In this guide, we will talk about a feature available only in Windows 10 Professional and Enterprise versions: It’s Active Directory Users and Computers.

This feature is originally a part of Windows Server’s Administrative Tools, but Microsoft added it to the Pro and Enterprise versions of Windows to give users the ability to control things in the network / domain from any computer on the network, not just from the server.

The things that are made possible with this feature include:

(the ability to…) add users, computers, create groups and control your shared devices like printers from any computer on the domain.

Quote from Microsoft’s website.

So, how do we enable this?

Step I: Download and Install RSAT – Remote Server Administration Tools for Windows 10

Download WS_1709 RSAT to manage Windows Server version 1709 (x64 for 64-bit machines and x86 for 32-bit machines).

Download RSAT_WS2016 to manage a previous versions of Windows Server.

If you have problems identifying which version are you running, click here to take a look at this guide, you’ll be able to know all about the difference between 32-bit and 64-bit ones and the compatibility of each.

  • Once finished downloading it, open the downloaded setup file and click Open.
  • Click Yes when asked to install updates.
  • Click I Accept.
  • Wait until the installation finishes.
  • Click Restart Now to restart immediately or Close to restart it later.
  • Take care not to unplug your computer or force it to shut down, it may take some time restarting.

After restarting, you may need to enable the feature manually. If you’re using Windows 8, 8.1 or 10 it should be automatically enabled – so you can skip to step III. But if you’re having problems or you want to make sure that it’s on, pass through step II.

Step II: Enable the Remote Server Administration Tools

  • Open your Control panel and select Programs.
  • Click Turn Windows features on or off.
  • Expand Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools you will find there the feature named AD DS Tools, make sure it’s checked. You can also check the whole group (Remote Server Administration Tools) to make sure you have all services enabled.

Step III: Use Active Directory Users and Computers

Now that you have it installed operating it is very simple: just type active directory in your start menu and select Active Directory Users and Computers and there you are – you can now control the domain from your regular non-server computer.

Note that the server machine must be always online, you will just be controlling it remotely but that’s impossible to do that if the server computer is shut down.

Now, what can you exactly do using Active Directory users and Computer?

  • If you’re using the server’s administrator user, you’ll be able to change all the domain settings. You’ll be able to add and modify users, groups, printers …etc. 
  • If you’re using a standard domain user, you’ll be able to explore, see all the settings, all users and  computers and other devices on the domain, but you won’t be able to change most of them (If you right-click in the domain area, you will not be able to see the New option used to create new components). We can fix this using the section ‘Usage Case I: Delegate Control’ below.

How to use Active Directory Users and Computers?

Usage Case I: Delegate Control

Assuming that you have admin privileges and you want to delegate another user to control the domain (to be as powerful as the administrator), this is how:

  • Login using your Server Administrator credentials from Windows Server or Windows 10 Pro/Enterprise machine, open Active Directory Users and Computers and right-click on the domain and select Delegate Control…
  • Click Next.
  • Click Add.
  • Type the username you want to delegate control to or a part of the username and click on Check Names.
  • Now the full username will appear, click OK once reviewed.
  • Click Next.
  • Check the exact permissions you want to give to this user or check them all if you want a full administrator and then click Next.
  • Finally, click Finish.

Usage Case II: Add a new user to the domain

  • Open Active Directory Users and Computers.
  • Go to the Users folder under your domain name from the left pane, right-click and choose New > User.
  • Enter the user First name, User logon name (You’ll provide the user this one) and click Next.
  • Enter a password and retype it, you’ll be able to choose from a set of options: You can force the user to change the password him/herself the first time he/she joins the domain, you can disallow them to change their password, you can make the password permanent without expiration and finally you can disable this account until you enable it back yourself as the domain admin.

Usage Case III: Add a new group

Creating groups helps you to organize your domain in a better way, every bunch of users may have their custom permissions, maybe some access to a specific drive or printer too. Here’s how to add a group:

  • Open Active Directory Users and Computers, right-click on the domain and select New > Group.
  • Enter the Group name, select Global in Group scope and finally Security in Group type then click OK.
  • Your group will now appear in the right panel, it’s time to add users to this group.
  • Now, right-click on the user you want to add and then select Add to a group
  • Click on the Advanced  button.
  • Click Find Now.
  • From the list, select the group you want to add your user to, and then click Ok.
  • A message box will appear confirming that you added the user to the group, click OK.
  • If you want to know see the member of a group, go to the group, right-click on it and select Properties.
  • Go to the Members tab, you can see there all the users in the group. You can add new users and delete existing ones directly from there.

Finally, if you want to know how to join a domain from any computer on the network or you want to send a guide to users to help them go through it, them this guide is the best for you:

Frequently Asked Questions

What are the differences between computer and user configuration?

The name itself is quite self-explanatory, but we’ll answer the question regardless, simply because some non-tech enthusiasts might get confused by the wording.

In short, a computer configuration action makes sure that the particular settings you have saved get applied to the entirety of the computer you’ve selected. With that said, any user that logs on to that computer will suffer the same setting that you have saved.

On the other hand, user configuration refers to changing certain settings only for a particular user. In layman’s terms, the settings will apply to that user regardless of what computer they long on to. And that setting will carry over from one session to another seamlessly as long as they log in to the same account.

What is a user object in Windows Active Directory?

An object is a basic element within Active Directory. It represents something on the network and it can be anything from a printer, application, computer, server, to a shared folder, or anything in between.

What is the difference between applying a GPO to a user versus a computer?

As with one of the previous questions above, the same logic applies to the application of a GPO to a user versus a computer. The GPO settings linked to a certain user carry over to their account regardless of the computer that they log on to, while the GPO settings applied to a certain computer will remain on that computer and won’t carry over to personal accounts unless those accounts are used on that computer.

The Bottom Line

We hope you’ve found this entire article helpful and that, at the very least, you’ve managed to learn one or two new things today. Feel free to leave us a comment down below with your thoughts and opinions.