Active Directory Administrative Center

The Active Directory Users and Computers MMC is the most commonly used tool to manage Active Directory environments. This tool is built in to the system from the early version of Active Directory and has continued to the latest. With AD DS 2008 R2, Microsoft introduced the Active Directory Administrative Center (ADAC), which is a built-in PowerShell command-line interface technology. It provides an enhanced GUI, which can be used to manage Active Directory objects in an efficient way. With AD DS 2012, the Microsoft introduced the PowerShell history viewer, which helps administrators learn about PowerShell commands associated with Active Directory objects. I do not even now see a majority of engineers use this interface compared to the Active Directory Users and Computers MMC. This tool comes with the AD DS role. Once you complete the role installation, it will be available for operations without any additional configuration.

To access the ADAC console, you can type dsac.exe in a PowerShell command line or the Run box:

The preceding figure shows the default interface for ADAC and its components, which can be used to manage Active Directory objects. The following are the components:

  • Breadcrumb bar: This can be used to navigate to different containers directly. In order to navigate to a specific container, you need to use its distinguished name. It can also be used the other way around, to find out the distinguished name of a container.

Using the Manage option allows us to add navigation nodes to the navigation pane. Basically, it's similar to adding a shortcut to specific containers.

  • Management list: In this section will be listed the containers, objects contained in the containers, object search results, and so on. Data display in this section will change based on the options selected in the navigation pane.
  • Preview pane: This section shows the summary of the object you selected in the management list. The summary contains certain attribute values, such as description, DNS name, and username as well as the time the object was modified:
  • Navigation pane: This is similar to the navigation pane in the Active Directory Users and Computers MMC. Using it, you can navigate to different containers in your domain. This can also be used to upgrade the domain and forest functional levels and enable the Active Directory Recycle Bin. Using the navigation pane, we can add objects such as users, groups, organizational units, or computers to the directory:

The navigation pane also lists the Global Search option, which can be used to locate Active Directory objects in the directory. Once the search returns an object, it also provides options to perform administrative tasks:

  • Tasks pane: The tasks pane will list down the administrative tasks associated with the objects you select, such as moving objects, password resets, properties, and deletion. The list of administrative tasks will change based on the object type.
  • PowerShell history pane: ADAC is built based on PowerShell command-line interface technology, so each and every task performed in ADAC is executed as a PowerShell command. In this pane will be listed all executed PowerShell commands. Engineers can copy these commands and reuse or develop them further to manage Active Directory objects via PowerShell directly. It also allows us to search for commands, if required.
When you open ADAC for the first time, you will not see the PowerShell history pane in expanded mode as shown in the following screenshot. You need to click on the WINDOWS POWERSHELL HISTORY bar to expand it.

ADAC also allows us to manage objects from other domains. It can also be opened using Server Manager | Tools | Active Directory Administrative Center. If domains have one-way or two-way trust between them, it will allow us to add them to the same ADAC console. In order to do that, you need to go to the breadcrumb bar and click on Manage | Add Navigation Nodes and then click on Connect to other domains... in the window:

Another advantage of ADAC is the advanced object property window. If you've used the Active Directory Users and Computers MMC before, you may already know that in order to view object properties, we need to go through lots of different tabs. But with ADAC advanced object properties window, we can view a lot of data in one window. If required, you can easily navigate to different sections.

Using the same window, you can run administrative tasks related to objects. Not only that, it also allows us to modify the list of sections in the properties page as we want:

ADAC capabilities can be listed as follows:

  • Creating users, groups, computer accounts, and organization units
  • Managing users, groups, computer accounts, and organization units
  • Removing users, groups, computer accounts, and organization units
  • Managing Active Directory objects from other trusted domains
  • Filtering Active Directory objects using queries

 

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.172.146