How to view all users and groups in AD without logging onto the DC?

Solution 1:

You can do this in a limited fashion in Windows 10 (and 7-8) without installing anything extra. Open File Explorer, select Network, and you should see a button in the toolbar labeled "Search Active Directory".

Depending on your permissions, it will let you search users and groups by name, and view the membership of those. It won't show you a tree though; you have to know what you're looking for.

Update 2020-11-18: This option is now disabled for myself & some others; I don't know if it's my company's AD / GPO settings, or whether Microsoft has disabled this in recent builds of Windows 10.

"Search Active Directory"

Solution 2:

You need Windows Remote Administration Tools installed on a client workstation. It will allow you to manage the domain without having to login to the Domain Controllers.

You didn't specify what you're running, so I'll qualify my link saying it's the tools to be installed on Win7 to manage a 2008 server.


Solution 3:

You could install the Server 2003 Admin Pack on your PC and use the AD Users and Computers Snap-In from your workstation. If you are running Vista/ Windows 7 you will need to enable the RSAT feature (Control Panel> Programs and Features> Turn Windows Features on or off) and select the AD DS and AD LDS Tools feature under "Role admin tools", under RSAT.