Using Active Directory Administrative Center in Windows Server 2. R2. Windows Server 2. R2 includes new features that can simplify the way you administer and maintain Active Directory (AD). Besides the AD Recycle Bin—a great feature for AD object recovery—and the AD Best Practices Analyzer—a very valuable tool for AD health checking—one of the most eye- catching new management- related features is certainly the Active Directory Administrative Center (ADAC). Let's look at this new tool and see how ADAC can help simplify your day- to- day AD administration work. ADAC can be installed only on computers running Server 2. R2 and is available with Windows Server 2.

Here's the situation: First, if you want a little history - see the below issue, in which. Besides the AD Recycle Bin—a. Upgrading your infrastructure to the latest Active Directory Domain Services is a best practice to benefit from all the new features the operating system can provide. Authorizing DHCP Servers in Active Directory. If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must.

R2 Standard, Enterprise, and Datacenter Editions, but not the Itanium and Web Server Editions. ADAC is installed by default when you install the Active Directory Domain Services (AD DS) server role.

ADAC is also included in the Remote Server Administration Tools (RSAT) feature. How ADAC Differs From ADUCADAC offers administrators a good alternative to the Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) snap- in for managing AD objects. As with ADUC, administrators can use ADAC to perform common AD user, computer, group, and organizational unit (OU) object management tasks. Like ADUC, the current version of ADAC is used only for managing Active Directory Domain Services (AD DS) instances and not for managing Active Directory Lightweight Directory Service (AD LDS, formerly ADAM) instances. The key difference is that ADAC is a very task- oriented administration tool that can help you manage AD in fewer steps.

Tutorial: 802.1X Authentication via WiFi – Active Directory + Network Policy Server + Cisco WLAN + Group Policy.

The ADAC interface focuses on key AD administration tasks. For example, two very frequently performed tasks, resetting a password and searching AD for an object, are immediately available when you open ADAC, as Figure 1 shows. With ADUC, to reset a password you first had to locate the object, then right- click it and select Reset Password, and only then you could enter the new password data.

In ADAC you can do all this in a single action from the ADAC opening screen. ADUC is, foremost, a data- oriented tool: It shows you how the data in AD is organized. ADAC supports this data- oriented view of AD objects as well.

The classic hierarchical view of AD content is available from ADAC’s tree view, which I will discuss in more detail below. Besides the ADAC interface's focus on key administration tasks, two other important differences you will notice in the interface are that ADAC is much more customizable, and it lets you simultaneously connect to other domains. ADUC supported taskpads but these were never a big success, and it required different instances to be able to manage objects across multiple domains. ADAC lets you simultaneously connect to different domain controllers (DCs) in different domains to manage objects across multiple domains within the same ADAC instance. The other big difference between ADUC and ADAC lies in ADAC’s underlying architecture.

ADAC is not MMC–based but uses an Explorer- like interface instead. Under the hood, ADAC leverages Windows Power. Shell and the new Active Directory Web Services (ADWS).

ADWS is a new Windows service that provides a web service interface to AD. To use ADAC you need at least one Windows DC in your domain that has an operational ADWS service.

ADWS is included in Server 2. R2, and Microsoft also provides an ADWS add- on package for Windows 2. SP2, Windows 2. 00. R2 SP2, Server 2. Server 2. 00. 8 SP2. This package is called the Active Directory Management Gateway Service.

This means that you can also use ADAC to manage AD instances that are running on other Windows server platforms besides Server 2. R2. Windows Server 2. R2 includes a new set of powerful Power. Shell cmdlets for AD administration that are bundled in the Active Directory Module for Windows Power. Shell. This module calls on the Microsoft .

NET Framework 3. 5. ADWS for accessing the AD core engine. Server 2. 00. 8 R2 automatically installs the Power. Adobe Flash Update Memory Errors. Shell engine, the Active Directory Module for Power. Shell, the . NET Framework 3. ADWS when you install AD DS. You also get access to these services when you add the Remote Server Administration Tools (RSAT) feature to a Server 2.

R2 or Windows 7 machine. RSAT is bundled with Server 2. R2. For more information on RSAT for Windows 7 go to Microsoft support. You can download RSAT for Windows 7 at the Microsoft download site. Exploring ADACYou can find ADAC in the Administrative Tools folder of your Server 2. R2 server Start Menu or you can start it from the command line using dsac. When ADAC opens, it shows the Administrative Center Overview page that’s illustrated in Figure 1.

There, you can find three sections: Reset Password, Global Search, and Getting Started. Often these are the three tasks an AD administrator performs most. You can customize the Overview page by adding or removing certain of these sections.

To do so, use the Add Content drop- down button in the top right corner of the Administrative Overview page. On the left side of the Administrative Center Overview page are the ADAC navigation pane and your personal navigation nodes. Navigation nodes are shortcuts to containers in the local AD domain or its trusted AD domains. When you click a navigation node, ADAC takes you right to the corresponding AD container and displays its content in the right pane, which Figure 2 shows. To create your personal navigation nodes, use the “Add Navigation Nodes. Again, you can customize the navigation pane: When you right- click a navigation node you can rename or remove the node, create a duplicate node, or move the node up or down in the navigation pane list.

You can browse the navigation pane and its nodes using a tree view, which is similar to the ADUC console tree or by using the new list view. If you’re used to the ADUC console tree, it’s a bit confusing that the ADAC tree view also shows all your navigation nodes. This means a given AD container can show up multiple times in the ADAC tree view. You can switch between the ADAC list and tree view by using the two tabs at the top of the navigation pane: list view is the left tab, tree view is the right tab. In the ADAC list view you can use the Column Explorer feature that provides a Start Menu–like view on the AD container hierarchy, which Figure 3 shows.

Column Explorer simplifies browsing through the AD hierarchy because it displays all child containers of a given parent container in a single column and adds new columns as you dig deeper in the AD hierarchy. Column Explorer also provides a Find in this column box where you can type the name of the container object you’re looking for.

ADAC automatically filters the current view while you type. As you can see in Figure 3, I searched for the Seattle OU, and ADAC automatically filtered the content of the Washington OU to the Seattle and Spokane OUs while I typed the letter S in the Find in this column box. This can be a very useful feature when dealing with large datasets: You don’t need to scroll through the entire list of OUs anymore to locate a particular OU. Another hidden ADAC change that’s important for dealing with large AD datasets is that ADAC gets rid of the OU display limit of 2,0. OU that ADUC set. The list view also has a Most Recently Used (MRU) feature that shows the last three containers you accessed in a particular navigation node. In the example back in Figure 2, my MRU containers for my EMEA navigation node were Belgium\Brussels, Spain, and Germany.

At the top of the ADAC window is the breadcrumb bar. It lets you navigate directly to a specific container in your local domain or in a trusted AD domain by specifying an LDAP path, a distinguished name (DN), or a hierarchical path to an AD container. Figure 2 shows a hierarchical path to the “Active Directory Domain Services\dc- Americas\USA\Washington\Redmond\Tech” container in the breadcrumb bar.