The Active Directory Users and Computers (ADUC) MMC is Microsoft's primary graphical administration tool for user, group, and computer objects in Active Directory. ADUC focuses on providing task-oriented property pages and menus for performing common administrative tasks, such as creating and deleting users and groups, managing passwords and other account features, and maintaining group memberships.
While for programming work, we prefer lower-level tools such as LDP, ADSI Edit, and ADFind (discussed shortly), there is a lot to be said for using ADUC to get common administrative tasks done. We also like using ADUC for reverse-engineering work. It is often helpful to check the state of an object with LDP, perform a common administrative task in ADUC, and then check the object again with LDP to see what data changed. This type of approach is even more successful when applied to security descriptor modification, as it is often difficult to figure out how to achieve specific security behaviors simply by studying the SDK reference. With ADUC, we can use the friendly graphical UI to get the behavior we want and then reverse engineer the resulting security descriptor data with a lower-level tool to learn how to accomplish the same thing in code.
The ADUC tree view metaphor tends to break down when dealing with containers that contain many objects, but this is a limitation of nearly all browsing utilities. When a large number of objects are involved, search becomes the only practical way to deal with them individually.
ADUC does not work well at all on machines that are not joined to the domain. If we are using nondomain machines, we suggest using one of the tools we mentioned previously, or BeaverTail or Softerra's LDAP Browser, which we will discuss shortly.
Microsoft Exchange Server provides tight integration with ADUC via the Exchange System Management tools. When installed, these tools provide additional functions and property pages for common Exchange management tasks, such as mail- and mailbox-enabling groups and users. It also includes an extensibility mechanism that allows developers to add their own property pages and such, but this currently requires programming in unmanaged C++.
Microsoft also ships a variety of other task-oriented MMC snap-ins for Active Directory management, including Sites and Services, Domains and Trusts, and Schema. Depending on the task at hand, these other tools may also be of use.
Part I: Fundamentals
Introduction to LDAP and Active Directory
Introduction to .NET Directory Services Programming
Binding and CRUD Operations with DirectoryEntry
Searching with the DirectorySearcher
Advanced LDAP Searches
Reading and Writing LDAP Attributes
Active Directory and ADAM Schema
Security in Directory Services Programming
Introduction to the ActiveDirectory Namespace
Part II: Practical Applications
Part III: Appendixes
Appendix A. Three Approaches to COM Interop with ADSI
Appendix B. LDAP Tools for Programmers
Appendix C. Troubleshooting and Help