close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

If you are a large enterprise, don't miss our IT cost-cutting webinar!

Home

Active Directory

How to Access Active Directory

Michael Reinders

|
Network Security

If you work in IT, you’ve probably taken a good look at Microsoft Active Directory. But to set up and manage Active Directory (AD), you need access to the AD administration tools.

In this guide, you’ll learn how to open the three most important AD admin tools, which are Active Directory Users and Computers (ADUC), the Active Directory Administrative Center (ADAC), and there’s also Active Directory Sites and Services for more complex configuration options.

How to open Active Directory Users and Computers

Let’s start with the most popular tool on a domain controller (DC), Active Directory Users and Computers. To open Active Directory Users and Computers, log into a domain controller, and open Server Manager from the Start menu. Now, in the Tools menu in Server Manager, click Active Directory Users and Computers.

For more details on accessing Active Directory and other ways to access the admin tools, keep reading!

What tools can I use to configure and manage Active Directory?

Before we look at where you can open the tools, I’ll describe the three main graphical user interface tools for managing AD and what you can do with them!

Active Directory Administrative Center

The Active Directory Administrative Center, which is relatively new to the arsenal of tools to access AD, was first released with Windows Server 2012. It was introduced to provide a graphical user interface (GUI) for some specialized features to give IT pros and admins an easier method to handle routine tasks in AD.

The Active Directory Administrative Center
The Active Directory Administrative Center

The Active Directory Administrative Center provides a GUI for the Active Directory Recycle Bin. It also provides a graphical and efficient interface for managing fine-grained password policies

Creating a new 'fine-grained password policy' in the Active Directory Administrative Center
Creating a new ‘fine-grained password policy’ in the ADAC

There’s also a tool called the Windows PowerShell History Viewer. It shows the resultant PowerShell command that runs behind the scenes when you perform an action in ADAC. That is cool!

Browsing the Windows PowerShell History pane

Active Directory Users and Computers

Active Directory Users and Computers, definitively the most popular tool to access AD, is installed on domain controllers and it is added as a remote access tool when you install the appropriate tool in Windows 10, Windows 11, or other member Windows servers.

The Active Directory Users and Computers app.
The Active Directory Users and Computers app

You can use this tool to manipulate your AD environment with a myriad of options and methods to accomplish your daily ‘IT Pro’ tasks. Check out our guide on How to Install Active Directory Users and Computers on Petri to learn more about how to get started with ADUC.

Active Directory Sites and Services

Active Directory Sites and Services (ADSS) is used to manage the logical network layout of your AD domain. This is where you create and manage Sites – logical, often geographic boundaries specified by network IP subnets.

Active Directory Sites and Services
Active Directory Sites and Services

The services that ADSS offers include an interface to manage replication between your DCs.

Managing multiple Sites in your AD domain
Managing multiple Sites in your Active Directory domain

If you’re dealing with troubleshooting replication amongst your DCs, this is the first place you should look!

What permissions do you need to access Active Directory?

If you’re a standard, non-admin user, you won’t get very far beyond being able to “read” the directory contents (users, computers, etc.) in Active Directory Users and Computers. To be able to make changes, add users, and reset passwords, you’ll need more permissions.

In order to access ADUC, you need at least ‘Read’ access to the Authenticated Users group. You can then either have your user account added to the Domain Admins group or use the Delegation of Control Wizard in ADUC to give only the necessary rights to the user account.

Granting admins access to Active Directory via the Delegation of Control Wizard
Granting admins access to Active Directory via the Delegation of Control Wizard

Where are the admin tools for Active Directory?

The administration tools for Active Directory can be opened in different places. Here are the three primary locations where you can find the tools:

  1. On a domain controller.
  2. Using the Remote Server Administration Tools (RSAT) in Windows.
  3. Using the AD module for PowerShell.

Open Active Directory admin tools on a domain controller

Managing AD using the admin tools on a DC is not recommended by Microsoft. But it is traditionally the go-to and efficient way when you just need to get something done.

ADUC is one of the administrative tools (accessible via the Start Menu) that is installed by default on Windows Server domain controllers. I.e., when the Active Directory Domain Services role is installed on Windows Server.

What permissions do you need to log into a domain controller?

You need the minimum user permission to ‘Log on locally’ which can be granted to you in various ways: being a member of the Local Administrators group and being a member of the Domain Admins group are two possible options. You can also be given membership in the Remote Desktop Users group on a DC to log in.

The permissions for accessing a DC are required in addition to the rights needed to open AD from a member server or workstation joined to your domain.

Where to find the AD admin tools on a domain controller

As I mentioned a little earlier, you can find all the AD admin tools in the Administrative Tools folder in the Start Menu.

The Active Directory Users and Computers tools in the Administrative Tools folder
ADUC in the Administrative Tools folder

You can also find them as a tile on the right side of the Start Menu, and under ‘Windows Administrative Tools’ in the full Apps list.

Accessing Windows Administrative Tools in the Start Menu
Accessing Windows Administrative Tools in the Start Menu

Install AD admin tools in Windows to access Active Directory

Managing Active Directory via the admin tools on a DC is not recommend because it increases the risk your AD domain could be compromised. You should always try to install the tools on a server or workstation that is joined to AD.

But the AD admin tools are not installed in Windows by default. So, here’s how you can install them in Windows:

If you’re running Windows 10 version 1803 or earlier (you shouldn’t be, they’re out of support!), you can follow these steps:

  1. Download the RSAT tools for your platform.
  2. Run the downloaded installer package.
  3. Click on your Start menu and all the tools should be listed under Administrative Tools.

If you’re running Windows 10 version 1809 or newer or Windows 11, follow these steps:

  1. Click Start -> Apps -> Optional features -> Add an optional feature.
  2. Scroll down in the list to the items prefaced with ‘RSAT’. Find the ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
  3. Check the box to install it and click Install or Next.

That’s it! When the installation is done, you the tools will be located in your Start Menu under Administrative Tools. You can find more detailed instructions on how to install the Remote Server Administration Tools on Windows on Petri.

Install the PowerShell module for Active Directory

The last tool we’ll include here is the Active Directory Module for Windows PowerShell. This is also included on all DCs and is included in the RSAT tool specified as ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’

Using the PowerShell module for Active Directory

You can browse my article on the ‘Get-ADUser’ PowerShell cmdlet to learn about how to install this module on your workstation or DC.

Conclusion

Active Directory has been around for about 23 years, since Windows 2000. There are now various tools available to access your Active Directory information.

Active Directory Users and Computers, Active Directory Administrative Center, Active Directory Sites and Services, and even the Windows Admin Center are all up to the task now. The latter has evolved quite a lot over the years and there are now a surprising number of tasks in AD that you can accomplish with it.

Related Article:

Article saved!

Access saved content from your profile page. View Saved