The Active Directory Users and Computers console is the primary tool for managing user accounts, groups, and domain-joined computers in an Active Directory environment.
Although there are other management tools (such as the Windows Admin Center) that offer similar functionality, the Active Directory Users and Computers console has been a part of Windows for decades and remains one of the most popular tools for managing the Active Directory.
Features of Active Directory Users and Computers
The Active Directory Users and Computers console is best known as a tool for user account creation and management, but you can also use it to create and manage other types of Active Directory objects. These objects include groups, computers, contacts, printers, and shared folders.
How To Install Active Directory Users and Computers
Installing the Active Directory Users and Computers console is not always required. For example, if an organization sets up a Windows Server that runs the full Desktop Experience to act as a domain controller, the Active Directory Users and Computers console will be automatically installed as a part of the Active Directory Domain Services.
Even so, Microsoft’s best practices state that domain controllers should run on Server Core servers that lack the Desktop Experience. Since the Active Directory Users and Computers console is graphical in nature, it cannot be installed on a server that is not running the Desktop Experience. However, you can manually install the Active Directory Users and Computers console on another server or on a Windows desktop.
To install the Active Directory Users and Computers console on a Windows server, follow these four steps:
- Open Server Manager and then choose the ‘Add Roles and Features’ command from the Manage menu.
- When the Add Roles and Features Wizard opens, click the Next button repeatedly until you arrive at the ‘select features’ screen.
- Expand the Remote Server Administration Tools container, then select the checkbox corresponding to AD DS and AD LDS Tools.
- Click the Next button, followed by Install, to complete the process.
Since 2018, the Remote Server Administration Tools (which include the Active Directory Users and Computers console) have been included as an on-demand feature for Windows 10 and 11 (the tools are downloadable for those running older Windows versions). To install Remote Server Administration Tools, simply open the Manage Optional Features page in Settings, then click ‘Add a Feature.’ When you see the list of features, choose the RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.
How To Create a New User in Active Directory Users and Computers
Creating a new user in the Active Directory Users and Computers console is a simple process.
Right-click on the console’s Users container and then select the New | User commands from the shortcut menu. The console will display the New Object - User dialog box, which will prompt you to enter the user’s first and last name, as well as the logon name you want to assign to the user.
When you have entered this information, click Next. Another screen will prompt you to supply a password for the user. This screen also contains options that will let you require that the user change their password at their next logon; prevent the user from changing their password; prevent the password from expiring; and disable the account.
Click Next, followed by Finish, to complete the account creation process.
How To Modify an Existing User
To modify an Active Directory user account, right-click on the account and select the Properties command from the shortcut menu.
The resulting properties sheet contains the attributes associated with the user account. An administrator with the proper permissions can modify these attributes as needed.
How To Delete a User
To delete a user account, right-click on the account and select the Delete command from the shortcut menu. When prompted, click Yes to complete the process.
How To Restore a Deleted User
When you delete a user account via Active Directory Users and Computers, that account is moved into the Active Directory Recycle Bin, where it can be recovered for a time.
This functionality, however, only exists if you have enabled the recycle bin before deleting an account.
To enable the Active Directory Recycle Bin, open the Active Directory Administrative Center tool (which can be found on Server Manager’s Tools menu). Click on your domain, then click Enable Recycle Bin.
If you need to recover a deleted account, click on your domain and then on the Deleted Objects container. Now just select the account that you want to recover and click Restore.
The Active Directory Users and Computers console is the primary tool for managing Active Directory user accounts. Although it’s included with Windows Server, it's also a part of the Remote Server Administration Tools built into Windows 10 and 11.
In addition to managing Active Directory users, you can use Active Directory Users and Computers console to manage other object types, including computers, groups, and share folders.