Active Directory Users and Computers – Part I

Active Directory Users and Computers (ADUC) is a common tool used by administrators to carry out daily tasks and much more in Active Directory. Not only does it administer and publish information in the directory, it also provides an object-centric view of the domain in the Active Directory environment.

Some of the tasks an administrator can perform with the help of this MMC snap-in are listed below:

  • Create and manage Active Directory objects, such as users, computers, groups, and contacts, along with their attributes.
  • Create OUs, move users and computers in and around them, and delete OUs
  • Delegate permissions to users to manage Group Policy
  • Define advanced security and auditing in AD
  • Deal with FSMO roles such as RID master, PDC Emulator and Infrastructure master
  • Raise domain functional level
  • Advanced feature settings that help to manage the LostAndFound container, NTDS Quotas, Program Data, and System information

Opening Active Directory Users and Computers

The following are some ways to open Active Directory Users and Computers on a DC:

Method 1: Through RUN command

  • Go to Start → RUN.
  • Type dsa.msc and hit ENTER.

Method 2: From the Start menu

  • Go to Start → Administrative Tools → Active Directory Users and Computers.

Method 3: From Control Panel

  • Go to Start → Control Panel.
  • Click System and Security and select Administrative Tools. From the list of available tools, double click Active Directory Users and Computers.

Creating, Managing and Deleting Objects in ADUC

Creating a new user account

  • In the left pane of ADUC, right click the folder where the user account is to be created.
  • Click New and then click User.
  • Type in the details such as First name, User logon name, etc. and click Next.
  • Enter the user’s password and confirm it in the appropriate fields. Check the required password options

Enabling or disabling a user account  

  • In the left pane of ADUC, expand the folder containing the user account to be enabled/disabled.
  • Right click the user account and click Enable or Disable to enable/disable the user account.

 Resetting a user account password

  • In the left pane of ADUC, expand the folder containing the user account whose password is to be reset.
  • Right click Reset password.
  • Type and confirm the password in the appropriate fields. Select other password related options if needed.

Creating a new group account

  • In the left pane of ADUC, right click the folder where the group account is to be created.
  • Click New and then click Group.
  • Type in a suitable name for the group. For group scope, select one among domain local, global, and universal. For group type, select either security or distribution.
  • Click Apply and OK.

Adding a member to a group

  • In the left pane of ADUC, right click the folder containing the group account to which you want to add a member.
  • Right click the group and click Properties.
  • Click the Members tab and then click Add.
  • Type in the name of the objects you want to add to the group.
  • Click OK.

Changing the group type or group scope

  • In the left pane of ADUC, right click the folder containing the group whose type or scope is to be modified.
  • Right click the group and click Properties.
  • Select the required scope or type for the group.
  • Click Apply and OK.

Creating a new computer account

  • In the left pane of ADUC, right click the folder where the computer account is to be created.
  • Click New and then click Computer.
  • Type in a suitable name for the computer.

Resetting a computer account 

  • In the left pane of ADUC, right click the folder where the computer account is to be created.
  • Click New and then click Computer.
  • Type in a suitable name for the computer.

Creating a new organizational unit (OU)

  • In the left pane of ADUC, right click the domain name.
  • Click New and then click Organizational Unit.
  • Type in a suitable name for the OU.

Deleting a users, computers, and OUs

  • In the left pane of ADUC, right click the folder where the object is located.
  • Right-click and select Delete.

 

In part II <link> of Active Directory Users and Computers, we will look at some advanced settings available within ADUC that will come in handy for an administrator managing users, computers, and other objects in Active Directory.

Comments

comments

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 4.80 out of 5)