Active Directory Users And Computers, which is a snap-in for the Microsoft Management Console (MMC), is the primary administration tool for managing users, groups, computers, and organizational units. (For a short overview of Active Directory administration tools included as MMC snap-ins, see Know the Key MMC Snap-Ins for Managing Active Directory.)
You can start Active Directory Users And Computers by selecting it on the Administrative Tools menu. You can also add Active Directory Users And Computers as a snap-in to any console that can be updated. By default, Active Directory Users And Computers works with the domain to which your computer is currently connected. You can access computer and user objects in this domain through the console tree. If you can’t find a domain controller or if the domain you want to work with isn’t shown, you might need to connect to a domain controller in the current domain or a domain controller in a different domain. Other high-level tasks you might want to perform with Active Directory Users And Computers are viewing advanced options or searching for objects. When you access a domain in Active Directory Users And Computers, you’ll see the following standard set of folders:
- Builtin List of built-in user accounts and groups.
- Computers Default container for computer accounts.
- Domain Controllers Default container for domain controllers.
- ForeignSecurityPrincipals Contains information on objects from a trusted external domain. These objects are typically created when an object from an external domain is added to a group in the current domain.
- Managed Service Accounts Default container for managed service accounts.
- Microsoft Exchange Security Groups Default container for groups used by Microsoft Exchange Server. This folder is listed only if Exchange Server is running in the environment.
- Saved Queries Contains saved search criteria so that you can quickly perform previously run Active Directory searches.
- Users Default container for users.
Note, however, that Active Directory Users And Computers also has advanced options that are not displayed by default. To access these options, click View and then select Advanced Features. You will now see the following additional folders:
- LostAndFound Contains objects that have been orphaned. You can delete or recover them.
- NTDS Quotas Contains directory service quota data.
- Program Data Contains stored Active Directory data for Microsoft applications.
- System Contains built-in system settings.
Tip adapted from the Microsoft Press book Windows Server 2008 Administrator’s Pocket Consultant, Second Edition by William R. Stanek.