Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

How to Access Active Directory

If you work in IT, you’ve probably taken a good look at Microsoft Active Directory. But to set up and manage Active Directory (AD), you need access to the AD administration tools.

In this guide, you’ll learn how to open the three most important AD admin tools, which are Active Directory Users and Computers (ADUC), the Active Directory Administrative Center (ADAC), and there’s also Active Directory Sites and Services for more complex configuration options.

How to open Active Directory Users and Computers

Let’s start with the most popular tool on a domain controller (DC), Active Directory Users and Computers. To open Active Directory Users and Computers, log into a domain controller, and open Server Manager from the Start menu. Now, in the Tools menu in Server Manager, click Active Directory Users and Computers.

For more details on accessing Active Directory and other ways to access the admin tools, keep reading!

What tools can I use to configure and manage Active Directory?

Before we look at where you can open the tools, I’ll describe the three main graphical user interface tools for managing AD and what you can do with them!

Active Directory Administrative Center

The Active Directory Administrative Center, which is relatively new to the arsenal of tools to access AD, was first released with Windows Server 2012. It was introduced to provide a graphical user interface (GUI) for some specialized features to give IT pros and admins an easier method to handle routine tasks in AD.

The Active Directory Administrative Center provides a GUI for the Active Directory Recycle Bin. It also provides a graphical and efficient interface for managing fine-grained password policies.

Creating a new 'fine-grained password policy' in the Active Directory Administrative Center — Creating a new ‘fine-grained password policy’ in the ADAC

There’s also a tool called the Windows PowerShell History Viewer. It shows the resultant PowerShell command that runs behind the scenes when you perform an action in ADAC. That is cool!

Screenshot 2022 05 13 164509 — Browsing the Windows PowerShell History pane

Active Directory Users and Computers

Active Directory Users and Computers, definitively the most popular tool to access AD, is installed on domain controllers and it is added as a remote access tool when you install the appropriate tool in Windows 10, Windows 11, or other member Windows servers.

You can use this tool to manipulate your AD environment with a myriad of options and methods to accomplish your daily ‘IT Pro’ tasks. Check out our guide on How to Install Active Directory Users and Computers on Petri to learn more about how to get started with ADUC.

Active Directory Sites and Services

Active Directory Sites and Services (ADSS) is used to manage the logical network layout of your AD domain. This is where you create and manage Sites – logical, often geographic boundaries specified by network IP subnets.

The services that ADSS offers include an interface to manage replication between your DCs.

Managing multiple Sites in your AD domain — Managing multiple Sites in your Active Directory domain

If you’re dealing with troubleshooting replication amongst your DCs, this is the first place you should look!

What permissions do you need to access Active Directory?

If you’re a standard, non-admin user, you won’t get very far beyond being able to “read” the directory contents (users, computers, etc.) in Active Directory Users and Computers. To be able to make changes, add users, and reset passwords, you’ll need more permissions.

In order to access ADUC, you need at least ‘Read’ access to the Authenticated Users group. You can then either have your user account added to the Domain Admins group or use the Delegation of Control Wizard in ADUC to give only the necessary rights to the user account.

Granting admins access to Active Directory via the Delegation of Control Wizard

Where are the admin tools for Active Directory?

The administration tools for Active Directory can be opened in different places. Here are the three primary locations where you can find the tools:

On a domain controller.
Using the Remote Server Administration Tools (RSAT) in Windows.
Using the AD module for PowerShell.

Open Active Directory admin tools on a domain controller

Managing AD using the admin tools on a DC is not recommended by Microsoft. But it is traditionally the go-to and efficient way when you just need to get something done.

ADUC is one of the administrative tools (accessible via the Start Menu) that is installed by default on Windows Server domain controllers. I.e., when the Active Directory Domain Services role is installed on Windows Server.

What permissions do you need to log into a domain controller?

You need the minimum user permission to ‘Log on locally’ which can be granted to you in various ways: being a member of the Local Administrators group and being a member of the Domain Admins group are two possible options. You can also be given membership in the Remote Desktop Users group on a DC to log in.

The permissions for accessing a DC are required in addition to the rights needed to open AD from a member server or workstation joined to your domain.

Where to find the AD admin tools on a domain controller

As I mentioned a little earlier, you can find all the AD admin tools in the Administrative Tools folder in the Start Menu.

The Active Directory Users and Computers tools in the Administrative Tools folder — ADUC in the Administrative Tools folder

You can also find them as a tile on the right side of the Start Menu, and under ‘Windows Administrative Tools’ in the full Apps list.

Accessing Windows Administrative Tools in the Start Menu

Install AD admin tools in Windows to access Active Directory

Managing Active Directory via the admin tools on a DC is not recommend because it increases the risk your AD domain could be compromised. You should always try to install the tools on a server or workstation that is joined to AD.

But the AD admin tools are not installed in Windows by default. So, here’s how you can install them in Windows:

If you’re running Windows 10 version 1803 or earlier (you shouldn’t be, they’re out of support!), you can follow these steps:

Download the RSAT tools for your platform.
Run the downloaded installer package.
Click on your Start menu and all the tools should be listed under Administrative Tools.

If you’re running Windows 10 version 1809 or newer or Windows 11, follow these steps:

Click Start -> Apps -> Optional features -> Add an optional feature.
Scroll down in the list to the items prefaced with ‘RSAT’. Find the ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
Check the box to install it and click Install or Next.

That’s it! When the installation is done, you the tools will be located in your Start Menu under Administrative Tools. You can find more detailed instructions on how to install the Remote Server Administration Tools on Windows on Petri.

Install the PowerShell module for Active Directory

The last tool we’ll include here is the Active Directory Module for Windows PowerShell. This is also included on all DCs and is included in the RSAT tool specified as ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’

Screenshot 2022 05 13 170123 — Using the PowerShell module for Active Directory

You can browse my article on the ‘Get-ADUser’ PowerShell cmdlet to learn about how to install this module on your workstation or DC.

Conclusion

Active Directory has been around for about 23 years, since Windows 2000. There are now various tools available to access your Active Directory information.

Active Directory Users and Computers, Active Directory Administrative Center, Active Directory Sites and Services, and even the Windows Admin Center are all up to the task now. The latter has evolved quite a lot over the years and there are now a surprising number of tasks in AD that you can accomplish with it.

Related Article:

Table of contents

by Michael Reinders
Last Update: Nov 07, 2022
May 17, 2022

Michael has been an 'IT Pro' since 1998. He has worked predominantly in the Windows world including client and server operating systems, on-prem systems engineering (AD, DNS, etc.), and over the last ten years or so has embraced and immersed himself ...

Petri.com’s New Active Directory Outage and Disaster Recovery Survey

Feb 15, 2024
Apr 16, 2024
Get-ADComputer: The PowerShell Command for Managing Active Directory Computers

Nov 15, 2023
Essential Guide to Mastering Get-ADGroupMember (AD User Management)

Oct 12, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.