Udostępnij za pośrednictwem

Introducing Active Directory Administrative Center

  • Artykuł

Active Directory Administrative Center provides network administrators with an enhanced Active Directory data management experience and a rich graphical user interface (GUI). Administrators can use Active Directory Administrative Center to perform common Active Directory object management tasks (such as user, computer, group, and organization units management) through both data-driven and task-oriented navigation. Administrators can use the enhanced Active Directory Administrative Center GUI to customize Active Directory Administrative Center to suite their particular directory service administering requirements.

 There are several special considerations:

1. Active Directory Administrative Center can be installed only on computers running the Windows Server 2008 R2 operating system. Active Directory Administrative Center cannot be installed on computers running Windows 2000, Windows Server 2003, or Windows Server 2008.

2. Active Directory Administrative Center cannot be installed on the Windows 7 operating system. However, this functionality will be available in future releases of Windows 7.

3. In this release of Windows Server 2008 R2, you cannot use Active Directory Administrative Center to manage Active Directory Lightweight Directory Services (AD LDS) instances and configuration sets.

One of the collest features of Active Directory Administrative Center is that it gives administrators the ability to manage Active Directory objects across multiple domains within the same instance ofActive Directory Administrative Center . When you open the Active Directory Administrative Center, the domain that you are currently logged on to (the local domain) appears in the Active Directory Administrative Center navigation pane. Depending on the rights of your current set of logon credentials, you can view or manage the Active Directory objects in this local domain. You can also use the same instance of the Active Directory Administrative Center and the same set of logon credentials to view or manage Active Directory objects from any other domain (that belongs or does not belong to the same forest as the local domain) as long as it has an established trust with the local domain (Both one-way trusts and two-way trusts are supported.)

You can also open the Active Directory Administrative Center using a set of logon credentials that is different from your current set of logon credentials. This can be useful if you are logged on to the computer that is running the Active Directory Administrative Center with normal user credentials, but you want to use Active Directory Administrative Center on this computer to manage your local domain as an administrator. This can also be useful if you want to use Active Directory Administrative Center to remotely manage a domain that is different from your local domain with a set of credentials that is different from your current set of logon credentials. However, this domain must have an established trust with the local domain.

For more information on Active Directory Administrative Center features, including details on the Overview page, the customizable navigation pane, the breadcrumb bar, the query building search and filtering mechanisms, etc. see What's New in AD DS: Active Directory Administrative Center (https://go.microsoft.com/fwlink/?LinkID=131022).

This posting is provided "AS IS" with no warranties, and confers no rights.

Comments

  • Anonymous
    January 01, 2003
    I added the code from the blog post to dsac.exe.config with FIPS enabled in local policy and ADAC worked fine.  So, I think that's a good fix.  Am I in a position to ask for Microsoft to correct this.

  • Anonymous
    January 01, 2003
    I wish it had been this simple.  Making the change in the dsac.exe.config file allows the application to launch successfully but ADAC then informs you that it is unable to find any DC running ADWS.  :( What does .Net 4 fix?

  • Anonymous
    January 01, 2003
    Can you follow up with me offline Justin.hall@microsoft.com? That will make this easier for me to get right people involved. After we understand the issue more fully, we will capture all this in the docs for everyone else to be aware.

  • Anonymous
    January 01, 2003
    Hi, Look for this improvment in Windows 8 versions of ADAC, where the Password Expiration Date will appear n the property page, in the More Information pane at the bottom. Thanks, Justin [MSFT]

  • Anonymous
    January 01, 2003
    Thanks for raising the problem, and trying out the workaround. Glad to hear it's working for you. I'm told this is fixed in .Net 4. Justin

  • Anonymous
    January 01, 2003
    Hello Lauri, There is no native way to print the results of  a query in ADAC.  You can create a query, click Convert to LDAP and then copy that filter into a tool that exports the results in a format you like. Example: This examples illustrates a query performed with the parameter "and Name starts with admin and The object type is User. Windows PowerShell: Get-ADObject -LDAPFilter "(&(name=admin*)(&(objectCategory=person)(objectClass=user)(!objectClass=inetOrgPerson)))" -properties * | format-list | out-file c:query.txt You can then print the corresponding text file (query.txt).

  • Anonymous
    January 01, 2003
    Justin, Thank you for responding.  I understand the concept of changing what cipher suites a Windows system will use.  But, will ADAC use anything other than SSLv2?  Is changing the SSL version requirement in ADAC customizable?  And, Is the fix recommended in the second blog post a supported customer change to ADAC?  If I even knew how to do that.  :)  Because the way I read the blog post a developer would have to modify .NET code and tell it to "ignore" the FIPS requirement.

  • Anonymous
    January 01, 2003
    Thanks for the feedback John. It will be shared with ADAC feature team. What specific kinds of reporting capabilities would you want to see? Justin

  • Anonymous
    January 01, 2003
    Have you heard of administrators having problems with ADAC and the group policy setting that enforces the use of FIPS compliant algorithms?

  • Anonymous
    January 01, 2003
    What are new features in Active Directory 2008.

  • Anonymous
    January 01, 2003
    PingBack from http://www.shariqsheikh.com/blog/index.php/200903/active-directory-administrative-center-wont-work-if/

  • Anonymous
    January 01, 2003
    Thank you for your question. We’re not in a position where we can share plans for future releases, but we’ll make sure the product team is aware of the interest in this capability.

  • Anonymous
    January 01, 2003
    Why does ADAC not display the Password Expiration Date property for User objects?

  • Anonymous
    January 01, 2003
    Hi, I had never heard of this, but I found a couple threads that could be related: social.technet.microsoft.com/.../0f64d59d-283b-43a9-9581-c7c51606509e blogs.msdn.com/.../disabling-the-fips-algorithm-check.aspx I will post any addditional info I can gather back here. Thanks for your question, Justin [MSFT]

  • Anonymous
    January 01, 2003
    You cannot install Active Directory Administrative Center (ADAC) on down-level versions of the OS (operating systems before Windows Server 2008 R2); however, you can use it to manage them.  Installing Active Directory Web Service (ADWS) on down-level versions of the OS allows you to manage these versions with Windows Powershell (using the Active Directory module) and ADAC. ADAC is available for install as part of the Windows 7 Remote Server Installation Tools (RSAT).

  • Anonymous
    January 01, 2003
    You mentioned that "Active Directory Administrative Center can be installed only on computers running the Windows Server 2008 R2 operating system. Active Directory Administrative Center cannot be installed on computers running Windows 2000, Windows Server 2003, or Windows Server 2008" What about the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008) http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda

  • Anonymous
    January 01, 2003
    For information about specific features in Active Directory Domain Services (AD DS) in Windows Server 2008, see Active Directory Domain Services Role (http://go.microsoft.com/fwlink/?LinkId=164414). For information about specific features in AD DS in Windows Server 2008 R2, see What's New in Active Directory Domain Services (http://go.microsoft.com/fwlink/?LinkID=139655).

  • Anonymous
    August 11, 2010
    Are there plans to release a version of ADAC that can be used to manage LDS instances?

  • Anonymous
    September 27, 2011
    ADAC has been a helpful tool.  However, after getting the results from a query, I'm unable to locate how to print the results.  Am I missing this some where?

  • Anonymous
    October 27, 2012
    Active Directory Administrative Center represents a long over due enhancement to the archaic Active Directory Users and Computers Snap-in, and while it does have numerous enhancements, we were a bit  disappointed to see a lack of certain basic Active Directory reporting capabilities. All in all, nice work though.