Active Directory Users and Computers (ADUC)

IT administrators have been working with and around Active Directory since the introduction of the technology in Windows 2000 Server. Windows 2000 Server was released on February 17, 2000 but many administrators began working with Active Directory in late 1999 when it was released to manufacturing (RTM) on December 15, 1999.

There are numerous tools for Active Directory. The tool that we will cover today is Active Directory Users and Computers (ADUC), which was released with Windows 2000 Server.

What is ADUC?

ADUC is an MMC snap-in that enables administrators to manage Active Directory objects, including users, computers, groups, organizational units (OUs), and attributes. While the features of ADUC and many other features have been added to a new tool named Active Directory Administrative Center, ADUC remains a popular tool that administrator’s use to manage their environment.

In addition to managing objects, ADUC can also manage domain operations. For example, you can raise the domain functional level from ADUC. You can also transfer the RID, PDC Emulator, and Infrastructure FSMO roles to a different domain controller by using ADUC.

Managing an object consists of some of the more obvious tasks such as resetting a user’s password (Netwrix has a freeware for bulk password reset), adding users to security groups, and moving computer objects. However, the Advanced Features setting within ADUC can also allow you to manage the LostAndFound container, NTDS Quotas, Program Data, and System information. This view is not enabled by default but you can enable through the View menu.

The Advanced Features option adds many tabs to the properties page of an object, including Published Certificates, Attribute Editor, Password Replication, and others. The View menu also allows you to filter the view based on the object type, such as user, computer, printer and more. Individual columns can also be added or removed, to customize the view to include other attributes that have been assigned to the object, for example the last modify date, city, country, email address, and more.

Finally, ADUC also enables you to delegate control of objects through the Delegation of Control wizard or by manually modifying permissions on an object.

More information about Active Directory basisc you will find in our AD tutorial for beginners.