The Microsoft Active Directory Administrative Center (ADAC) is a tool to manage Active Directory users and computers. ADAC was first available with Windows Server 2008 R2 and additional features were added in Server 2012.
In this guide, I’ll show you how to install the Active Directory Administrative Center and compare its features to the Active Directory Users and Computers (ADUC) management console.
Table of Contents:
- Difference between ADAC and ADUC
- How to Download ADAC
- How to Install ADAC on Windows Server
- How to Install ADAC on Windows 10/11
- ADAC Alternative
Note: The following acronyms are used in this article:
- ADAC = Active Directory Administrative Center
- ADUC = Active Directory Users and Computers
- DAC = Dynamic Access Control
Difference between ADAC and Active Directory Users and Computers (ADUC)
ADAC and ADUC are both Active Directory Management tools that administrators use to manage users, computers, groups, and OUs.
Although both of these tools have similar functions, the Active Directory Administrative Center includes the following new features:
- Active Directory Recycle Bin
- Find Grained Password Policy
- PowerShell History Viewer
- Manage Dynamic Access Control
- Raise Forest and Domain Functional Levels
- Improved GUI
Active Directory Recycle Bin
The Active Directory Recycle Bin allows you to restore deleted Active Directory objects. For example, if the user “robert.allen” was deleted from Active Directory but later realized it was deleted by accident. You can use the Recycle Bin in Active Directory Administrative Center to restore the user account.
To manage the Recycle Bin you must install ADAC in Windows Server 2012. By default, the Recycle Bin is disabled. The forest functional level must be Server 2008 R2 or higher to enable it. Once the recycle bin has been enabled, you cannot disable it.
Fine Grained Password Policy
Fin grained password policies allow you to create multiple password policies within a single domain. For example, you could apply a more restrictive password policy to the accounts that are domain administrators. Before fine grained password policies, there was no option to have multiple password policies.
- You must use Active Directory Administrative Center on Server 2012 or higher to manage fine grained password policies.
- Find grained password policies only apply to global security groups and user objects.
- By default, only members of the Domain Admins group can manage fine grained password policies.
PowerShell History Viewer
The Active Directory Administrative Center console is built on top of PowerShell. The ADAC console will display the PowerShell commands of actions performed in the console. This can help you learn PowerShell and create scripts.
To use the history viewer you must be using Server 2012 or newer version of ADAC.
For example, I reset the password for a user account. Looking in the PowerShell history I can see the PowerShell commands used to reset the user’s password.
Manage Dynamic Access Control (DAC)
DAC allows you to define granular access control to NTFS folder shares. For example, you could define permissions based on the department attribute of a user account. If the user changes departments and the department attribute is updated the user’s NTFS access is automatically updated. Another example is you could give user access from their desktop but not their laptop or when connected remotely.
DAC requires Windows Server 2012 or higher.
The creation of the DAC rules is done through the ADAC console.
To learn more about DAC see the Microsoft article Dynamic Access Control Overview.
Raise Forest and Domain Functional Levels
You can raise the forest and domain functional level using ADAC. Prior to ADAC this could only be done by using the Domains and Trust management console.
These two options are listed under the tasks sidebar when you click on the root of your domain.
Improved GUI
When viewing objects ADAC displays more details on the page compared to the old ADUC. I don’t find this to be a huge improvement but staff that works with users and computers might find this useful.
Here is a screenshot of a user account. You can see it displays more information on one page. With ADUC you would have to click on multiple tabs to see these details.
Personally, it feels slow and clunky to me and I prefer using ADUC.
How to Download ADAC
Active Directory Administrative Center is included with the RSAT tools and does not need to be downloaded. Starting with Windows 10 October 2018 Update the RSAT tools are included with Windows. These tools are only supported on Windows Pro and Enterprise versions.
To install ADAC see the next section.
How to install ADAC on Windows Server
In this example, I will install Active Directory Administrative Center on Windows Server 2022. These same steps will also work on Windows Server 2016 and 2019.
Step 1. Open Server Manager
Click on start and then click the server manager icon.
Step 2. Click Add roles and features
From the server manager dashboard click on “Add roles and features”.
Click “Next” on the before you begin page.
Select “Role-based or featured-based-installation” and click “”Next”.
For the server selection make sure your local server is selected and click “”Next”.
On the server roles page, leave the settings at their defaults and click “Next”.
On the Select features page expand Remote Server Administration Tools, then expand Role Administration Tools and make sure AD DS Tools and AD LDS Tools are checked. Click “Next”.
On the confirmation page, review your selections and click “install”.
Step 3. Open ADAC
When the installation is complete you can access the Active Directory Administrative Center from the tools dropdown.
How to install Active Directory Administrative Center on Windows 10 or 11
To install ADAC on Windows 10 or 11 follow these steps:
1. Open Apps & Features and click on Optional Features
2. Click on add a feature
3. Type rsat and select RSAT: Active Directory Domain Services and Lightweight Directory Services Tools
4. Click install to start the installation.
When the installation is complete you can access ADAC from start -> Windows Administrative Tools.
Easily Management Active Directory Users with the AD Pro Toolkit
Both ADAC and ADUC are used to perform basic Active Directory administrative tasks. But they lack many features that administrators need such as automation, bulk updates, and reporting.
The AD Pro Toolkit simplifies AD Management by automating many administrative tasks, it also includes over 200 pre-built reports.
AD Pro Toolkit highlights:
- Bulk Import Users
- Bulk Update Users
- Easily export users to CSV or PDF
- Schedule automated reports
- Quickly find locked user accounts
- Bulk add or remove users from groups
- Audit password changes
Download AD Pro Toolkit and see how easy it is to management Active Directory.
Summary
In this article, I showed you how to install the Active Directory Administrative Center. I also showed you the new features it has compared to the Active Directory Users and Computers management console. For day to day stuff most Active Directory Administrators still use ADAC as simple things like unlocking accounts are not intuitive. It also feels very slow compared to ADUC and PowerShell. It does come in useful for things like recycle bin and fine grained password policies.