NIST's guidance for a Zero Trust Architecture

Active Directory FundamentalsRecent Posts

Active Directory Users and Computers – Part II

In part I  of Active Directory Users and Computers, we introduced the Active Directory Users and Computers (ADUC) snap-in. We also saw a list of tasks an administrator can perform from the ADUC console and described how to perform a few basic tasks. In this part, we will look at some advanced tasks that will come in handy for an administrator managing users, computers, and other objects in Active Directory.

Advanced Settings in ADUC

As hinted earlier, there are advanced settings available within ADUC that allow administrators to work with complex settings and containers that are otherwise not visible in the console.

To enable advanced features do the following:

  • In the ADUC console, click View and enable Advanced Features.

The advanced settings are now enabled.

Viewing User and Computer Attributes

  • In the left pane of ADUC, right click the object whose attributes you want to see.
  • Click Properties and then click the Attribute Editor tab. A list all the attributes pertaining to the object can be viewed.

Note that the advanced features must be enabled for performing this action.

Protecting Objects from Accidental Deletion

This action denies the permission to delete the object and attempting to do so displays an error message.

The following steps illustrate how to protect AD objects from accidental deletion:

  • In the left pane of ADUC, right click the object that is to be protected from accidental deletion, and click Properties.
  • Select the Object tab, and check the Protect object from accidental deletion option.

Searching for Objects

Objects in AD can be located using the Find dialog box in the ADUC console. The following steps illustrate how to perform the search:

  • In the left pane of ADUC, right click the container object where the search is to be made.
  • Select Find from the shortcut menu.
  • In the Find Users, Contacts and Groups dialog box that appears, specify the object type that is to be searched, and also the container where the search is to be carried out.
  • To streamline the search, click on the Advanced tab.
  • In the dialog box that appears, select the attribute search in the field list box. To further refine the search, use the conditions drop-down list. Specify a value for the conditional search in the value box. You may use the add button to include more conditions.
  • Click Find Now to display the search results.

An alternate method to search for objects is using the DSquery command line tool. To learn how, click here.

Creating a Saved Query

Saved Queries in ADUC allows administrators to access and audit information in AD and filter just those objects which meet a certain criteria.

The following steps illustrate how to create a Saved Query:

  • In the left pane of ADUC, right click Saved Queries and click New followed by Query.
  • Type in a suitable name for the saved query and click Define Query.
  • Select the required object tab and define the variables of your query.
  • Click OK to save the query

This will list only those accounts that fulfil the criteria specified in the query.

Related posts
Active Directory Fundamentals

The OSI model: What it is and how you can use it

Active Directory Fundamentals

Managing shared resources

Active Directory Fundamentals

Integrating AD with LDAP

Active Directory Fundamentals

Migrating AD from Windows Server 2003 to Windows Server 2016