Windows Server 2008 R2 includes new features that can simplify the way you administer and maintain Active Directory (AD). Besides the AD Recycle Bin—a great feature for AD object recovery—and the AD Best Practices Analyzer—a very valuable tool for AD health checking—one of the most eye-catching new management-related features is certainly the Active Directory Administrative Center (ADAC).
Let's look at this new tool and see how ADAC can help simplify your day-to-day AD administration work. ADAC can be installed only on computers running Server 2008 R2 and is available with Windows Server 2008 R2 Standard, Enterprise, and Datacenter Editions, but not the Itanium and Web Server Editions.
ADAC is installed by default when you install the Active Directory Domain Services (AD DS) server role. ADAC is also included in the Remote Server Administration Tools (RSAT) feature.
How ADAC Differs From ADUC
ADAC offers administrators a good alternative to the Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) snap-in for managing AD objects. As with ADUC, administrators can use ADAC to perform common AD user, computer, group, and organizational unit (OU) object management tasks. Like ADUC, the current version of ADAC is used only for managing Active Directory Domain Services (AD DS) instances and not for managing Active Directory Lightweight Directory Service (AD LDS, formerly ADAM) instances.
The key difference is that ADAC is a very task-oriented administration tool that can help you manage AD in fewer steps. The ADAC interface focuses on key AD administration tasks.
For example, two very frequently performed tasks, resetting a password and searching AD for an object, are immediately available when you open ADAC, as Figure 1 shows. With ADUC, to reset a password you first had to locate the object, then right-click it and select Reset Password
, and only then you could enter the new password data.
In ADAC you can do all this in a single action from the ADAC opening screen.
ADUC is, foremost, a data-oriented tool: It shows you how the data in AD is organized. ADAC supports this data-oriented view of AD objects as well.
The classic hierarchical view of AD content is available from ADAC’s tree view, which I will discuss in more detail below. Besides the ADAC interface's focus on key administration tasks, two other important differences you will notice in the interface are that ADAC is much more customizable, and it lets you simultaneously connect to other domains.
ADUC supported taskpads but these were never a big success, and it required different instances to be able to manage objects across multiple domains. ADAC lets you simultaneously connect to different domain controllers (DCs) in different domains to manage objects across multiple domains within the same ADAC instance.
The other big difference between ADUC and ADAC lies in ADAC’s underlying architecture. ADAC is not MMC–based but uses an Explorer-like interface instead.
Under the hood, ADAC leverages Windows PowerShell and the new Active Directory Web Services (ADWS). ADWS is a new Windows service that provides a web service interface to AD.
To use ADAC you need at least one Windows DC in your domain
that has an operational ADWS service. ADWS is included in Server 2008 R2, and Microsoft also provides an ADWS add-on package for Windows 2003 SP2, Windows 2003 R2 SP2, Server 2008, and Server 2008 SP2. This package is called the Active Directory Management Gateway Service.
This means that you can also use ADAC to manage AD instances that are running on other Windows server platforms besides Server 2008 R2. Windows Server 2008 R2 includes a new set of powerful PowerShell cmdlets for AD administration that are bundled in the Active Directory Module for Windows PowerShell.
This module calls on the Microsoft .NET Framework 3.5.1 and ADWS for accessing the AD core engine. Server 2008 R2 automatically installs the PowerShell engine, the Active Directory Module for PowerShell, the .NET Framework 3.5.1, and ADWS when you install AD DS.
Resource: http://windowsitpro.com/
No comments:
Post a Comment