active directory ds

Installing Active Directory Users and Computers MMC Snap-in on Windows 10

One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). The ADUC snap-in is used to perform typical domain administration tasks and manage users, groups, computers, and organizational units in the Active Directory domain. By default, the Active Directory Users and Computers (dsa.msc) console is installed on the server when it is promoted to the domain controller during the Active Directory Domain Services (AD DS) role is installed.

To use ADUC snap-in in Windows 10, you need first to install the Remote Server Administration Tools (RSAT). The RSAT includes various command line tools, PowerShell modules, and graphical snap-ins to remote manage Windows Servers, Active Directory, and other Windows roles and features, which are running on Windows servers.

How to Install Active Directory Users and Computers in Windows 10?

By default, RSAT is not installed in Windows 10 (and other Windows desktop operating systems). Remote Server Administration Tools (RSAT) allows IT administrators to remotely manage roles and components on Windows Server 2019, 2016, 2012 R2, 2012, 2008 R2 from user’s workstations running Windows 10, 8.1, 8 and Windows 7. The RSAT resembles Windows Server 2003 Administration Tools Pack (adminpak.msi) that was installed on clients running Windows 2003 or Windows XP and was used for remote server management. RSAT can’t be installed on computers with the Home editions of Windows. To install RSAT, you must have Professional or Enterprise edition of Windows 10.

Depending on the Windows 10 build, the ADUC console is installed differently.

Installing ADUC in Windows 10 Version 1803 and Below

You can download the latest version of Remote Server Administration Tools for Windows 10 (Version: 1803 1.0, Date Published: 5/2/2018) using the following link.

active directory users and computers snap-in

Tip. As you can see, the RSAT package is available for the latest version of Windows 10 1803. WindowsTH-RSAT_WS_1709 and WindowsTH-RSAT_WS_1803 are used to manage Windows Server 2016 1709 and 1803 respectively. If you are using a previous version of Windows Server 2016 or Windows Server 2012 R2 / 2012/2008 R2, you need to use the WindowsTH-RSAT_WS2016 package.

Select Language of your Windows 10 version and click on the Download button. Depending on the bitness of your OS, select desired *.msu file:

  • For Windows 10 x86 – download WindowsTH-RSAT_WS2016-x86.msu (69.5 MB);
  • For Windows 10 x64 – download WindowsTH-RSAT_WS2016-x64.msu (92.3 MB);

active directory users and computers

Install the downloaded file (Update for Windows KB2693643) by double-click on it.

active directory users and computers windows 10

Or you can install RSAT from Command prompt in the silent mode:

wusa.exe c:\Install\WindowsTH-RSAT_WS2016-x64.msu /quiet /norestart

If the error message “This update does not qualify for your computer” appears when installing RSAT, most likely you are using Windows 10 Home or Single-Language edition (you need a Pro or Enterprise edition)

Installing ADUC in Windows 10 1809 and Above

In Windows 10 1809 and newer builds, the RSAT pack is added to the Features on Demand (FoD) capabilities and is installed differently.

  1. Press the Start menu > Settings > Apps;
  2. Select Manage Optional Features > Add features;
  3. In the list of optional features already installed on your Windows 10 desktop select RSAT: Active Directory Domain Services and Lightweight Directory Tools and press Install.

active directory snap in

After RSAT installation is completed, you need to restart your computer.

How to Enable AD DS Tools in Windows 10?

It remains to activate the necessary RSAT function. To do this:

  1. Right click on Start button and select Control Panel;
  2. Select Programs and Features;
  3. In the left pane press on Turn Windows features on or off;
  4. Expand node Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools;
  5. Check item AD DS Tools and press OK.

dsa.msc windows 10

However, you can install AD feature from the command prompt with the administrator privileges just with these three commands:

dism /online /enable-feature /featurename:RSATClient-Roles-AD

dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS

dism /online /enable-feature /featurename:RSATClient-Roles-AD-DS-SnapIns

active directory mmc

How to Run dsa.msc (Active Directory Users and Computers) Snap-in?

After AD Management snap-ins installed, go to the Control Panel and select section Administrative Tools. As you can see, a new link to the console %SystemRoot%\system32\dsa.msc (Active Directory Users and Computers) appeared.


Now you can run the ADUC snap-in and connect to any available AD domain controller. If your computer is joined to the Active Directory domain, then the nearest domain controller in your AD site will be selected automatically, based on your Logon server.

Also to start the ADUC console you can press the Win+R combination, type dsa.msc and then click on OK.

windows active directory tools

DSA.msc: Connecting to DC From Non-domain Computer

If you want to connect to AD using dsa.msc snapin from a non-domain computer, you must:

  1. Open Command prompt and run command:
    runas /netonly /user:Domain_Name\Domain_USER mmc
  2. In the empty MMC Console select File > Add/Remove Snap-In.
  3. Add Active Directory Users and Computers Snap-In to the right pane and press OK.
    mmc active directory
  4. Connect to the domain by right click on ADUC > Connect to domain and enter the domain name.
    mmc active directory snap in

 As a result, in the ADUC snap-in appears the structure of your OU Active Directory domain.

mmc active directory snap in windows 10

You will see a standard set of AD folders and containers:

  • Saved Queries — Saved search criteria, allowing you to quickly replay the previous search in Active Directory;
  • Builtin — built-in user accounts;
  • Computers — the default container for computer accounts;
  • Domain Controllers — the default container for domain controllers;
  • ForeignSecurityPrincipals — contains information about objects from trusted external domains. Typically, these objects are created when an object from an external domain is added to the group of the current domain;
  • Users — the default container for user accounts.

Choosing the OU you will see a list of objects that are in it. The ADUC console may display security groups, contacts, users, and computers.

Depending on the domain structure, the ADUC console may contain other containers. Some AD folders are not displayed by default. To display them, select View > Advanced Features in the top menu.


The following additional folders should appear:

  • LostAndFound — directory objects that lost the owner;
  • NTDS Quotas — data about the quoting of the directory service;
  • Program Data — data stored in the directory service for Microsoft applications;
  • System the built-in system parameters.

You can add organizational units to the AD tree yourself.

In the ADUC console, you can perform the following actions:

  1. Create and manage user accounts, computers, and security groups;
  2. View AD object attributes.
  3. Change and reset user passwords ;
  4. Create organizational units and build a hierarchical system for AD objects. In the future, you can delegate administrative permission on this OUs to other domain users (without granting domain administrator privileges).

Dsa.msc: Missing Tabs in Windows 10

Users sometimes complain that some tabs are missing in the ADUC snap-in on Windows 10.

active directory snap in windows 10

  • At first, check if Advanced Features is selected in the AD view;
  • Check if you are using the latest version of Windows 10;
  • Before installing RSAT, make sure you have removed the old versions of RSAT and the RSAT editions for other languages. At the same time, only one version of Remote Server Administration can be installed on the computer;
  • Currently, RSAT for Windows 10 is only available in English (United States) language. If you have a localized version of Windows 10 installed, make sure you have installed the English (United States) language pack before installing RSAT. Move English (United States) to the top of the list of preferred languages;
  • In some cases, manual copying of the tsuserex.dll and tsuserex.dll.mui libraries from Windows Server 2012 R2 to the Windows 10 computers to the C:\Windows\System32 directory helps. Do not forget to register the library with the command:
    regsvr32 c:\Windows\System32\tsuserex.dll

How to Add Custom Commands and Views to the ADUC console?

You can add your own tools and commands to the Active Directory Users and Computers console to launch external applications.

Create a new text file named ping.bat with the following text and save it to local disk:

@echo off

Title ping [%1]

Ping.exe %1 –t -8


windows 10 active directory snap in

Create the custom view for the ADUC console

  1. Run the command mmc.exe;
  2. Select File > Add/remove snap-in;
  3. In the list of available snap-ins, select Active Directory Users and Computers and press Add;
    active directory users and computers mmc
  4. Select a container with computers or servers, right-click on it and select New Taskpad View;
    mmc active directory users and computers
  5. Press Next;
  6. Select result pane style – Vertical list, List Size – Medium and press Next > Next;
    active directory windows 10
  7. Specify the taskpad view name: Computer Tools;
    ad snapin
  8. In the New Task Wizard window, specify that you want to create a Shell command;
    active directory console
  9. In the Command field, specify “C:\PS\ping.bat”, n the Parameters field -> $COL<0> (computername field);
    active directory snapin
  10. Input the Task Name and select icon ;
    active directory mmc snap in
  11. Press Next > Finish.

Now, if you select the Computer object in the ADUC console, the Ping button appears in the list of available actions. By clicking this button, you will check the computer’s availability via ICMP protocol (ping).

add active directory snapin

This way you can add various administration tools to the ADUC console.

dsa.msc install

Don’t forget to save your custom ADUC view with an additionals tool to a separate file custom_aduc_with_tools.msc (File > Save as ). Use this file instead dsa.msc to run the ADUC console.

You may also like:

Configuring GPO Proxy Settings for Internet Explor... The article shows how to configure GPO proxy settings for Internet Explorer 11 browser using Active Directory Group Policies. In earlier versions of I...
AD Account Keeps Locking Out Sometimes there are situations when AD account keeps locking out, this happen when you try to log on to a domain computer and getting an error on the ...
How to transfer FSMO Roles From a Failed Domain Co... In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic ha...
Store BitLocker Recovery Keys using Active Directo... In corporate segment one of the advantages of BitLocker Drive Encryption technology is the ability to store the Bitlocker recovery keys for encrypted ...
Fix: Active Directory Domain Controller Could Not ... In this article, we’ll take a look at why it’s not possible to join a new computer to the Active Directory domain with an error Active Directory Domai...
  1. Posted by Marco Antonio Barato
  2. Posted by 777-200ER

Add Your Comment