In the ADAC list view you can use the Column Explorer feature that provides a Start Menu–like view on the AD container hierarchy, which Figure 3 shows. Column Explorer simplifies browsing through the AD hierarchy because it displays all child containers of a given parent container in a single column and adds new columns as you dig deeper in the AD hierarchy.
Column Explorer also provides a Find in this column box where you can type the name of the container object you’re looking for. ADAC automatically filters the current view while you type. As you can see in Figure 3, I searched for the Seattle OU, and ADAC automatically filtered the content of the Washington OU to the Seattle and Spokane OUs while I typed the letter S in the Find in this column box.
This can be a very useful feature when dealing with large datasets: You don’t need to scroll through the entire list of OUs anymore to locate a particular OU. Another hidden ADAC change that’s important for dealing with large AD datasets is that ADAC gets rid of the OU display limit of 2,000 objects per OU that ADUC set.
The list view also has a Most Recently Used (MRU) feature that shows the last three containers you accessed in a particular navigation node. In the example back in Figure 2, my MRU containers for my EMEA navigation node were Belgium\Brussels, Spain, and Germany.
At the top of the ADAC window is the breadcrumb bar. It lets you navigate directly to a specific container in your local domain or in a trusted AD domain by specifying an LDAP path, a distinguished name (DN), or a hierarchical path to an AD container. Figure 2 shows a hierarchical path to the “Active Directory Domain Services\dc-Americas\USA\Washington\Redmond\Tech” container in the breadcrumb bar.
You can use this bar to navigate only to containers that are part of the domain AD naming context of your local domain or a trusted domain. You can’t use it to navigate to containers of the configuration, schema, or application AD naming contexts. The breadcrumb bar is a feature that can be very handy when you must administer large AD datasets.
More Customization
When you open the properties of an AD object in ADAC (which you can do by double-clicking the object or by clicking the Properties link in the Tasks pane), you will notice that the property page is very different from what it was in ADUC. This is illustrated in Figure 4 for the Peter Kent user object.
ADAC shows only the most important object properties and groups the properties in sections. To perform common administrative tasks like an object rename or move, or password reset, you can use the Tasks dropdown menu on the top right of the property page.
In case you can’t get used to the new property page, the classic tabbed ADUC view of an AD object’s properties can be found in the last section of the ADAC property page called Extensions. However, you can only use this tabbed view to administer the object properties that aren’t already contained in the other sections.
Again, ADAC lets you easily customize an object’s property page: You can display or hide property page sections by using the buttons on the right top of each section or using the Add Sections dropdown menu at the top right of the property page.
For AD administrators, it’s paramount to have a powerful AD search engine. The ADAC search engine is called Global Search and is both flexible and powerful. You can access it from the Administrative Center Overview page or by using the Global Search link on the navigation pane.
From the Global Search page, which Figure 5 shows, you can build AD queries using specific keywords and search criteria. You can use predefined criteria such as “Users with a password expiring in this number of days” or “Users with enabled but locked accounts.”
When you select the Convert to LDAP option, Global Search converts the search criteria you selected to an LDAP query string that you can then fine tune in the Enter LDAP query window. Global Search also lets you save your queries and re-use them.
To save your query, use the Save button at the top right of the Global Search page. To retrieve a query that you previously saved, use the Queries button.
Impressive Version One Product
ADAC offers a single administration interface for connecting to different domains and provides efficient tools for searching and locating AD objects in a large AD database. However, the ADAC interface is very different from ADUC, and it will definitely take some time to get used it.
One small thing I found missing from the ADAC interface is a refresh option—this can be handy when you’re using ADUC and ADAC simultaneously and you add or modify objects in ADUC. Also, for the automation of certain AD administrative tasks it would have been nice to have access to the PowerShell code that’s underlying ADAC.
ADAC is an impressive version one product and a welcome addition for AD administrators who must deal with large AD databases and many AD domains.