Windows Server 2016 Active Directory Administrative Center

0

A lesser known feature in Windows Server beginning with Windows Server 2008 R2 is the Active Directory Administrative Center that allows administrators what basically looks like Server Manager to administer Active Directory environments. The Active Directory Administrative Center or ADAC is built on Windows PowerShell and provides an enhanced Active Directory data management experience. It is more task-oriented in the navigation scheme.  Windows Server 2016 Active Directory Administrative Center continues with the same features and functionality in managing AD including but not limited to the following.

  • Create new/manage user accounts
  • Create new/manage groups
  • Create new/manage computer accounts
  • Create new/manage OU’s
  • Configure and manage DAC
  • Configure manage Authentication Policies

Let’s take a look at a few screenshots of the ADAC in Windows Server 2016.

Windows Server 2016 Active Directory Administrative Center

To launch Active Directory Administrative Center, you can type the command dsac.exe.  The ADAC will launch.

dsac16_01 Windows Server 2016 Active Directory Administrative Center

After launching, as mentioned, it has the same look and feel of Server Manager.  Take a look on the left the menus that we have highlighted here.  Again, it is very task driven in the layout.  In the middle we have a welcome center type layout that have links to read more information about the various aspects of the ADAC.  Also, very common functions are already included in this dashboard – Reset Password, and Global Search.

dsac16_02 Windows Server 2016 Active Directory Administrative Center

When you click on your Domain over in the left menu, you get a layout of your OUs.  Notice the little arrow down menu you can click towards the upper right.  We have it highlighted here.

dsac16_03 Windows Server 2016 Active Directory Administrative Center

This brings down an Add criteria menu.  This is extremely powerful as it has prebuilt queries that are extremely useful.  Such queries as:

  • Users with an expired password
  • Users with enabled but locked accounts
  • Users with a password expiring in a given number of days – you can type the number of days in the query window once selected

All of the above are super powerful queries as well as the ability to build custom queries and save them.  This is a really cool feature of ADAC.

dsac16_03b Windows Server 2016 Active Directory Administrative Center

The next menu is all about Dynamic Access Control.  From the documentation I have found from Microsoft on DAC in 2016, there haven’t been any changes since 2012.

dsac16_04 Windows Server 2016 Active Directory Administrative Center

The authentication menu contains options for setting up authentication policies such as with ADFS, etc.

dsac16_05 Windows Server 2016 Active Directory Administrative Center

The global search menu has the ability to perform regular searches as well as LDAP searches which can be extremely powerful.

dsac16_06 Windows Server 2016 Active Directory Administrative Center

Thoughts

The Windows Server 2016 Active Directory Administrative Center proves to be a powerful tool as the previous versions have been.  It is however, a lesser and underutilized feature in the administration of Active Directory.  Many may not even know about it.  This can be a really powerful tool in the arsenal of an administrator.