In the Windows Server 2003 and Windows Server 2008 operating systems, administrators could manage and publish information in their Active Directory environments by using the Active Directory Users and Computers. Beginning in Windows Server 2008 R2, in addition to using Active Directory Users and Computers, administrators can manage their directory service objects by using the new Active Directory Administrative Center (ADAC), which has been enhanced in Server 2012 with more features. It can be used to do following:
- Create new user accounts or manage existing user accounts
- Create new groups or manage existing groups
- Create new computer accounts or manage existing computer accounts
- Create new organizational units (OUs) and containers or manage existing OUs
- Has Recycle Bin which once enabled, allows us to recover deleted objects
- We can create Password Setting Object (PSO), also called Fine Grain Password Policies. These PSOs allow us to set up a different password policy based on security group membership.
- Windows PowerShell History Viewer which allows us to view the power shell commands for all the tasks performed graphically on this tool.
Using Active Directory Administrative Center (ADAC) to enable Recycle Bin
IT professionals at one time or another have made the mistake of accidentally deleting an object in Active Directory that used to take countless hours to restore. Active Directory Recycle Bin was created to adhere to that very problem and this step-by-step guide will showcase how easy it is to enable. This procedure does not negate the need to have a proper system state backup which is always recommended and one must be aware that enabling this feature is one time and cannot be reversed under any circumstances.
Enabling Active Directory Recycle Bin
- In the management console, go to Tools > Active Directory Administrative Center
- Select Local Domain and in the Tasks Pane
- Select Enable Recycle Bin
- Click OK. NOTE: Be aware this feature cannot be disabled.
- Click OK. Once enabled, wait for AD replication to complete as this is a change made on the configuration partition. This process may take a while should your organization have a large active directory infrastructure.
A very simple enablement of a process that could save you hours of restore time.
Again this process cannot be reversed once invoked.
Fine Grained Password Policy
Let’s see how we can use ADAC for creating password setting for a Group.
- Open Server Manager Dashboard, click on Tools Menu, and click Active Directory Administrative Center.
- In the Task pane at right side, click New and then click Password Settings.
- In the Create Password Settings dialog box, Enter the values from the table:
- Click Add and type G_Managers, then click Check Names and click OK.
- In the Create Password Settings: ManagerPSO dialog box, Click OK.
- Test the settings by changing the password for the Tom account, who is the member of G_Managers, to a noncomplex, four-letter password.
Hope this helps you make the jump to ADAC.
Author Spotlight: Unitek Education Instructor Deepika A.
Deepika A. has 14 years of experience in the information technology field; she has spent four of those years working as an instructor at Unitek Education. Well-versed in Microsoft Exchange Server and Microsoft SQL Server technology in MCSE, MCTS, and MCITP editions, Deepika is also a proficient MCITP Microsoft Server 2008 Administration and Enterprise Administration instructor.
Deepika holds various certifications directly related to her work as an instructor at Unitek Education. Her certifications include MCSE, MCTS, and MCITP certifications, among others.
Unitek Education’s Windows Server 2012 R2 courses and boot camps help you to transform your IT operations, reduce costs, and deliver a whole new level of business value. Explore the range of Windows Server courses available at Unitek Education.