What is Active Directory Users & Computers

Paul Hill
A free video tutorial from Paul Hill
Expert IT Instructor: 129k Students, 16k Reviews, 17 Courses
4.5 instructor rating • 17 courses • 201,087 students

Lecture description

In this lecture you are going to learn what Active Directory is as well as how to use the Active Directory Users & Computers console.

Learn more from the full course

Active Directory & Group Policy Lab

Learn REAL job skills and stack your resume with the experience you will gain in this course!

06:49:59 of on-demand video • Updated May 2020

  • Learn how to use Active Directory Users and Computers
  • Understand what Group Policy is, how it works, and how to use it in your domain
  • Finally understand GPO (Group Policy Object) precedence!
  • Write Powershell scripts to automate redundant tasks and save yourself from endless hours of repetitive work!
  • Learn how to create test OUs (organizational units) to safely test your new GPOs
  • Manage domain workstations and servers with Group Policy and Active Directory
  • Configure domain user desktop backgrounds and MUCH more!
  • Deploy Software to specific users or computers with Group Policy
  • Use Group Policy Management to secure your domain
  • Learn how to troubleshoot your Group Policy issues!
  • Apply GPOs to target OUs, users and/or computers
  • Create & Secure Network Share Drives and publish them to Active Directory Users and Computers
English [Auto] Hello this is Paul Hill. And in this lecture I'm going to be talking to you about Active Directory Users and Computers. You're going to learn what it is as well as how to open and use the consul Active Directory Users and Computers also known as actual directory or a D for short is a tool that is installed by default when a server has the Active Directory domain service is roll installed. In other words when you're working with a domain controller you can expect to see Active Directory installed on the server. Now you can also install Active Directory by installing the remote server administration tools that are set but you will have to connect the domain controller in order for that to work properly. Now just as a name implies Active Directory is a live directory or database that stores user accounts in their passwords computers printers BIOS shares security groups and their respective permissions. A group could be made up of users computers printers or file shares. Now the reason why we use groups with an Active Directory is frequently for security purposes. Now you can use A.D and group policy together to assign specific permissions or objects with an Active Directory. The purpose of Active Directory is to handle security authentication across the domain. It's very very important if you want to work in the field. You have to understand it. Now one of the ways that does this is by only allowing authorized users to log onto the network Active Directory also provides centralised security management of your network resources by throwing things like the usernames and passwords in one location instead of the minister need to store this information on each individual computer. Now the most common task that you need to know how to do with an Active Directory and everybody does is everyone who's worked with Active Directory knows how to do this is reset user passwords and create or delete user accounts. For example every time a new employee is hired at your company they will need logging credentials and you need to create their account and help them log in for the first time. And quite often as we all know people are going to forget their passwords and they're going to ask you to reset them. Now if you do not have active directory you would need to create a local user account on each computer in your company. Also every time you have to reset a password for that user you would need to do it on each computer that they had an account on. So here we're creating John and his passwords. And then if we have to reset the bastards we have to go back to each computer and reset the password on all of them. You see they're changing the red representing the new password for that user account. Now this example not only applies to user accounts but other objects that can be stored with an Active Directory like computers printers all shares and security groups. So in this example we have the user name John and his passwords stored on our domain controller which has active directory and all those computers go to Active Directory and query the server for his password. So if you need to change it you just change it in one spot on the domain controller and we are good to go. OK. So no more resetting his password 10 times over five times. Imagine if you had you know 5000 computers on your network and you had to reset a password for John. Well you'd have to reset it 5000 times and that's crazy. A big waste of money. So we don't want to do that. All right so now that you understand what Active Directory is let's learn about the interface. Now I logged into my domain controller here called IP DC 0 1 IP standing for instructor Paul and DC standing for Domain Controller in 01 standing for the first domain controller in my domain. Now my domain is called instructor Paul dot com because that's my web site. And I just thought it would fit. So you need to be logged into your domain if you'd like to follow along or you can just watch and see what I do. All right so we start Active Directory or Adey for short is to click in server manager we can select Tools and we can choose Active Directory Users and Computers from this list here. Now if you don't have open server manager that's easy. Click the Start button and it'll appear on the top left corner. Server Manager. OK. So now the Active Directory Users and Computers console will appear. Now this one looks like there's other ones that you may have seen before if you're familiar with DNS or DCP on the left we have our navigation pane in on the right we have the contents of our current location on the menu we have file action view and help now within the file menu you can either choose the options or you can exit active directory within options you can delete any changes that you've made to the view of Active Directory Users and Computers. And of course it acts just like you'd expect it to the action menu is the exact same menu that you'll get when you right click on an object within either the navigation or the contents page the view column allows you to quickly add or remove columns so you can show or hide additional information as necessary. Most importantly you can enable advanced features and this viewing node shows a lot of hidden and useful content that you would otherwise not be able to find the filter options allows you to show or hide certain object types within the contents pane. Now this can be useful when you have several different object types like we can see here like multiple users multiple groups of contacts and so you're just looking for a particular computer. We can say show only the falling type and we can check computer and all the other type will be had. OK so we're not going to do that when we click Cancel the Customize option allows you to further customize your view within the Active Directory Users and Computers console by showing or hiding different components. For most administrators the default configuration will work just fine. All right so to click OK and other help this menu allows you to quickly access the help topics and the text on a Web site. You can also view the version of Microsoft management console or in MC and Active Directory Users and Computers. Most of the time you're not going to be using this help little tab here. If you're running into an issue just go ahead and do yourself a favor and google the issue. You'll probably get results a lot faster now below that you'll see several action buttons. First you have navigational arrows and this will allow you to actually navigate forwards and backwards through the active directory structure. Actually has several buttons that will change depending on what type of object you've selected. Now General rule of thumb if you hover over the buttons you'll get a tip telling you what each button does and what it is used for. Not the left side of the console we can see our navigation pain at the top you're going to see saved queries in the name of your domain which in my case is instructor pilot comm. Yours will likely be different. Now save queries is commonly ignored by many administrators. It allows you to quickly locate things like expired or locked out user accounts or user accounts who have not logged in within the last 30 days and more as the name implies you can create these searches and save them for later use. This can make redundant tasks much easier. Now instructor pilot commer first to the domain the Active Directory Services. You can right click on the domain and complete several actions. First we can delegate control of the domain. By default there is a set of users in a set of groups that have control over this domain and you can extend that by delegating control of the domain. You can also delegate control of particular use. But we may get into that more later. Now the fine button allows you to locate objects with this domain. You can view this as a search button. Think of it like the Google of Active Directory. You need to find something you can right click and choose find and you will be able to type in the name of what you're looking for. You can see that here. So we could choose what kind of object that we're looking for and we can choose where we want to search and then we just type in the name that we're looking for and click on. You may change your mind by selecting the change domain option and you would do this if you had a subdomain to instructor pilot com like lessons or courses. Instructor pilot and the like OK well we can see here if I click Browse I only have instructor Paul if I had a subdomain or a trusted domain you would see them listed here. We can also change domain controllers. But since I only have one domain controller in my domain again you're only seeing the one IP DCs or one instructor pilot product. This is the only domain controller that I have up and running since the only one we're going to see here the razor main functional level option is used to enable active directory features when you have multiple domain controllers on the network. Now some features are only available when all of your servers are updated to the latest version available. For example if you have a 2012 domain controller and a 2016 domain controller both servicing the same network your domains functional level will be that of the 2012 domain controller meaning that the server cannot use the new features of 2016 but only the features that are included in 2012. If you were to upgrade the 2012 server to 2016 you could then raise your domain's functional level to enable the new features. If I click this option I can see that my domain functional level is Windows Server 2016. Since I do not have any older domain controllers on the network the operation masters option allows you to choose which servers operate master roles like the schema master domain name naming master relative identified or ID master primary domain controller emulator also known as PDC emulator and the infrastructure master. If you have multiple domain controllers on your network you can choose what server has what roles. Now this is something you will need to do when you remove a domain controller from the network. Now active directory domain services is a multi master enabled database which means several domain controllers can make changes to the database allowing multiple domain controllers to write changes to the database can sometimes cause conflicting updates to occur. Now this is where Operation master steps in to resolve this issue by only allowing certain domain and choice to make changes to certain parts of active directory domain services. Now since we don't have any additional domain controllers we can click the change button but there's no other domain controllers on the network to transfer the roles to. So we're going to click OK and we'll lose. Now if we right click we have the new option here and we can do all kinds of things like free computers use groups all that we're going to get into that more so under here we have our tasks. Again it's kind of a repeat of what you see above. You can do the resultant set of policy which allows you to see what kind of group policy objects are being applied to this domain or whatever object you're clicking on. We're going to get into more of that later. Again if we choose properties we can see the domain name and we can see a description and we can see who it is managed by. No this information is very important. It's just information that if you want to provide it to other people within your domain other administrators you can do that right here. OK so now when I close out of this window and that is all we're going to cover in this lecture. So now you have a basic understanding of what active directory is and what it is used for now. Great job getting through this lecture. I'm looking forward to seeing you in the next one.