What is Active Directory Users and Computers (ADUC)?
The Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) snap-in is one of the main tools used for managing Active Directory domains. The ADUC snap-in is used to perform typical domain administration tasks and manage users, groups, computers, and Organizational Units in the Active Directory domain.
Basic Functionalities of Active Directory Users and Computers (ADUC):
- Reset user accounts
- Add users to security groups
- Create and delete organizational units (OUs)
- Change passwords
- Create and manage computers, groups and users together with their attributes
- Assign FSMO roles like RID Master, PDC Emulator and Infrastructure Master to domain controllers
- Delegate control of objects
- Define advanced security and auditing in Active Directory
How to Enable AD Users and Computers
Please note: Active Directory domain controllers (DCs) will have ADUC installed by default.
To manage servers and other computers remotely, Remote Server Administration Tools (RSAT) for Windows, which includes ADUC, will need to be installed. Note that RSAT can only be installed on computers that are running either the Professional or Enterprise versions of Windows.
RSAT enables administrators to run snap-ins and tools to control features, roles and role services on a remote server or other computer. RSAT comes bundled with the operating system starting with Windows Server 2008 R2. For earlier versions of Windows Server, as well as Windows 7 and Windows 8, RSAT is available as a package for download with installation instructions.
The remote administration tools included in the RSAT package include the following:
- Active Directory Users and Computers (ADUC) – widely used by system administrators to create and manage Active Directory objects
- Active Directory Administrative Center – used to manage the AD trash can and password policies and to display PowerShell history
- Active Directory Module for Windows PowerShell – provides PowerShell cmdlets for administering AD
- Active Directory Domains and Trusts – allows you to manage functional level, forest functional level and user principal names (UPNs), as well as trusts between forests and domains
- Active Directory Sites and Services – lets you view and manage your sites and services
- ADSI Edit – provides some functionality for managing AD objects, though most experts recommend using ADUC
How to Install ADUC on a Windows Member Server
To install ADUC, use the wizard in Server Manager, a management tool included with Windows Server. The steps to run the wizard are as follows:
- Launch Server Manager in one of the following ways:
- Click the Server Manager icon on the taskbar:
or
- Click the Windows Start button and enter Server Manager in the search box. Then click the Server Manager icon
- Click the Server Manager icon on the taskbar:
- To open the Wizard, click Add roles and features from the Manage menu
- The first page explains what the Wizard can do together with the prerequisites. Click Next to continue.
- Here, select Role-based or feature-based installation and click Next
- Select either a server from the server pool or a virtual hard disk. Click Next
- The next page lists the roles you could install. We can skip this and click Next
- On the next page, select Remote Server Administration Tools and AD DS and AD LDS Tools, which will automatically select the other Active Directory management tools. Click Next
- The next page displays a summary of the tools being installed. Select the Restart the destination server automatically if required checkbox because some of the roles and features require a server restart
- Click Install to start the installation
- On the next page, you can view the installation progress. Click Close at any time to close the wizard. The installation will continue as a running task
- After the installation is complete, open Server Manager and click the Tools menu to see the installed tools. The following screenshot shows Active Directory Users and Computers along with other management tools
Installing ADUC for Windows 10 Version 1809 and Above
- Click the Start menu and then click Settings, Apps
- Click Optional Features and then click Add a feature
- Click RSAT: Active Directory Domain Services and Lightweight Directory Services Tools
- Click Install
When the installation is complete, you will see a new item in the Start menu under Windows Administrative Tools.
Install ADUC using the command line
Alternatively, if you’re using Windows 10 version 1809 or later, you can install ADUC from the command line as follows:
- Click Start, type cmd and press Enter
- Run the following commands:
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIn
Installing ADUC for Windows 8 and Windows 10 Version 1803 and Below
- Download Remote Server Administrator Tools for Windows 10 version 1803 and below from the Microsoft Download Center and install it.
- From the Windows Start menu, click Control Panel, Programs.
- From Programs and Features, click Turn Windows features on or off.
- Scroll down in the list of features and expand Role Administration Tools, AD DS and AD LDS Tools. Check the AD DS Tools box and click OK.
- Once the system has installed the tools, click Restart now.
- When the installation is complete, the folder Windows Administrative Tools will appear in the Start menu, and ADUC will be in this folder.
How Lepide can Help with Active Directory Auditing
Lepide Auditor for Active Directory provides a scalable way of auditing changes made to configurations and permissions. The Lepide Solution provides answers to the important “who, what, where, and when” Active Directory auditing questions to help you bolster security, speed up investigations, mitigate the risks of privilege abuse and meet compliance requirements.
If you’d like to see how the Lepide Data Security Platform can audit Active Directory, schedule a demo with one of our engineers today.