The Active Directory Administrative Center (ADAC) is a powerful, modern tool for managing Active Directory. Learn how to use it efficiently with our step-by-step guide and tips.
What is Active Directory Administrative Center (ADAC)?
ADAC is a graphical user interface (GUI) that sits on top of PowerShell cmdlets (Command-lets) that run behind the scenes. IT Pros are free to use the command-line shell of PowerShell to perform the same steps. However, many admins do prefer the ‘efficiency’ of a GUI.
How does the Active Directory Administrative Center (ADAC) differ from Active Directory Users and Computers (ADUC)?
There are many similarities between the Active Directory Administrative Center (ADAC) and the legacy Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) tool. Although the layout and design of each tool’s GUI are rather different, you can perform the same tasks in both.
ADAC offers some exclusive features. Here is the main list:
Active Directory Recycle Bin – Enabling this feature allows for the recovery of deleted objects, preserving all group memberships, attributes, and permission tokens (SIDs).
Windows PowerShell History Viewer – displays the PowerShell commands the GUI executes. This helps administrators understand the actual commands running and can assist in their education on various aspects and powers of PowerShell.
Fine-grained Password Policies – ADAC enables the creation and management of specific password policies designed for specific users and groups.
Dynamic Access Control – centralized mechanism to automatically classify files and authorize users based on claims made by a trusted source.
Global search – ADAC offers better management of objects across multiple domains in a forest, including the ability to perform global searches.
How can I Install ADAC?
The Active Directory Administrative Center is included and available in different areas of Windows depending on what version and flavor of the OS you’re running. If you happen to be logged in to an Active Directory domain controller (DC), it is installed automatically. It will be listed under Administrative Tools.
Depending on whether you’re using Windows client or Windows Server, follow the guides below to install ADAC.
How to install ADAC on Windows 10 or Windows 11
Although Windows 10 and Windows 11 differ in the Settings app, the following steps can be followed to install ADAC.
To install the Active Directory Administrative Center (ADAC) on Windows 10 or Windows 11:
Click the Start button and choose Settings.
Click on the System category or icon and choose Optional Features.
Click ‘Add a feature‘ and start searching for (typing) ‘Active…’.
Select the item ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
Click the ‘Add‘ button. It will start installing the tools. It should show ‘Added‘ when it is complete.
OK, standby till the next main heading to launch it.
How to install ADAC on Windows Server
On Windows Server, we’ll use the Server Manager app/tool to install the Active Directory Administrative Center (ADAC).
Click the Start button and select Server Manager.
The main window will open.
Click the ‘(2) Add roles and features‘ option.
You can click through the first few screens until you get to the ‘Select features‘ screen.
Scroll down to the ‘Remote Server Administration Tools‘ (RSAT) section, expand, then expand the ‘Role Administration Tools‘ heading.
Expand there and place a checkmark in the heading category labeled ‘AD DS and AD LDS Tools.’ This will pre-select the child objects automatically for you, including ADAC.
Click Next and then click Install. Wait a few moments and voila!
Follow along next to launch ADAC.
How to launch ADAC
There are several ways to launch the Active Directory Administrative Center (ADAC). Of course, this is Windows. Here are the most common ways.
Click the Start button and start searching the Start Menu (typing) for ‘active‘.
Click on Active Directory Administrative Center. You’re done.
You can also click the Start button and locate ‘Administrative Tools.’
Open that and then open ADAC from the list.
Now that we have the tool open…
How do we use it? Read on.
What can I do with ADAC?
The Active Directory Administrative Center (ADAC) provides a more user-friendly and intuitive graphical interface compared to older tools like ADUC (Active Directory Users and Computers). Thanks to Microsoft building the tool from the ground up on a more modern development platform, they were able to make many common tasks more straightforward and efficient without having to deal with the clunky and legacy code in MMC (which goes back 20+ years).
Let me demonstrate how to perform a multitude of tasks and processes – the nuts and bolts of an Active Directory IT Pro.
Create a user
Let’s create an Active Directory user.
First, let me click my AD domain root ‘reinders (local)‘
Then click on the OU called ‘Domain Users.’
Next, on the ‘Tasks‘ panel on the right, I’ll click ‘New‘ -> User.
Here I can fill in all the details and attributes of my new user. Instead of dealing with clunky tabs across the top that limit your view substantially.
You can easily click category headings on the left to jump to each section.
And, because this is built on a modern platform, I can maximize this window to look at a lot on one screen.
Create an Organizational Unit (OU)
To create a new Organizational Unit (OU):
Navigate to where you want it to be stored on the navigation along the left. Then, right-click on the ‘parent’ location, choose New -> Organizational Unit.
Fill in the Name, and any other details or attributes to suit your needs. Click OK.
Create a Group
The process of creating Groups is similar to the last two. First, I can demonstrate some more efficiencies in the more modern tool.
I navigated through the top level of my domain and clicked on ‘Domain Groups.’ I currently have 2 groups listed here.
With ‘Citrix_Pilot_Users’ selected, look at the Tasks pane on the right – I have two main avenues to pursue. I can make changes to said group, or I can perform operations in the ‘Domain Groups‘ container.
Under ‘Domain Groups‘, I’ll click New -> Group.
I’ve filled out pertinent details and clicked OK.
Reset a user’s password
From the main page of the ADAC, there are two frequent tasks you can perform. One of those is to reset a user’s password.
I can type in a user’s username, set a new password, and click Apply. Nice and quick.
Enable the Active Directory Recycle Bin
One of the new exclusive features in the Active Directory Administrative Center is the AD Recycle Bin. You can enable this feature easily from the main menu of the ADAC.
Click the root of your domain on the left navigation pane. You’ll normally see an ‘Enable Recycle Bin‘ item in the Tasks pane on the right.
As you can see, I’m special. Or at least my domain already has this feature enabled. But, you get the gist. Why didn’t I just disable the feature for this article so I could show you the steps? Well, that is an important point – once you enable the AD Recycle Bin, it can not be disabled!
Delete an AD user or object
To delete an AD user, let me take this opportunity to demonstrate how to utilize the ‘Global Search‘ feature on the ‘Overview‘ (main homepage) item on the left Navigation pane.
I’ll search for ‘Claire‘ and hit Enter.
There she is – Claire Bennet.
I can click ‘Delete‘ in the Tasks pane on the right.
Oops.
If you recall when I created the user, Claire Bennet, I checked the box to ‘Protect from accidental deletion.’ So first I need to open that user object, turn off that checkbox, and then Delete it again. There, done.
Restore a deleted AD user or object
No, wait! You weren’t supposed to delete Claire yet…she still needs to make changes to a few files on the fileserver before she leaves on her business trip. Well, what can we do? After enabling the AD Recycle Bin, we now can restore her deleted object with all attributes and SID history intact.
First, click the ‘Deleted Objects‘ item on the left Navigation pane on the left. Amongst a few system resources, there she is – ‘Claire Bennet’.
Select the object and then click the ‘Restore‘ item on the Tasks pane on the right. (You can also click ‘Restore To…’ to restore the user to a different OU than the one it was deleted from). No confirmation, it’s just done. See? I told you she could ‘regenerate’. Hah.
How to view PowerShell command history
As I described towards the beginning of this article, the Active Directory Administrative Center is a graphical user interface (GUI) that runs on top of PowerShell commands that run behind the scenes.
To view the history of the commands that run during your session:
Click the ‘up arrow‘ in the lower-right corner of the ADAC window lined up with ‘WINDOWS POWERSHELL HISTORY’.
Here, I’ve highlighted the ‘Remove-ADObject‘ cmdlet that ran when I deleted Claire and the ‘Restore-ADObject‘ command to restore her from the AD Recycle Bin. Again, this is an efficient way to learn PowerShell and specific AD commands and cmdlets. You can use the history shown here to write your scripts in other areas of your job duties.
ADAC is user-friendly graphical interface for managing AD objects and tasks
The Active Directory Administrative Center (ADAC) provides a user-friendly graphical interface for managing Active Directory objects and tasks, simplifying complex administrative operations.
Built on top of Windows PowerShell, ADAC offers a bridge between the command line and a visual interface, making it accessible to administrators with varying levels of PowerShell expertise. With features like the Active Directory Recycle Bin, fine-grained password policies, and the ability to view PowerShell history, ADAC empowers administrators to efficiently manage their Active Directory environment, reducing errors and improving overall productivity.