What is ADUC?
Microsoft Management Console (MMC) is a framework that hosts snap-ins. Snap-ins are dedicated consoles that help manage various facets of Active Directory. Some common snap-ins include Active Directory Users and Computers (ADUC), Group Policy Management Console (GPMC), and Active Directory Domains and Trusts. The ADUC console is dedicated to managing AD objects like users, computers, groups, contacts, and organizational units (OUs), as well as their respective attributes. The functionalities of ADUC extend to querying the list of AD objects based on specific attributes and conditions as well. ADUC helps administrators maintain a well-organized and secure AD environment.
ADUC functions
- Create and manage AD objects like users, computers, groups, and contacts, along with their attributes.
- Create and manage OUs.
- Modify the attributes of AD objects.
- Manage group policies and change domain controllers.
- Manage the domain-wide FSMO roles, namely RID Master, PDC Emulator, and Infrastructure Master.
- Search for objects within the AD database.
Tip:ADUC is sufficient when it comes to creating one or two user objects, but when you need to create objects in bulk, you have to resort to scripting. ADManager Plus can help you create and manage AD objects in bulk using CSV import and templates, eliminating the need for scripting.
How to install Active Directory Users and Computers for Windows 10 versions 1809 and above
- Go to the Start Menu.
- Navigate to Settings > Apps > Optional Features > Add Feature.
- From the list, select RSAT: Active Directory Domain Services and Lightweight Directory Tools.
- Click Install.
How to install Active Directory Users and Computers for Windows 10 versions 1803 and older
- Download and install the version of Remote Server Administrator Tools suited to your version of Windows from here.
- Go to the Start Menu.
- Navigate to Control Panel > Programs > Programs and Features > Turn Windows Features On or Off.
- In the list, expand Remote Server Administration Tools and select Role Administration Tools. Select AD DS and AD LDS Tools, then click OK.
To check if it is installed and functional
- 1Go to the Start Menu.
- 2Search for Windows Administrative Tools and select it.
- 3You should be able to find the Active Directory Users and Computers console in the Windows administrative tools list.
Installation troubleshooting
- Ensure that you've met the system requirements mentioned here.
- Ensure that your download installer matches your Windows version.
- Enable the Windows firewall since RSAT uses the Windows update back end and requires it to be enabled.
- In case the installed version is missing tools and tabs, uninstall it and reinstall.
|
|
As much as ADUC is indeed a step up from PowerShell scripting, it is only efficient for handling basic AD management tasks. Read this white paper to learn how to use ADUC and discover why ADManager Plus is a better tool for managing your AD. |
ADUC limitations
- ADUC does not support bulk user operations, such as creating, modifying, or deleting multiple users at once, which can be time consuming for administrators.
- ADUC does not provide advanced reporting capabilities, requiring administrators to rely on PowerShell scripts or third-party tools for comprehensive reports.
- ADUC does not support automation. Automating tasks like user provisioning or deprovisioning requires additional scripting or tools.
- ADUC offers limited delegation options and does not provide fine-grained role-based access control.
Create users with ADUC
-
Launch the Active Directory Users and Computers console.
-
From the left pane, right-click the container or OU where you want the user account to be created.
-
Select New, then click User. Type in the user account details, such as first name and user logon name, and click Next.
Note:
You can create other AD objects, like OUs, contacts, or computers, by selecting those objects instead of users in this step.
-
Enter a strong password and check the suitable boxes to configure other password settings, like password expiration and whether the password must be changed at next logon. Click Next.
-
Check the summary of the user account details and click Finish.
Change the attributes of AD objects using ADUC
-
Launch the Active Directory Users and Computers console.
-
On the left pane, expand the domain tree and right-click the user account who?s attributes you need to modify.
-
Select Properties, then click the Attribute Editor tab.
-
You can now edit the attributes you want.
Note:
If you want to enable advanced features, click the View button in the toolbar and select Advanced Features. This can help you edit features like department and title.
Add a user account to an AD group with ADUC
-
Launch the Active Directory Users and Computers console.
-
From the left pane, expand the domain tree and select the group you want to add the user to.
-
Right-click the group name, then select Properties.
-
Click the Members tab and select Add.
-
Enter the name of the users you wish to add to the group.
-
Click OK.
Find the SID for a user or group object with ADUC
-
Launch the Active Directory Users and Computers console.
-
Click View on the toolbar and select Advanced Features.
-
From the left pane, expand the domain tree and right-click the user who?s SID you?d like to find, then select Properties.
-
Select the Attribute Editor tab.
-
Scroll down to the ObjectSID attribute to view the attribute value.
Clean up inactive users in AD with ADUC
-
Launch the Active Directory Users and Computers console.
-
From the left pane, right-click Saved Queries.
-
Select New, then choose Query.
-
Enter a suitable Name and Description for the query.
-
Select Define Query.
-
In the Find Common Queries window that opens, select Common queries in the Find drop-down menu.
-
In the Days since last logon section, enter 30 to list users who have been inactive for 30 days.
-
Click OK.
-
Select the inactive users you wish to disable from the query result. Right-click the selected users, then select All Tasks > Disable Users.
