What are Active Directory Users and Computers?
Active Directory Users and Computers is a Microsoft Management Console (MMC) snap-in that is used to manage and administer Active Directory. It is commonly abbreviated as ADUC and is one of the many tools that are available for this purpose. However, it is one of the most popular tools that are used by administrators to perform everyday tasks and routines in the Active Directory environment. This is due to the fact that it is a graphical tool, which makes it easy for use. Some of these tasks include creating user accounts, resetting passwords, adding and moving objects and other advanced tasks.
What can administrators do with Active Directory Users and Computers?
As mentioned previously, Active Directory Users and Computers helps administrators manage and perform everyday tasks and routines such as managing objects (for example: users, computers, groups, organizational units), creating and adding users to groups, resetting passwords and managing domain controllers to name a few.
More specifically, an administrator can perform the following tasks using the ADUC console.
· Create Active Directory objects such as users, computers, groups, organizational units (OU) and attributes, and manage them
· Move objects such as users and computers into and out of organizational units and groups
· Reset passwords for user accounts
· Add users to security groups and manage Group Policy by delegating permissions
· Manage domain operations such as raising the domain functional level and transferring the FSMO roles to a different domain controller
· Manage the LostAndFound container, NTDS Quotas, Program Data and System Information by means of Advanced Features.
Active Directory Users and Computers is installed by default on an Active Directory Domain Controller. To use ADUC, the Remote Server Administration Tool (RSAT) needs to be installed. It includes Active Directory Users and Computers, several command line tools and PowerShell modules. This allows administrators to manage Windows servers and computers remotely from a Windows machine. Installation of RSAT differs for different versions of Windows.
What is RSAT?
The Remote Server Administration Tool (RSAT) is an application that allows IT administrators to manage users on a Windows Server network remotely. Administrators can manage roles and functions using Server Manager, MMC snap-ins, command line tools and PowerShell modules.
For Windows 10 version 1809 and later
1. From the Start menu, select Settings–>Apps.
2. In the Apps subsection, select the Manage Optional Features option and select Add Feature.
3. Select RSAT: Active Directory Domain Services and Lightweight Directory Tools.
4. Click on Install.
5. A new option called Windows Administrative Tools is available in the menu.
For Windows 10 version 1803 and older
1. From the Start menu, open the Control Panel.
2. In the Control Panel, select Programs–>Programs and Features–> Turn Windows feature on or off.
3. From the list, select Remote Server Administration Tools–>Role Administration Tools –>AD DS–>AD LDS Tools.
4. Select AD DS Tools and click OK.
5. After the installation, ADUC is present in the Administrative Tools folder in the Start menu.
For older versions of Windows
For older versions of Windows, the proper RSAT package can be downloaded. From the Control Panel, the Add Windows Features can be selected for adding the required MMC snap-ins such as Active Directory Users and Computers.
Installing ADUC using Command Line
ADUC can also be installed from the command line using the following steps.
1. Select Start, type “cmd” and press Enter.
2. The next step is to run the following commands.
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns
Troubleshooting and fixing RSAT errors
There are many issues that may occur during the installation of RSAT. These include failed updates, incompatibility with the operating system or an installation file that is corrupt. The following steps help prevent and troubleshoot errors while installing RSAT.
· Ensure that the RSAT version is compatible with the version of Windows on your machine, as there are different versions available for each Windows version. Setting up a new version that is compatible helps resolve the issues in most cases.
· Check whether Windows Firewall is enabled.
· In case of missing tabs, uninstall and reinstall RSAT.
ADUC Use Cases
A. Creating a new user account
To add a new user to a domain, follow these steps as given below.
1. Select Active Directory Users and Computers from the Tools menu in Server Manager.
2. In the left pane of ADUC, click the Users container.
3. In the right pane, right click the folder where the account needs to be created and select NewàUser.
4. The New Object- User dialog box appears. Enter the required details such as First name, Last name and User logon name. Click Next.
5. Set a password and click Next. Verify the details and click Finish.
B. Resetting password for a user account
In certain cases the user may have forgotten their password and the administrator may need to reset the password. This might also be done for certain security reasons.
1. In the left pane of ADUC, select the folder which contains the account for which the password needs to be reset.
2. Right click and select the Reset password option.
3. Set a new password and confirm the same.
C. Delegating Control
To manage specific domains in the network, control can be delegated to more than one administrator in the domain. This can be done by following the steps given below.
1. Select Active Directory Users and Computers as an admin.
2. Right click the required domain and select the Delegate Control option.
3. Click through the given options until you reach the Delegation of Control Wizard screen.
4. Add the user to whom the control is to be delegated.
5. Select the user and click Next.
6. Select the tasks to be delegated to the chosen user.
7. Verify the details and select Finish.
What are some other RSAT tools for managing Active Directory?
Besides ADUC, there are other RSAT tools that are used to manage Active Directory. They are:
· Active Directory Administrative Center
· Active Directory Domains and Trusts
· Active Directory Sites and Services
· Active Directory Module for Windows PowerShell