensure your Windows is updated. Also, double-check that you are using a compatible edition of Windows 10.
How do I access ADUC after installation?
After installation, you can access ADUC by going to the Start menu, selecting Windows Administrative Tools, and then clicking on Active Directory Users and Computers.
Is ADUC available on Windows 11?
Yes, ADUC is available on Windows 11, but just like Windows 10, it requires enabling through the RSAT tools on compatible editions.
Summary
- Verify Windows 10 version compatibility.
- Open Control Panel.
- Go to Programs and Features.
- Turn Windows features on or off.
- Enable RSAT.
- Apply changes and restart.
Conclusion
Managing a Windows domain might sound like trying to solve a complex puzzle. However, with the right tools, like Active Directory Users and Computers on Windows 10, it becomes as simple as assembling a LEGO set. Once you know how to install AD Users and Computers, you unlock a world of efficient user and computer management. This setup not only saves time but also streamlines administrative tasks in your network environment. Remember, the key to mastering any tool is practice and exploration. So, dive into ADUC, explore its functionalities, and become the administrator your network deserves. For further reading, consider exploring Microsoft’s comprehensive documentation on Active Directory or join community forums to connect with other IT enthusiasts. Your journey into the vast world of network management is just beginning, and with ADUC, you’ve taken a significant first step. Happy administrating!
Matt Jacobs has been working as an IT consultant for small businesses since receiving his Master’s degree in 2003. While he still does some consulting work, his primary focus now is on creating technology support content for SupportYourTech.com.
His work can be found on many websites and focuses on topics such as Microsoft Office, Apple devices, Android devices, Photoshop, and more.