Don't miss out on new posts! Sign up for the Newsletter here:
Windows Server 2016

Windows Server 2016 Active Directory Administrative Center

A lesser known feature in Windows Server beginning with Windows Server 2008 R2 is the Active Directory Administrative Center that allows administrators what basically looks like Server Manager to administer Active Directory environments. The Active Directory Administrative Center or ADAC is built on Windows PowerShell and provides an enhanced Active Directory data management experience. It is more task-oriented in the navigation scheme.  Windows Server 2016 Active Directory Administrative Center continues with the same features and functionality in managing AD including but not limited to the following.

  • Create new/manage user accounts
  • Create new/manage groups
  • Create new/manage computer accounts
  • Create new/manage OU’s
  • Configure and manage DAC
  • Configure manage Authentication Policies

Let’s take a look at a few screenshots of the ADAC in Windows Server 2016.

Windows Server 2016 Active Directory Administrative Center

To launch Active Directory Administrative Center, you can type the command dsac.exe.  The ADAC will launch.

dsac16_01

After launching, as mentioned, it has the same look and feel of Server Manager.  Take a look on the left the menus that we have highlighted here.  Again, it is very task driven in the layout.  In the middle we have a welcome center type layout that have links to read more information about the various aspects of the ADAC.  Also, very common functions are already included in this dashboard – Reset Password, and Global Search.

dsac16_02

When you click on your Domain over in the left menu, you get a layout of your OUs.  Notice the little arrow down menu you can click towards the upper right.  We have it highlighted here.

dsac16_03

This brings down an Add criteria menu.  This is extremely powerful as it has prebuilt queries that are extremely useful.  Such queries as:

  • Users with an expired password
  • Users with enabled but locked accounts
  • Users with a password expiring in a given number of days – you can type the number of days in the query window once selected

All of the above are super powerful queries as well as the ability to build custom queries and save them.  This is a really cool feature of ADAC.

dsac16_03b

The next menu is all about Dynamic Access Control.  From the documentation I have found from Microsoft on DAC in 2016, there haven’t been any changes since 2012.

dsac16_04

The authentication menu contains options for setting up authentication policies such as with ADFS, etc.

dsac16_05

The global search menu has the ability to perform regular searches as well as LDAP searches which can be extremely powerful.

dsac16_06

Thoughts

The Windows Server 2016 Active Directory Administrative Center proves to be a powerful tool as the previous versions have been.  It is however, a lesser and underutilized feature in the administration of Active Directory.  Many may not even know about it.  This can be a really powerful tool in the arsenal of an administrator.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.