How to Access Active Directory
If you work in IT, you’ve probably taken a good look at Microsoft Active Directory. But to set up and manage Active Directory (AD), you need access to the AD administration tools.
In this guide, you’ll learn how to open the three most important AD admin tools, which are Active Directory Users and Computers (ADUC), the Active Directory Administrative Center (ADAC), and there’s also Active Directory Sites and Services for more complex configuration options.
Table of Contents
- How to open Active Directory Users and Computers
- What tools can I use to configure and manage Active Directory?
- What permissions do you need to access Active Directory?
- Where are the admin tools for Active Directory?
How to open Active Directory Users and Computers
Let’s start with the most popular tool on a domain controller (DC), Active Directory Users and Computers. To open Active Directory Users and Computers, log into a domain controller, and open Server Manager from the Start menu. Now, in the Tools menu in Server Manager, click Active Directory Users and Computers.
For more details on accessing Active Directory and other ways to access the admin tools, keep reading!
What tools can I use to configure and manage Active Directory?
Before we look at where you can open the tools, I’ll describe the three main graphical user interface tools for managing AD and what you can do with them!
Active Directory Administrative Center
The Active Directory Administrative Center, which is relatively new to the arsenal of tools to access AD, was first released with Windows Server 2012. It was introduced to provide a graphical user interface (GUI) for some specialized features to give IT pros and admins an easier method to handle routine tasks in AD.
There’s also a tool called the Windows PowerShell History Viewer. It shows the resultant PowerShell command that runs behind the scenes when you perform an action in ADAC. That is cool!
Active Directory Users and Computers
Active Directory Users and Computers, definitively the most popular tool to access AD, is installed on domain controllers and it is added as a remote access tool when you install the appropriate tool in Windows 10, Windows 11, or other member Windows servers.
You can use this tool to manipulate your AD environment with a myriad of options and methods to accomplish your daily ‘IT Pro’ tasks.
Active Directory Sites and Services
Active Directory Sites and Services (ADSS) is used to manage the logical network layout of your AD domain. This is where you create and manage Sites – logical, often geographic boundaries specified by network IP subnets.
The services that ADSS offers include an interface to manage replication between your DCs.
If you’re dealing with troubleshooting replication amongst your DCs, this is the first place you should look!
What permissions do you need to access Active Directory?
If you’re a standard, non-admin user, you won’t get very far beyond being able to “read” the directory contents (users, computers, etc.) in Active Directory Users and Computers. To be able to make changes, add users, and reset passwords, you’ll need more permissions.
In order to access ADUC, you need at least ‘Read’ access to the Authenticated Users group. You can then either have your user account added to the Domain Admins group or use the Delegation of Control Wizard in ADUC to give only the necessary rights to the user account.
Where are the admin tools for Active Directory?
The administration tools for Active Directory can be opened in different places. Here are the three primary locations where you can find the tools:
- On a domain controller.
- Using the Remote Server Administration Tools (RSAT) in Windows.
- Using the AD module for PowerShell.
Open Active Directory admin tools on a domain controller
Managing AD using the admin tools on a DC is not recommended by Microsoft. But it is traditionally the go-to and efficient way when you just need to get something done.
ADUC is one of the administrative tools (accessible via the Start Menu) that is installed by default on Windows Server domain controllers. I.e., when the Active Directory Domain Services role is installed on Windows Server.
What permissions do you need to log into a domain controller?
You need the minimum user permission to ‘Log on locally’ which can be granted to you in various ways: being a member of the Local Administrators group and being a member of the Domain Admins group are two possible options. You can also be given membership in the Remote Desktop Users group on a DC to log in.
The permissions for accessing a DC are required in addition to the rights needed to open AD from a member server or workstation joined to your domain.
Where to find the AD admin tools on a domain controller
As I mentioned a little earlier, you can find all the AD admin tools in the Administrative Tools folder in the Start Menu.
You can also find them as a tile on the right side of the Start Menu, and under ‘Windows Administrative Tools’ in the full Apps list.
Install AD admin tools in Windows to access Active Directory
Managing Active Directory via the admin tools on a DC is not recommend because it increases the risk your AD domain could be compromised. You should always try to install the tools on a server or workstation that is joined to AD.
But the AD admin tools are not installed in Windows by default. So, here’s how you can install them in Windows:
If you’re running Windows 10 version 1803 or earlier (you shouldn’t be, they’re out of support!), you can follow these steps:
- Download the RSAT tools for your platform.
- Run the downloaded installer package.
- Click on your Start menu and all the tools should be listed under Administrative Tools.
- Click Start -> Apps -> Optional features -> Add an optional feature.
- Scroll down in the list to the items prefaced with ‘RSAT’. Find the ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
- Check the box to install it and click Install or Next.
That’s it! When the installation is done, you the tools will be located in your Start Menu under Administrative Tools. You can find more detailed instructions on how to install the Remote Server Administration Tools on Windows on Petri.
Install the PowerShell module for Active Directory
The last tool we’ll include here is the Active Directory Module for Windows PowerShell. This is also included on all DCs and is included in the RSAT tool specified as ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
You can browse my article on the ‘Get-ADUser’ PowerShell cmdlet to learn about how to install this module on your workstation or DC.
Active Directory has been around for about 23 years, since Windows 2000. There are now various tools available to access your Active Directory information.
Active Directory Users and Computers, Active Directory Administrative Center, Active Directory Sites and Services, and even the Windows Admin Center are all up to the task now. The latter has evolved quite a lot over the years and there are now a surprising number of tasks in AD that you can accomplish with it.
More in Active Directory
How to Fix the "An Active Directory Domain Controller for the Domain Could Not Be Contacted" Error
Jun 20, 2022 | Michael Reinders
How to Delete a Protected OU in Active Directory
Jun 8, 2022 | Michael Reinders
Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory
Jun 7, 2022 | Russell Smith
Microsoft Announces Entra, A New Identity and Access Management Suite
May 31, 2022 | Rabia Noureen
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Most popular on petri