It is fast becoming common knowledge that Microsoft will not be making one size fits all tools anymore. Instead, they will provide the basic tools and PowerShell support to automate/extend specific tasks. For proof of this, look no further than Office 365 or any other hosted Microsoft Service. But this change is good! IT Administrators can extend their tools to their environment. While Active Directory Users and Computers (ADUC) is an older tool, you should still modify it to fit your organization. Today, we will cover 3 changes you should make.
Create a Custom MMC
Breaking slightly from the 3 recommended GP/GPMC changes, your first step should be to create a custom MMC and add ADUC as a Snap-in. There are two huge benefits to a custom MMC. First, you can add in multiple snap-ins. Several administrators swear by a MMC with ADUC and GPMC in the same window. I personally prefer them separated but a custom MMC provides that flexibility. The second benefit is the ability to add custom scripts, shortcuts, and actions. These extras are created as a TaskPad.
To give you an idea of the power a TaskPad, here is a screenshot of my custom ADUC MMC:
My Active Directory can: create computers on a massive scale, bring up warranty information, run GP Results, compare group membership, find out what computer a user is logged in on, and so much more! Any repetitive AD task is scripted and then added to this TaskPad. Stop reading (but don’t close your browser) and create your custom MMC. Link it to your start menu/screen. Delete the ADUC shortcut from Administrative Tools. You can even use the ADUC icon by pointing your shortcut’s icon to this file: %SystemRoot%\system32\dsadmin.dll.
Enable Advanced Features
Let’s compare two screenshots:
When Advanced Features are enabled, ADUC can do so much more! Just in the screenshot above, you can see how many more tabs you have. I use two tabs (Object and Attribute Editor) all of the time. These two are only seen in Advanced Mode. Further, your AD structure is hidden in basic mode. One of your most important containers, System, can only be seen when Advanced Features are turned on.
Turning on Advanced Features is easy! Just go to View and check the Advanced Features box. Which brings us to our 3rd tweak.
Filtering
By default, ADUC only shows you the first 2000 objects in an OU. This is done to speed up the console but can leave you confused. Imagine searching for a user that ADUC filtered out! Even if you do not have 2000 objects in OU, you might one day. Save yourself the trouble and increase the default filter size.
To do this, head back to View and select Filter Options. Increase the Maximum number of items from 2000 to something ridiculously large like 20,000 or 200,000.
With filter options, you can also change the objects that AD shows you. If you have a helpdesk that only needs to see computer objects, you can set their filtering to only show computers. If you have an HR employee that only needs to see users, you can hide groups/computer/etc.
Those are my three recommended mods to ADUC. What do you think? Do you have any mods that make your life easier?
Joseph,
Isnt there a way to search ADUC using the MMC for computers by what group they are a part of?
I don’t fully understand your question. Are you wanting to see what groups a computer is a member of or something else?
Joseph…..
I have RSAT installed, i am have advanced options enabled, i can create shortcut to the mmc, but I got lost when you started referring to Taskpad and your custom ADUC MMC, how and where are you adding all of those custom scripts, shortcuts, and actions?
thanks
Moe
Check out this guide: https://www.simple-talk.com/sysadmin/powershell/getting-better-mileage-by-extending-active-directory-users-and-computers/