In this guide, we will talk about a feature available only in Windows 10 Professional and Enterprise versions: It’s Active Directory Users and Computers.
This feature is originally a part of Windows Server’s Administrative Tools, but Microsoft added it to the Pro and Enterprise versions of Windows to give users the ability to control things in the network / domain from any computer on the network, not just from the server.
The things that are made possible with this feature include:
(the ability to…) add users, computers, create groups and control your shared devices like printers from any computer on the domain.
Quote from Microsoft’s website.
So, how do we enable this?
Step I: Download and Install RSAT – Remote Server Administration Tools for Windows 10
- Go to https://www.microsoft.com/en-us/download/details.aspx?id=45520, select your language and click Download. (You can also check the system requirements before doing this).
- Choose the suitable download for you:
Download WS_1709 RSAT to manage Windows Server version 1709 (x64 for 64-bit machines and x86 for 32-bit machines).
- Once finished downloading it, open the downloaded setup file and click Open.
- Click Yes when asked to install updates.
- Click I Accept.
- Wait until the installation finishes.
- Click Restart Now to restart immediately or Close to restart it later.
- Take care not to unplug your computer or force it to shut down, it may take some time restarting.
After restarting, you may need to enable the feature manually. If you’re using Windows 8, 8.1 or 10 it should be automatically enabled – so you can skip to step III. But if you’re having problems or you want to make sure that it’s on, pass through step II.
Step II: Enable the Remote Server Administration Tools
- Open your Control panel and select Programs.
- Click Turn Windows features on or off.
- Expand Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools you will find there the feature named AD DS Tools, make sure it’s checked. You can also check the whole group (Remote Server Administration Tools) to make sure you have all services enabled.
Step III: Use Active Directory Users and Computers
Now that you have it installed operating it is very simple: just type active directory in your start menu and select Active Directory Users and Computers and there you are – you can now control the domain from your regular non-server computer.
Now, what can you exactly do using Active Directory users and Computer?
- If you’re using the server’s administrator user, you’ll be able to change all the domain settings. You’ll be able to add and modify users, groups, printers …etc.
- If you’re using a standard domain user, you’ll be able to explore, see all the settings, all users and computers and other devices on the domain, but you won’t be able to change most of them (If you right-click in the domain area, you will not be able to see the New option used to create new components). We can fix this using the section ‘Usage Case I: Delegate Control’ below.
How to use Active Directory Users and Computers?
Usage Case I: Delegate Control
Assuming that you have admin privileges and you want to delegate another user to control the domain (to be as powerful as the administrator), this is how:
- Login using your Server Administrator credentials from Windows Server or Windows 10 Pro/Enterprise machine, open Active Directory Users and Computers and right-click on the domain and select Delegate Control…
- Click Next.
- Click Add.
- Type the username you want to delegate control to or a part of the username and click on Check Names.
- Now the full username will appear, click OK once reviewed.
- Click Next.
- Check the exact permissions you want to give to this user or check them all if you want a full administrator and then click Next.
- Finally, click Finish.
Usage Case II: Add a new user to the domain
- Open Active Directory Users and Computers.
- Go to the Users folder under your domain name from the left pane, right-click and choose New > User.
- Enter the user First name, User logon name (You’ll provide the user this one) and click Next.
- Enter a password and retype it, you’ll be able to choose from a set of options: You can force the user to change the password him/herself the first time he/she joins the domain, you can disallow them to change their password, you can make the password permanent without expiration and finally you can disable this account until you enable it back yourself as the domain admin.
Usage Case III: Add a new group
Creating groups helps you to organize your domain in a better way, every bunch of users may have their custom permissions, maybe some access to a specific drive or printer too. Here’s how to add a group:
- Open Active Directory Users and Computers, right-click on the domain and select New > Group.
- Enter the Group name, select Global in Group scope and finally Security in Group type then click OK.
- Your group will now appear in the right panel, it’s time to add users to this group.
- Now, right-click on the user you want to add and then select Add to a group…
- Click on the Advanced button.
- Click Find Now.
- From the list, select the group you want to add your user to, and then click Ok.
- A message box will appear confirming that you added the user to the group, click OK.
- If you want to know see the member of a group, go to the group, right-click on it and select Properties.
- Go to the Members tab, you can see there all the users in the group. You can add new users and delete existing ones directly from there.