New Active Directory Documents for IT Pros
Active Directory Administrative Center provides network administrators with an enhanced Active Directory data management experience and a rich graphical user interface (GUI). Administrators can use Active Directory Administrative Center to perform common Active Directory object management tasks (such as user, computer, group, and organization units management) through both data-driven and task-oriented navigation. Administrators can use the enhanced Active Directory Administrative Center GUI to customize Active Directory Administrative Center to suite their particular directory service administering requirements.
There are several special considerations:
1. Active Directory Administrative Center can be installed only on computers running the Windows Server 2008 R2 operating system. Active Directory Administrative Center cannot be installed on computers running Windows 2000, Windows Server 2003, or Windows Server 2008.2. Active Directory Administrative Center cannot be installed on the Windows 7 operating system. However, this functionality will be available in future releases of Windows 7.
3. In this release of Windows Server 2008 R2, you cannot use Active Directory Administrative Center to manage Active Directory Lightweight Directory Services (AD LDS) instances and configuration sets.
One of the collest features of Active Directory Administrative Center is that it gives administrators the ability to manage Active Directory objects across multiple domains within the same instance of Active Directory Administrative Center. When you open the Active Directory Administrative Center, the domain that you are currently logged on to (the local domain) appears in the Active Directory Administrative Center navigation pane. Depending on the rights of your current set of logon credentials, you can view or manage the Active Directory objects in this local domain. You can also use the same instance of the Active Directory Administrative Center and the same set of logon credentials to view or manage Active Directory objects from any other domain (that belongs or does not belong to the same forest as the local domain) as long as it has an established trust with the local domain (Both one-way trusts and two-way trusts are supported.)
You can also open the Active Directory Administrative Center using a set of logon credentials that is different from your current set of logon credentials. This can be useful if you are logged on to the computer that is running the Active Directory Administrative Center with normal user credentials, but you want to use Active Directory Administrative Center on this computer to manage your local domain as an administrator. This can also be useful if you want to use Active Directory Administrative Center to remotely manage a domain that is different from your local domain with a set of credentials that is different from your current set of logon credentials. However, this domain must have an established trust with the local domain.
For more information on Active Directory Administrative Center features, including details on the Overview page, the customizable navigation pane, the breadcrumb bar, the query building search and filtering mechanisms, etc. see What's New in AD DS: Active Directory Administrative Center (http://go.microsoft.com/fwlink/?LinkID=131022).
This posting is provided "AS IS" with no warranties, and confers no rights.
PingBack from http://www.shariqsheikh.com/blog/index.php/200903/active-directory-administrative-center-wont-work-if/
You mentioned that "Active Directory Administrative Center can be installed only on computers running the Windows Server 2008 R2 operating system. Active Directory Administrative Center cannot be installed on computers running Windows 2000, Windows Server 2003, or Windows Server 2008"
What about the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008)
You cannot install Active Directory Administrative Center (ADAC) on down-level versions of the OS (operating systems before Windows Server 2008 R2); however, you can use it to manage them. Installing Active Directory Web Service (ADWS) on down-level versions of the OS allows you to manage these versions with Windows Powershell (using the Active Directory module) and ADAC.
ADAC is available for install as part of the Windows 7 Remote Server Installation Tools (RSAT).
What are new features in Active Directory 2008.
For information about specific features in Active Directory Domain Services (AD DS) in Windows Server 2008, see Active Directory Domain Services Role (http://go.microsoft.com/fwlink/?LinkId=164414).
For information about specific features in AD DS in Windows Server 2008 R2, see What's New in Active Directory Domain Services (http://go.microsoft.com/fwlink/?LinkID=139655).
Are there plans to release a version of ADAC that can be used to manage LDS instances?
Thank you for your question. We’re not in a position where we can share plans for future releases, but we’ll make sure the product team is aware of the interest in this capability.
ADAC has been a helpful tool. However, after getting the results from a query, I'm unable to locate how to print the results. Am I missing this some where?
There is no native way to print the results of a query in ADAC. You can create a query, click Convert to LDAP and then copy that filter into a tool that exports the results in a format you like.
This examples illustrates a query performed with the parameter "and Name starts with admin and The object type is User.
Get-ADObject -LDAPFilter "(&(name=admin*)(&(objectCategory=person)(objectClass=user)(!objectClass=inetOrgPerson)))" -properties * | format-list | out-file c:\query.txt
You can then print the corresponding text file (query.txt).
Have you heard of administrators having problems with ADAC and the group policy setting that enforces the use of FIPS compliant algorithms?
Hi, I had never heard of this, but I found a couple threads that could be related:
I will post any addditional info I can gather back here.
Thanks for your question,
Thank you for responding. I understand the concept of changing what cipher suites a Windows system will use. But, will ADAC use anything other than SSLv2? Is changing the SSL version requirement in ADAC customizable? And, Is the fix recommended in the second blog post a supported customer change to ADAC? If I even knew how to do that. :) Because the way I read the blog post a developer would have to modify .NET code and tell it to "ignore" the FIPS requirement.
I added the code from the blog post to dsac.exe.config with FIPS enabled in local policy and ADAC worked fine. So, I think that's a good fix. Am I in a position to ask for Microsoft to correct this.
Thanks for raising the problem, and trying out the workaround. Glad to hear it's working for you. I'm told this is fixed in .Net 4.
I wish it had been this simple. Making the change in the dsac.exe.config file allows the application to launch successfully but ADAC then informs you that it is unable to find any DC running ADWS. :(
What does .Net 4 fix?