27 September, 2012

The Active Directory Administrative Center - Windows Server 2012

The Active Directory Administrative Center (dsac.msc) :- Not a new Feature of Windows Server 2012 (As it was there even in Windows Server 2008 R2) but few changes which have been incorporated are worth exploring

Ways to Open "Active Directory Administrative Center":-

- By default, there will be a Tile for the Active Directory Administrative Center on the Start Page
- If the tile is not present, then start typing "Active Directory Administrative Center" and you 
  will get the option on the page itself
- On the start page, type dsac.msc and you will get the option (dsac.msc is the shortcut for Active
  Directory Administrative Center)
- On the Server Manager Page, Click on Tools and then choose Active Directory Administrative

And here we go.... The "Active Directory Administrative Center" of Windows Server 2012

And just for comparison, The "Active Directory Administrative Center" of Windows Server 2008 R2

Let`s Start Exploring....


- A Refresh Button to Start With


- Add Navigation Nodes

When you click on the domain name, you can view all the Containers and Organizational Units (OU)

Suppose you have a large domain comprising of several OUs within OUs... Looking, Browsing and managing this kind of complex domain makes things complicated... So to make it look simple and to easily manage it, you can add a node here. A node here means a part of the hierarchical structure, So it could mean adding a node containing an OU which might have only Users/Groups or Sub OUs.... But then that will make manageability easier... Much Easier

Management List Option

By default, when you run a query in Active Directory Administrative Center, It returns only 10,000 objects. You can alter this default behaviour by specifying a value here


- Welcome To Active Directory Administrative Center
- Reset Password
- Global Search

The above three options are for the three small Windows that are displayed in the main window. By default, all the three small windows are displayed although you can deselect the options and the window will not be displayed here on this main page


On Left Pane, We have the following:-

- Overview
- <Domain Name>
- Dynamic Access Control
- Global Search

<Domain Name>

Clicking on the domain name will show you the domain hierarchy the same way you get in Active Directory Users and Computers

Right Click on the Domain Name

- Change Domain Controller
- Raise the Forest Functional Level
- Raise the Domain Functional Level
- Enable Recycle Bin
- New
- Search under this node
- Properties

Change Domain Controller: Allows you to change the domain controller so that you can manage the other domain controller from the same Snap-In

Raise the Forest Functional Level: The option which was earlier available in Active Directory Domain and Trust is now integrated in this Snap-In

Raise the Domain Functional Level: The option to raise domain functional level was available in Active Directory Users and Computers is now also available in this Snp-In

Enable Recycle Bin: One of my favorite options because I hate to do recovery from ADRestore / LDP or by using Backups... Thanks to Microsoft for making this option and above all simplifying the option to enable and use it, else the option was available in Windows Server 2008 R2 as well but then the configuration was so complicated (Not exactly complicated but it requires us to run certain powershell commands), but now the option is GUI Based and So Simple... I m loving It.... :)

New: To Create Group/Computer/User/InetOrgPerson/Organizational Unit

Search Under this Node: So now you can search under any node (Domain / OU / Container)

Properties: And you really want me to discuss this???

Dynamic Access Control

A new feature and most talked about (Indeed) introduced in Windows Server 2012. I will not be discussing about it right now as we have another post coming on it very soon

Global Search

When we were at the domain level, there was an option "Search Under this Node". When you choose that option, it will bring you to this option "Global Search". Depending upon on which node you did a right click and selected the option "Search under this node", the "Scope" listed on this page of "Global Search" will change

Right now the Scope is set to "Source" which happens to be our domain name. The scope is set to the domain name here because we did a right click on the domain name and selected the option "Search Under this Node". The scope would have been different if we would have chosen a different OU and then have done a right click to select the option "Search under this Node"

Windows PowerShell History

While I was working on Exchange 2007 last year, One thing which I really liked was the usage and exposure of PowerShell Commands

So if I was to create a Mailbox, at the end of the wizard it would have shown me the PowerShell Command that will be executed, so that next time instead of using GUI, I can use the same PowerShell Command or can make a script out of it

Now, In Windows Server 2012, the same thing "PowerShell Commands" has been Incorporated
You make any change in Active Directory and it will show you the PowerShell Command that it will execute

In Active Directory Administrative Center, there is a Windows PowerShell History at the bottom of the Window

For Example, I am creating an Organizational Unit

A new Organization Unit named "Managers" has been created

And now look at the "Windows PowerShell History" windows down at the bottom... It is showing the command that was executed while creating the OU :)