The ADUC MMC

The ADUC MMC is the most commonly used tool to manage AD objects. This tool is available from AD DS 2000 onward and, over the years, hasn't changed much in terms of its look and feel. This MMC comes with the AD DS role, and it can also be installed using Remote Server Administration Tools (RSAT) on domain-joined computers.

It can be opened using dsa.msc in PowerShell Command Prompt or the Run box from the Start menu:

Let's go through the main sections of the console:  

• Menu bar: This contains menus with different options. Most of the options mentioned in the menus can also be executed using icons beneath the menu bar or actions pane.
• Console tree: The console tree lists the structure of AD components and helps us to navigate through containers and find objects.
• Management pane: This displays the objects inside the selected container in the console tree. It can display different objects' Type, such as User, Group, and Device. The content will change depending on the selected container.
• Actions pane: The Actions pane contains the administrative tasks related to selected AD objects. As an example, if a user object is selected, the actions pane will list administrative tasks, such as moving the object, deleting it, resetting the password, and disabling the account.

We won't be looking at its functions too much here as it's the most commonly used tool by any administrator. But I am going to list some of the main features:

• Advanced features: By default, the MMC will not list all of the containers and object properties related to advanced system administration. In order to access these options, you need to enable them using View | Advanced Features.
• Saved queries: Using the MMC, we can create custom queries to filter AD objects and save these queries to rerun at a later time. This saves time as administrators do not need to spend time navigating through containers to find objects.

To create a query, right-click on Saved Queries and select New Query. In this window, we can build a query using the Define Query... option:

• Access different domains: If a domain has relationships of trust with other domains, the same console can be used to access them and manage the objects:

The capabilities of the ADUC MMC can be summarized as follows:

• Adding, editing, and removing users, groups, computers, and OUs
• Managing objects in different domains (needs two-way or one-way trust)
• Building queries to filter objects
• Searching for objects in directories
• Changing object properties