As name implies, active directory users and computers is used to manage users, groups, computers, domains, organizational units in Active Directory. Using this Microsoft Management Console (MMC), you can create new users, reset their passwords, add them to certain groups, grant certain rights, move them, enable or disable them and so on. You can access AD users and computers mmc from tools or by typing “dsa.msc” in run.
If you expand domain name (college.local) in left pane, you can see different containers like builtin, computers, Domain Controllers etc.Builtin contains the automatically created security groups like Administrators, Backup Operators and
Builtin contains the automatically created security groups like Administrators, Backup Operators and many more that Microsoft creates for our easiness. Brief description of each group is given on the right hand.Computers container is the default containers of all workstations or computer objects in active directory.
Computers container is the default containers of all workstations or computer objects in active directory.Domain Controller contains all domain controllers in active directory domain.
Domain Controller contains all domain controllers in active directory domain.
Forest Security Principals contains the objects that belong to trusted external domains.
Users is default containers for all objects in active directory. Objects can be computers, groups, users, etc.
Create a new OU:
Organisational unit is a container in active directory to which group policies can be applied. To create OU, right click on the domain, then new and select organisational unit. Give a unique name in screen and enter OK.
Create a user and add a user to group:
To create a user, right click on OU and then new|user. Follow the prompts to add new user. If you want to add user to a group, then right click the user and select add to a group. In a prompt ‘select groups’, type in the first few words, then click check names. Then select the group you want to the user to be member of. If you are not sure about group name, then click Advanced. Click Find Now to see all the groups.
Note: Ordinary user cannot login into domain controller. The user should be member of ‘domain admins’.
There are many other things you can do in AD users and computers like Move a user, create a group, delete a group, reset password, set logon times and so on.