Windows Server 2016 Active Directory Administrative Center

A lesser known feature in Windows Server beginning with Windows Server 2008 R2 is the Active Directory Administrative Center that allows administrators what basically looks like Server Manager to administer Active Directory environments. The Active Directory Administrative Center or ADAC is built on Windows PowerShell and provides an enhanced Active Directory data management experience. It is more task-oriented in the navigation scheme.  Windows Server 2016 Active Directory Administrative Center continues with the same features and functionality in managing AD including but not limited to the following.

• Create new/manage user accounts
• Create new/manage groups
• Create new/manage computer accounts
• Create new/manage OU’s
• Configure and manage DAC
• Configure manage Authentication Policies

Let’s take a look at a few screenshots of the ADAC in Windows Server 2016.

Windows Server 2016 Active Directory Administrative Center

To launch Active Directory Administrative Center, you can type the command dsac.exe.  The ADAC will launch.

After launching, as mentioned, it has the same look and feel of Server Manager.  Take a look on the left the menus that we have highlighted here.  Again, it is very task driven in the layout.  In the middle we have a welcome center type layout that have links to read more information about the various aspects of the ADAC.  Also, very common functions are already included in this dashboard – Reset Password, and Global Search.

When you click on your Domain over in the left menu, you get a layout of your OUs.  Notice the little arrow down menu you can click towards the upper right.  We have it highlighted here.

This brings down an Add criteria menu.  This is extremely powerful as it has prebuilt queries that are extremely useful.  Such queries as:

• Users with an expired password
• Users with enabled but locked accounts
• Users with a password expiring in a given number of days – you can type the number of days in the query window once selected

All of the above are super powerful queries as well as the ability to build custom queries and save them.  This is a really cool feature of ADAC.

The next menu is all about Dynamic Access Control.  From the documentation I have found from Microsoft on DAC in 2016, there haven’t been any changes since 2012.

The authentication menu contains options for setting up authentication policies such as with ADFS, etc.

The global search menu has the ability to perform regular searches as well as LDAP searches which can be extremely powerful.

Thoughts

The Windows Server 2016 Active Directory Administrative Center proves to be a powerful tool as the previous versions have been.  It is however, a lesser and underutilized feature in the administration of Active Directory.  Many may not even know about it.  This can be a really powerful tool in the arsenal of an administrator.