Last Update: Jun 20, 2024 | Published: May 17, 2022
If you work in IT, you’ve probably taken a good look at Microsoft Active Directory. But to set up and manage Active Directory (AD), you need access to the AD administration tools.
In this guide, you’ll learn how to open the three most important AD admin tools, which are Active Directory Users and Computers (ADUC), the Active Directory Administrative Center (ADAC), and there’s also Active Directory Sites and Services for more complex configuration options.
Let’s start with the most popular tool on a domain controller (DC), Active Directory Users and Computers. To open Active Directory Users and Computers, log into a domain controller and use one of the following options:
For more details on accessing Active Directory and other ways to access the admin tools, keep reading!
Before we look at where you can open the tools, I’ll describe the three main graphical user interface tools for managing AD and what you can do with them!
The Active Directory Administrative Center, which is relatively new to the arsenal of tools to access AD, was first released with Windows Server 2012. It was introduced to provide a graphical user interface (GUI) for some specialized features to give IT pros and admins an easier method to handle routine tasks in AD.
The Active Directory Administrative Center provides a GUI for the Active Directory Recycle Bin. It also provides a graphical and efficient interface for managing fine-grained password policies.
There’s also a tool called the Windows PowerShell History Viewer. It shows the resultant PowerShell command that runs behind the scenes when you perform an action in ADAC. That is cool!
Active Directory Users and Computers, definitively the most popular tool to access AD, is installed on domain controllers and it is added as a remote access tool when you install the appropriate tool in Windows 10, Windows 11, or other member Windows servers.
You can use this tool to manipulate your AD environment with a myriad of options and methods to accomplish your daily ‘IT Pro’ tasks. Check out our guide on How to Install Active Directory Users and Computers on Petri to learn more about how to get started with ADUC.
Active Directory Sites and Services (ADSS) is used to manage the logical network layout of your AD domain. This is where you create and manage Sites – logical, often geographic boundaries specified by network IP subnets.
The services that ADSS offers include an interface to manage replication between your DCs.
If you’re dealing with troubleshooting replication amongst your DCs, this is the first place you should look!
If you’re a standard, non-admin user, you won’t get very far beyond being able to “read” the directory contents (users, computers, etc.) in Active Directory Users and Computers. To be able to make changes, add users, and reset passwords, you’ll need more permissions.
In order to access ADUC, you need at least ‘Read’ access to the Authenticated Users group. You can then either have your user account added to the Domain Admins group or use the Delegation of Control Wizard in ADUC to give only the necessary rights to the user account.
The administration tools for Active Directory can be opened in different places. Here are the three primary locations where you can find the tools:
Managing AD using the admin tools on a DC is not recommended by Microsoft. But it is traditionally the go-to and efficient way when you just need to get something done.
ADUC is one of the administrative tools (accessible via the Start Menu) that is installed by default on Windows Server domain controllers. I.e., when the Active Directory Domain Services role is installed on Windows Server.
You need the minimum user permission to ‘Log on locally’ which can be granted to you in various ways: being a member of the Local Administrators group and being a member of the Domain Admins group are two possible options. You can also be given membership in the Remote Desktop Users group on a DC to log in.
The permissions for accessing a DC are required in addition to the rights needed to open AD from a member server or workstation joined to your domain.
As I mentioned a little earlier, you can find all the AD admin tools in the Administrative Tools folder in the Start Menu.
You can also find them as a tile on the right side of the Start Menu, and under ‘Windows Administrative Tools’ in the full Apps list.
Managing Active Directory via the admin tools on a DC is not recommend because it increases the risk your AD domain could be compromised. You should always try to install the tools on a server or workstation that is joined to AD.
But the AD admin tools are not installed in Windows by default. So, here’s how you can install them in Windows:
If you’re running Windows 10 version 1803 or earlier (you shouldn’t be, they’re out of support!), you can follow these steps:
If you’re running Windows 10 version 1809 or newer or Windows 11, follow these steps:
That’s it! When the installation is done, you the tools will be located in your Start Menu under Administrative Tools. You can find more detailed instructions on how to install the Remote Server Administration Tools on Windows on Petri.
The last tool we’ll include here is the Active Directory Module for Windows PowerShell. This is also included on all DCs and is included in the RSAT tool specified as ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
You can browse my article on the ‘Get-ADUser’ PowerShell cmdlet to learn about how to install this module on your workstation or DC.
Active Directory has been around for about 23 years, since Windows 2000. There are now various tools available to access your Active Directory information.
Active Directory Users and Computers, Active Directory Administrative Center, Active Directory Sites and Services, and even the Windows Admin Center are all up to the task now. The latter has evolved quite a lot over the years and there are now a surprising number of tasks in AD that you can accomplish with it.
Related Article: