How To Use The Active Directory Administrative Center

Published: Sep 23, 2024

Servers Hero

SHARE ARTICLE

The Active Directory Administrative Center (ADAC) is a powerful, modern tool for managing Active Directory. Learn how to use it efficiently with our step-by-step guide and tips.

What is Active Directory Administrative Center (ADAC)?

The Active Directory Administrative Center (ADAC) is a tool designed for IT administrators and IT Pros to manage Active Directory. Users, groups, Organizational Units (OUs), printers, and password policies can be managed with ADAC. Repetitive tasks can be scripted or handled in bulk in various parts of the tool.

ADAC is a graphical user interface (GUI) that sits on top of PowerShell cmdlets (Command-lets) that run behind the scenes. IT Pros are free to use the command-line shell of PowerShell to perform the same steps. However, many admins do prefer the ‘efficiency’ of a GUI.

How does the Active Directory Administrative Center (ADAC) differ from Active Directory Users and Computers (ADUC)?

There are many similarities between the Active Directory Administrative Center (ADAC) and the legacy Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) tool. Although the layout and design of each tool’s GUI are rather different, you can perform the same tasks in both.

Active Directory Administrative Center - Overview
The ‘Active Directory Administrative Center – Overview’ (Image Credit: Michael Reinders/Petri.com)

ADAC offers some exclusive features. Here is the main list:

  • Active Directory Recycle Bin – Enabling this feature allows for the recovery of deleted objects, preserving all group memberships, attributes, and permission tokens (SIDs).
  • Windows PowerShell History Viewer – displays the PowerShell commands the GUI executes. This helps administrators understand the actual commands running and can assist in their education on various aspects and powers of PowerShell.
  • Fine-grained Password Policies – ADAC enables the creation and management of specific password policies designed for specific users and groups.
  • Dynamic Access Control – centralized mechanism to automatically classify files and authorize users based on claims made by a trusted source.
  • Global search – ADAC offers better management of objects across multiple domains in a forest, including the ability to perform global searches.

How can I Install ADAC?

The Active Directory Administrative Center is included and available in different areas of Windows depending on what version and flavor of the OS you’re running. If you happen to be logged in to an Active Directory domain controller (DC), it is installed automatically. It will be listed under Administrative Tools.

Depending on whether you’re using Windows client or Windows Server, follow the guides below to install ADAC.

How to install ADAC on Windows 10 or Windows 11

Although Windows 10 and Windows 11 differ in the Settings app, the following steps can be followed to install ADAC.

To install the Active Directory Administrative Center (ADAC) on Windows 10 or Windows 11:

  • Click the Start button and choose Settings.
  • Click on the System category or icon and choose Optional Features.
Adding ADAC as an Optional Feature in Settings
Adding ADAC as an Optional Feature in Settings (Image Credit: Michael Reinders/Petri.com)
  • Click ‘Add a feature‘ and start searching for (typing) ‘Active…’.
  • Select the item ‘RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.’
  • Click the ‘Add‘ button. It will start installing the tools. It should show ‘Added‘ when it is complete.

OK, standby till the next main heading to launch it.

Adding the 'RSAT: Active Directory Domain Services...' tools
Adding the ‘RSAT: Active Directory Domain Services…’ tools (Image Credit: Michael Reinders/Petri.com)

How to install ADAC on Windows Server

On Windows Server, we’ll use the Server Manager app/tool to install the Active Directory Administrative Center (ADAC).

  • Click the Start button and select Server Manager.
Launching Server Manager from the Start menu
Launching Server Manager from the Start menu (Image Credit: Michael Reinders/Petri.com)

The main window will open.

  • Click the ‘(2) Add roles and features‘ option.
On the Server Manager Dashboard, clicking 'Add roles or features'
On the Server Manager Dashboard, clicking ‘Add roles or features’ (Image Credit: Michael Reinders/Petri.com)
  • You can click through the first few screens until you get to the ‘Select features‘ screen.
  • Scroll down to the ‘Remote Server Administration Tools‘ (RSAT) section, expand, then expand the ‘Role Administration Tools‘ heading.
  • Expand there and place a checkmark in the heading category labeled ‘AD DS and AD LDS Tools.’ This will pre-select the child objects automatically for you, including ADAC.
Clicking the 'AD DS and AD LDS Tools' to install ADAC
Clicking the ‘AD DS and AD LDS Tools’ to install ADAC (Image Credit: Michael Reinders/Petri.com)
  • Click Next and then click Install. Wait a few moments and voila!
The feature installation succeeded!
The feature installation succeeded. (Image Credit: Michael Reinders/Petri.com)

Follow along next to launch ADAC.

How to launch ADAC

There are several ways to launch the Active Directory Administrative Center (ADAC). Of course, this is Windows. Here are the most common ways.

  • Click the Start button and start searching the Start Menu (typing) for ‘active‘.
  • Click on Active Directory Administrative Center. You’re done.
2024 08 09 13 36 38
Searching for Active Directory Administrative Center in the Start menu (Image Credit: Michael Reinders/Petri.com)
  • You can also click the Start button and locate ‘Administrative Tools.’
  • Open that and then open ADAC from the list.
2024 08 09 13 37 50
In Administrative Tools, we can launch ADAC (Image Credit: Michael Reinders/Petri.com)

Now that we have the tool open…

Screenshot 2024 08 09 134033 1
The beautiful Active Directory Administrative Center

How do we use it? Read on.

What can I do with ADAC?

The Active Directory Administrative Center (ADAC) provides a more user-friendly and intuitive graphical interface compared to older tools like ADUC (Active Directory Users and Computers). Thanks to Microsoft building the tool from the ground up on a more modern development platform, they were able to make many common tasks more straightforward and efficient without having to deal with the clunky and legacy code in MMC (which goes back 20+ years).

Let me demonstrate how to perform a multitude of tasks and processes – the nuts and bolts of an Active Directory IT Pro.

Create a user

Let’s create an Active Directory user.

  • First, let me click my AD domain root ‘reinders (local)
  • Then click on the OU called ‘Domain Users.’
2024 08 09 13 49 29
Creating a user in the ‘Domain Users’ OU (Image Credit: Michael Reinders/Petri.com)
  • Next, on the ‘Tasks‘ panel on the right, I’ll click ‘New‘ -> User.
  • Here I can fill in all the details and attributes of my new user. Instead of dealing with clunky tabs across the top that limit your view substantially.
  • You can easily click category headings on the left to jump to each section.

And, because this is built on a modern platform, I can maximize this window to look at a lot on one screen.

2024 08 09 13 52 11
Filling in all the details of a new user – you can see many attributes on one screen. (Image Credit: Michael Reinders/Petri.com)

Create an Organizational Unit (OU)

To create a new Organizational Unit (OU):

  • Navigate to where you want it to be stored on the navigation along the left. Then, right-click on the ‘parent’ location, choose New -> Organizational Unit.
2024 08 09 14 09 45
Creating a new Organizational Unit – (Image Credit: Michael Reinders/Petri.com)
  • Fill in the Name, and any other details or attributes to suit your needs. Click OK.
2024 08 09 14 14 26
There’s our new OU (Image Credit: Michael Reinders/Petri.com)

Create a Group

The process of creating Groups is similar to the last two. First, I can demonstrate some more efficiencies in the more modern tool.

  • I navigated through the top level of my domain and clicked on ‘Domain Groups.’ I currently have 2 groups listed here.
2024 08 12 07 43 45
Navigating to create a new AD Group (Image Credit: Michael Reinders/Petri.com)

With ‘Citrix_Pilot_Users’ selected, look at the Tasks pane on the right – I have two main avenues to pursue. I can make changes to said group, or I can perform operations in the ‘Domain Groups‘ container.

  • Under ‘Domain Groups‘, I’ll click New -> Group.
Screenshot 2024 08 12 074834
Filling in the details of my new group (Image Credit: Michael Reinders/Petri.com)
  • I’ve filled out pertinent details and clicked OK.

Reset a user’s password

From the main page of the ADAC, there are two frequent tasks you can perform. One of those is to reset a user’s password.

  • I can type in a user’s username, set a new password, and click Apply. Nice and quick.
Screenshot 2024 08 12 075151
I just reset Billy Reinders’s password (Image Credit: Michael Reinders/Petri.com)

Enable the Active Directory Recycle Bin

One of the new exclusive features in the Active Directory Administrative Center is the AD Recycle Bin. You can enable this feature easily from the main menu of the ADAC.

  • Click the root of your domain on the left navigation pane. You’ll normally see an ‘Enable Recycle Bin‘ item in the Tasks pane on the right.
2024 08 12 07 54 13
This is where you would Enable the AD Recycle Bin… (Image Credit: Michael Reinders/Petri.com)

As you can see, I’m special. Or at least my domain already has this feature enabled. But, you get the gist. Why didn’t I just disable the feature for this article so I could show you the steps? Well, that is an important point – once you enable the AD Recycle Bin, it can not be disabled!

Delete an AD user or object

To delete an AD user, let me take this opportunity to demonstrate how to utilize the ‘Global Search‘ feature on the ‘Overview‘ (main homepage) item on the left Navigation pane.

  • I’ll search for ‘Claire‘ and hit Enter.
2024 08 12 08 12 54
Using Global Search to find a user (Image Credit: Michael Reinders/Petri.com)

There she is – Claire Bennet.

  • I can click ‘Delete‘ in the Tasks pane on the right.
2024 08 12 08 13 52
Clicking on Claire to delete her (Image Credit: Michael Reinders/Petri.com)

Oops.

Screenshot 2024 08 12 081746
An error trying to delete ‘Claire’ (Image Credit: Michael Reinders/Petri.com)

If you recall when I created the user, Claire Bennet, I checked the box to ‘Protect from accidental deletion.’ So first I need to open that user object, turn off that checkbox, and then Delete it again. There, done.

2024 08 12 08 19 27
I need to turn off the protection attribute… (Image Credit: Michael Reinders/Petri.com)

Restore a deleted AD user or object

No, wait! You weren’t supposed to delete Claire yet…she still needs to make changes to a few files on the fileserver before she leaves on her business trip. Well, what can we do? After enabling the AD Recycle Bin, we now can restore her deleted object with all attributes and SID history intact.

  • First, click the ‘Deleted Objects‘ item on the left Navigation pane on the left. Amongst a few system resources, there she is – ‘Claire Bennet’.
2024 08 12 08 24 14
Navigating to ‘Deleted Objects’ to restore Claire
  • Select the object and then click the ‘Restore‘ item on the Tasks pane on the right. (You can also click ‘Restore To…’ to restore the user to a different OU than the one it was deleted from). No confirmation, it’s just done. See? I told you she could ‘regenerate’. Hah.

How to view PowerShell command history

As I described towards the beginning of this article, the Active Directory Administrative Center is a graphical user interface (GUI) that runs on top of PowerShell commands that run behind the scenes.

To view the history of the commands that run during your session:

  • Click the ‘up arrow‘ in the lower-right corner of the ADAC window lined up with ‘WINDOWS POWERSHELL HISTORY’.
2024 08 12 08 27 16
Working with PowerShell in ADAC – (Image Credit: Michael Reinders/Petri.com)

Here, I’ve highlighted the ‘Remove-ADObject‘ cmdlet that ran when I deleted Claire and the ‘Restore-ADObject‘ command to restore her from the AD Recycle Bin. Again, this is an efficient way to learn PowerShell and specific AD commands and cmdlets. You can use the history shown here to write your scripts in other areas of your job duties.

ADAC is user-friendly graphical interface for managing AD objects and tasks

The Active Directory Administrative Center (ADAC) provides a user-friendly graphical interface for managing Active Directory objects and tasks, simplifying complex administrative operations.

Built on top of Windows PowerShell, ADAC offers a bridge between the command line and a visual interface, making it accessible to administrators with varying levels of PowerShell expertise. With features like the Active Directory Recycle Bin, fine-grained password policies, and the ability to view PowerShell history, ADAC empowers administrators to efficiently manage their Active Directory environment, reducing errors and improving overall productivity.

Want to know more about using ADAC? Check out 3 Tips for Working with the Active Directory Administrative Center on Petri.com.

SHARE ARTICLE