Why the Active Directory Users and Computers tool sucks

As an IT support worker it’s hard to go a day without using Active Directory Users and Computers (ADUC).

And yet even as a key tool to managing an Active Directory environment it has massive usability issues.

“Advanced Features” option

In the ‘view’ menu you’ll find a “Advanced Features” option – which is not enabled by default.

Once enabled a number of important options are available, for example when viewing a user you’ll see additional tabs – Published Certificates, Object, Security, COM+.

Why on earth is this even an option – who actually uses ADUC without this enabled!

Search box clears after switching filter

When you change the search filter from the default ‘Users, Contact, and Groups’ the search box changes, clearing the search term entered – sounds easy to remember right? Wrong ! Most still find themselves searching for a computer, then switching the the “Computer” filter and loosing the search term!

Missing “Additional Account Info” tab

For those that haven’t worked long enough in IT to remember – there used to be a non-standard addon (acctinfo.dll) that gave you an “additional account info” tab – with this you were able to easily check key information like:

  • password last set date/time
  • password expires date/time
  • password replication across domain controllers
  • locked state
  • last logged in date/time
  • last bad password date/time

This stopped working after Server 2008.