The MMC (Microsoft Management Console) snap-in Active Directory Users and Computers is one of the most important Active Directory domain management tools (ADUC). The ADUC snap-in is used to manage users, groups, machines, and Organizational Units in the Active Directory domain and execute common domain administration activities. When a Windows Server host is promoted to the domain controller during the Active Directory Domain Services (AD DS) role installation, the Active Directory Users and Computers (dsa.msc) console is installed by default.
Before you can utilise the ADUC snap-in in Windows 10, you must first install the Remote Server Administration Tools (RSAT). The RSAT comprises command-line tools, PowerShell modules, and graphical snap-ins for remotely managing Windows Servers, Active Directory, and other Windows Server roles and capabilities.
How to Install Active Directory Users and Computers (dsa.msc) on Windows 10?
RSAT is not installed by default in Windows 10. (and other Windows desktop operating systems). IT administrators can utilise Remote Server Administration Tools (RSAT) to manage roles and components on Windows Server 2019, 2016, 2012 R2, 2012, and 2008 R2 from user workstations running Windows 10, 8.1, 8, and 7. The RSAT is similar to the Windows Server 2003 Administration Tools Pack (adminpak.msi), which was used for remote server management on clients running Windows 2003 or Windows XP. RSAT cannot be installed on PCs running Windows Home editions; instead, Professional or Enterprise editions are required.
The ADUC console installation varies depending on the Windows 10 release.
Installing ADUC in Windows 10 1809 and Newer
In Windows 10 1809 and newer builds, the RSAT pack is added to the Features on Demand (FoD). In order to install ADUC, you can add an optional feature from FoD.
- Press the Start menu > Settings > Apps;
- Select Manage Optional Features > Add features;
- In the list of optional features already installed on your Windows 10 desktop, select RSAT: Active Directory Domain Services and Lightweight Directory Tools, and press Install.
After the RSAT installation completes, you need to restart your computer.
Install ADUC Using Command Prompt
Also, you can install the Active Directory console using the DISM tool. To verify that the RSAT ActiveDirectory component is installed, open a command prompt as an administrator, and run the command:
DISM.exe /Online /Get-CapabilityInfo /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0Capability Identity : Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
Name : Rsat.ActiveDirectory.DS-LDS.Tools
State : Not Present
Display Name : RSAT: Active Directory Domain Services and Lightweight Directory Services Tools
Description : Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) Tools include snap-ins and command-line tools for remotely managing AD DS and AD LDS on Windows Server.
Download Size : 5.23 MB
Install Size : 17.35 MB
The screenshot above shows the RSAT Active Directory feature is not installed. To install, you need to run the command:
DISM /Online /Add-Capability /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
Now check the status of AD RSAT. It should be changed to State: Installed.
Hint. You can also use PowerShell commands to install the Active Directory console.
Get RSAT Active Directory component status:
Get-WindowsCapability -Online | Where-Object {$_.Name -like "RSAT.ActiveDirectory*"}Install it:
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
RSAT components are downloaded over the Internet from Windows Update servers. If you want to install RSAT in a disconnected environment (without Internet access), you need to download the Feature on Demand (FoD) ISO image for your Windows 10 release.
To install ADUC offline, you need to mount the FoD iso image to a virtual drive (for example, to drive F:\) and run the installation from local media:
Dism.exe /online /add-capability /source:F: /Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0How to Enable Active Directory Tools in Windows 10?
Control Panel can be accessed by right-clicking on the Start button and selecting it.
Choose from a variety of programmes and features.
Select Turn Windows features on or off from the left pane.
Node Expansion AD DS and AD LDS Tools > Remote Server Administration Tools > Role Administration Tools;
Select AD DS Tools and click OK.
However, you can install the AD feature from the command prompt with administrator privileges using the following commands:
dism /online /enable-feature /featurename:RSATClient-Roles-AD
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS
dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns
How to Run dsa.msc (Active Directory Users and Computers) on Windows 10?
Go to the Control Panel and pick the Administrative Tools section after the AD Management snap-ins have been installed. As you can see, a new link to Active Directory Users and Computers emerged in the console percent SystemRoot percent system32dsa.msc.
You can now use the ADUC snap-in to connect to any AD domain controller that is available. If your computer is part of an Active Directory domain, the closest domain controller in your AD site will be chosen for you depending on your Logon server. You can also launch the ADUC console by pressing Win+R, typing dsa.msc, and then clicking OK.
DSA.msc: Connecting to DC From Non-domain Computer
If you want to connect to AD from a non-domain computer using the dsa.msc snap-in, you must:
Open a command prompt and type the following command:
runas /netonly /user:Domain_Name\Domain_USER mmcSelect File > Add/Remove Snap-In from the empty MMC Console.
Press OK after adding the Active Directory Users and Computers Snap-In to the right pane.
Connect to the domain with right-click on ADUC > Connect to the domain and enter the domain name.
As a result, in the ADUC snap-in appears the structure of your OU Active Directory domain.
A standard set of AD Organizational Units and containers will appear:
- Saved Queries – saved search criteria that allow you to instantly replay a prior Active Directory search (LDAP filters are supported).
- User accounts that are built-in;
- Computers – the default account container for computers;
- Domain Controllers — domain controllers’ default container;
- ForeignSecurityPrincipals – stores information about trusted external domain objects. These items are typically formed when an object from another domain is added to the current domain’s group;
- Users is the default user account container.
You’ll see a list of objects in the OU when you select it. Security groups, contacts, users, and machines may all be displayed on the ADUC console.
Other containers may be present in the ADUC console, depending on the domain structure. By default, some AD directories are hidden. Select View > Advanced Features from the top menu to see them.
The following additional folders should appear:
- LostAndFound — directory objects, that lost the owner;
- NTDS Quotas — data about the quoting of the directory service;
- Program Data — data stored in the directory service for Microsoft applications;
- System — the built-in system parameters.
You can manually add organisational units to the AD tree.
You can do the following things on the ADUC console:
- User accounts, computers, and security groups can all be created and managed.
- View the characteristics of an AD object;
- User passwords can be changed or reset.
- For AD objects, create organisational units and hierarchical hierarchies. You can provide additional domain users administrative access to these OUs in the future (without granting domain administrator privileges).
- Transfer FSMO duties to another domain controller and raise the domain functional level.
Installing ADUC in Windows 10 Version 1803 and Below
You can download the Remote Server Administration Tools for Windows 10 (version: 1803 1.0, Date Published: 5/2/2018) using the following link.
Tip. As you can see, the RSAT package is available for the latest version of Windows 10 1803. WindowsTH-RSAT_WS_1709 and WindowsTH-RSAT_WS_1803 are used to manage Windows Server 2016 1709 and 1803 respectively. If you use a previous version of Windows Server 2016 or Windows Server 2012 R2/2012/2008 R2, then use the WindowsTH-RSAT_WS2016 package.
Select Language of your Windows 10 version and click on the Download button. Depending on the bitness of your OS, select the desired *.msu file:
For Windows 10 x86 – download WindowsTH-RSAT_WS2016-x86.msu (69.5 MB);
For Windows 10 x64 – download WindowsTH-RSAT_WS2016-x64.msu (92.3 MB);
Install the downloaded file (Update for Windows KB2693643) by double-clicking on it.
You can install RSAT from the Command prompt in the silent mode:
wusa.exe c:\Install\WindowsTH-RSAT_WS2016-x64.msu /quiet /norestartIf when installing RSAT the error message This update does not qualify for your computer appears, most likely you are using Windows 10 Home or Single-Language edition (you need a Pro or Enterprise edition).
Dsa.msc: Missing Tabs in Windows 10
Users sometimes complain that some tabs are missing in the ADUC snap-in on Windows 10.
- First, make sure Advanced Features is turned on in the AD view.
- Make sure you’re running the most recent version of Windows 10;
- Make sure you’ve uninstalled any previous versions of RSAT as well as RSAT editions for other languages before installing RSAT. Only one version of Remote Server Administration can be installed on a PC at a time.
- RSAT for Windows 10 is currently only available in English (United States). Before installing RSAT, make sure you have the English (United States) language pack installed if you have a localised version of Windows 10. Place English (United States) at the top of the preferred languages list;
- Manually moving the tsuserex.dll and tsuserex.dll.mui libraries from Windows Server 2012 R2 to Windows 10 machines (to the C:WindowsSystem32 directory) will help in some circumstances. Don’t forget to use the command to register the library:
regsvr32 c:\Windows\System32\tsuserex.dllHow to Add Custom Commands and Views to the Active Directory Console?
You can add your own tools and commands to the Active Directory Users and Computers console to launch external applications.
Create a new text file named ping.bat with the following text and save it to a local disk:
@echo off
Title ping [%1]
Ping.exe %1 –t -8
pause
Create a custom view for the ADUC console:
- Run the command:mmc.exe
- Select File > Add/remove snap-in;
- In the list of available snap-ins, select Active Directory Users and Computers and press Add;
4. Select a container with computers or servers, right-click on it and select New Taskpad View;
- 5. Press Next;
- 6. Select result pane style – Vertical list, List Size – Medium and press Next > Next;
7. Specify the taskpad view name: Computer Tools;
8. In the New Task Wizard window, specify that you want to create a Shell command;
9. In the Command field, specify “C:\PS\ping.bat”, in the Parameters field > $COL<0> (computername field);
10. Input the Task Name and select icon;
- 11. Press Next > Finish.
Now, if you select the Computer object in the ADUC console, the Ping button appears in the list of available actions. By clicking this button, you will check the computer’s availability via ICMP protocol (ping).
This way you can add various administration tools to the ADUC console.
Make sure to save your custom ADUC view with additional tools to a separate file custom_aduc_with_tools.msc (File > Save as). Use this file instead dsa.msc to run the ADUC console.
