Originally published January, 2017 and updated October, 2019
IT administrators have been working with Active Directory since the introduction of the technology in Windows 2000 Server. Windows 2000 Server was released on February 17, 2000, but many administrators began working with Active Directory earlier, when it was released to manufacturing (RTM) on December 15, 1999.
There are numerous tools for Active Directory. The tool that we will cover today is Active Directory Users and Computers (ADUC), which was released with Windows 2000 Server.
What is Active Directory Users and Computers (ADUC)?
ADUC is a Microsoft Management Console (MMC) snap-in that enables administrators to manage Active Directory objects, including users, computers, groups, organizational units (OUs) and attributes. While the features of ADUC (along with many other features) were included in a new tool named Active Directory Administrative Center, ADUC remains a popular tool that administrators use to manage their environments.
Managing an object includes obvious tasks like resetting user passwords (Netwrix has a freeware tool for bulk password reset), adding users to security groups, and moving computer objects. However, the Advanced Features setting in ADUC also enables you to manage the LostAndFound container, NTDS Quotas, Program Data and System information. This view is not enabled by default but you can enable through the View menu.
The Advanced Features option adds many tabs to the properties page of an object, including Published Certificates, Attribute Editor and Password Replication. The View menu enables you to filter the view based on object type (user, computer, printer, etc.). Individual columns can also be added or removed to customize the view to include other attributes that have been assigned to the object, such as its last-modified date, city, country and email address.
In addition to managing objects, ADUC can also manage domain operations. For example, you can use ADUC to raise the domain functional level or to transfer the RID, PDC Emulator, and Infrastructure FSMO roles to a different domain controller.
Finally, ADUC also enables you to delegate control of objects through the Delegation of Control wizard or by manually modifying permissions on an object.
You can find more information about Active Directory basics in our AD tutorial for beginners.
Installing Active Directory Users and Computers on a PC
Your Active Directory domain controller will have ADUC pre-installed. To manage your remote servers and computers, you can use Microsoft Remote Server Administration Tools (RSAT) for Windows. RSAT includes Active Directory Users and Computers and enables administrators to remotely manage Windows servers and desktops in their AD from a Windows machine.
How you enable this snap-in depends on your version of Windows 10, as detailed below. Note that Remote Server Administration Tools for Windows 10 can be installed only on computers that are running the full release of Windows 10 Professional, Windows 10 Enterprise or Windows 10 Education versions.
After installation in Windows 10, the RSAT features will be available in the Administrative Tools subsection of the Start menu. You can also find ADUC by clicking Start and typing “active directory” or “users and computers”.
Installing ADUC on Windows 10 version 1809 or higher
As of Windows 10 1809, RSAT is available in Windows features. To turn these features on, take the following steps:
- Open Settings from the Start menu (or press Win-I on the keyboard).
- Open the Apps subsection > Click Manage optional features at the top of the page > Click the Add a feature
- Check the RSAT: Active Directory Domain Services and Lightweight Directory Tools box and click Install.
Installing ADUC on Windows 10 version 1803 or below
- Open the Control Panel from the Start menu (or by pressing Win-X on the keyboard).
- Go to Programs > Programs and Features > Turn Windows features on or off.
- Go to Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
- Check the AD DS Tools box and click OK.
Installing ADUC using the command line
Alternatively, you can install ADUC from the command line, as follows:
- Click Start (or press Win+R) > Type “cmd” > Press Enter.
- Run following commands:
dism /online /enable-feature /featurename:RSATClient-Roles-AD dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns
Installing ADUC on older versions of Windows
If you have an older version of Windows, you can download the appropriate RSAT package and then use Add Windows features in the Control Panel to add the necessary MMC snap-ins.
Fixing RSAT errors in Windows 10
RSAT could crash on Windows 10 for a several reasons, including a failed update, a corrupt installation file or operating system incompatibility. In addition, issues can occur if a server administrator attempts to modify any of its administration tools (ADAC, ADCS or IPMA). The most frequent cause of crashes is the Active Directory Administrative Center (ADAC) component of the RSAT.
Take these steps to troubleshoot errors:
- Check RSAT compatibility. There are different RSAT versions for different operating system versions; ensure your RSAT version is compatible. In some cases, completely uninstalling the previous version and setting up a new compatible version resolves the crash issues.
- If you get RSAT installation error 0x800f0954:
- Right-click the Start button > Choose Run > Type msc > Click OK.
- In the local group policy editor, navigate to Computer Configuration > Administrative Templates > System.
- Right-click “Specify settings for optional component installation and component repair” policy > Set it to Enabled > Check the box “Download repair content and optional features directly from Windows Updates instead of Windows Server Updates Services (WSUS)“.
- Click Apply > Click OK.
- Right-click the Start button > Choose Run > Type gpupdate > Click OK.
- RSAT installation error 0x80070003 is usually related to installation from an uncommon location. Copy the installation files to the target machine’s local drive and proceed.