Active Directory Users and Computers (ADUC or DSA.msc) is one of the most commonly used tools for managing objects in an Active Directory domain. You can install ADUC on both Windows Server hosts and Windows 10 and 11 computers. The ADUC MMC snap-in is a part of the Microsoft Remote Server Administration Tools (RSAT). In this article, we’ll show how to install and use the Active Directory Users and Computers console on Windows.
How to Install Active Directory and Computers on Windows 10 and 11?
In modern builds of Windows 10 (1809+) and Windows 11, RSAT is installed online as Features on Demand. To install the Active Directory RSAT on Windows 10/11, go to Settings -> Apps -> Optional Features -> Add an optional feature (View features).
Active Directory’ in the search bar and select RSAT: Active Directory Domain Services and Lightweight Directory Services Tool.
Click Next-> Install to start the installation.
Then Windows connects to Microsoft servers, downloads and installs the Active Directory Remote Server Administration Tools (including Active Directory graphical consoles, command prompt tools, and Active Directory PowerShell module).
Or, you can install AD administration tools using PowerShell:
Add-WindowsCapability –online –Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
To install the Active Directory tools from a network share containing the contents of the FoD image, run:
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 -LimitAccess -Source \\mun-fs1\Images\Windows10-FOD\
In previous Windows 10 builds, as well as in Windows 8.1, you can install RSAT using an MSU update. You can download RSAT here:
- RSAT for Windows 10 1803/1709 — https://www.microsoft.com/en-us/download/details.aspx?id=45520
- RSAT for Windows 8.1 — https://www.microsoft.com/en-us/download/details.aspx?id=39296
Download the RSAT version that matches the bitness of your operating system. Double-click the file to start installation:
Or install the MSU file from in the command prompt in the quiet mode:
wusa.exe C:\Install\WindowsTH-RSAT_TP5_Update-x64.msu /quiet /norestart
After the RSAT installation is complete, restart your computer.
Then you just have to activate the necessary options. To do it:
- Right-click Start and select Control Panel;
- Click Programs and Features;
- Click Turn Windows features on or off on the left pane.
- Expand Remote Server Administration Tools-> Role Administration Tools -> AD DS and AD LDS Tools in the features tree;
- Check AD DS Tools and click OK.
You can install ADUC from the command prompt as well. Run the commands below one by one:
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns
After the administrative tools have been installed, you will see a link to Active Directory Users and Computers snap-in in the Administrative Tools section of the Control Panel.
How to Use Active Directory Users and Computers Console?
To open the ADUC console, click the icon in the Control Panel or run this command:
If your computer is joined to an Active Directory domain, then the ADUC connects to a domain controller depending on the current Logon server (
$env:LOGONSERVER). The name of the domain controller you are connected to is at the top of the console.
You can connect to another AD domain controller or another domain by clicking the console root and selecting the Change option you want in the context menu.
The Active Directory console shows a tree-like Organizational Unit (OU) structure of your domain (and a separate section containing AD Saved Queries).
A domain administrator may create containers (OUs) based on a physical or logical organization structure. Using a context menu, you can create new AD objects (users, groups, computers, OUs, contacts), rename, move, or delete objects. Depending on the selected object type, context menu options may vary.
For example, a user has options to reset the AD password or enable/disable the account.
You can use the Search context menu to search for objects in AD.
An administrator can delegate permissions to create/edit/delete objects in Active Directory to other users or groups.
Using the View -> Add/Remove columns menu, you can add object attributes you want to see in the ADUC console.
In ADUC, you can view or change domain object properties. For example, you can open user properties and edit its settings. Some user properties are located in the corresponding tabs, and the full list of user attributes is available in the AD Attribute Editor tab.
You can add a separate tab with an AD user photo.
To show system containers and object properties in the Active Directory snap-in (they are hidden by default), check View -> Advanced Features.
Then all AD objects get a number of system tabs. For example, you can get a canonical object name, view an account creation date, or check Protect object from accidental deletion in the Object tab.
ADUC: Connecting Domain from a Workgroup Computer?
If you want to connect to a domain controller from a computer outside your domain (a workgroup computer) using ADUC, follow the instructions below:
- Open the command prompt and run the mmc console as a different user:
runas /netonly /user:woshub\jsmith mmc
- In the empty MMC console, select File->Add/Remove Snap-In;
- Move the Active Directory Users and Computers snap-in to the right panel and click Add;
- To connect to a domain, click the console root and select Change domain. Enter the domain name.
Then the ADUC console connects to the domain controller, gets, and displays the container (OU) structure of the Active Directory domain.