ADAC has the same tiled interface as Server Manager. The interface provides a nice overview that offers useful links and help documentation on AD, as well as detailed deployment of Dynamic Access Control (covered in Chapter 5).

Figure 4-15 shows the initial ADAC screen. From here, you can reset the domain administrator’s password and perform a global search against AD. On the left side of the screen, you can select the DC you want to manage.

When you select the DC, a listing of all the AD objects, including containers and organizations units (OUs), is displayed. On the right of the screen is a menu for performing various AD-associated tasks, such as adding new objects, deleting objects, searching, and viewing properties of containers (permissions, for example).

The layout for creating objects in AD has gone through some changes. First we will walk through creating a new group.

To begin creating a new group, open Server Manager. In the dashboard, from the left menu, click “AD DS.” Right-click the local server (or the server on which you’ve installed AD) and select Active Directory Administrative Center, as shown in Figure 4-16.

From the left menu in ADAC, click on “AD DS.” All AD container objects are displayed. From the righthand Tasks menu, under Program Data, click New and then Group (Figure 4-17).

The Create Group screen opens. Fields with red asterisks are required. In Figure 4-18, I name my group Human Resources NY. As you type the group name, the field directly under the “Group name” field, Group (SamAccountName), is automatically populated.

Next, select the group type; by default, this is set to Security, but you can set it as an email distribution list as well. Then choose the group scope. The default scope is Global, but we can set it to only the local domain or to universal (i.e., permissions and accessibility across multiple Active Directory forests).

You can add a member to the group or make the group a member of a parent group under the “Members” and “Member of” sections, respectively. The rest of the fields are optional, such as adding information about who manages the group, a description, notes about the group, and so on.

If you don’t need to see all that information in the Create Group screen, you can hide sections. For example, a small organization with few IT staff members may not need to specify who manages a group. To customize this interface, click the Sections drop-down button at the top right of the Create Group screen. As shown in Figure 4-19, checked sections are displayed. To hide a section, simply uncheck it.

You can also close a section by clicking the X button directly above and to the far right of each section.

If you use a specific section at times, you may just want to collapse it when you don’t need it instead of closing it. To collapse a section, click on the arrow next to the X button directly above and to the far right of each section.

The interface is consistent for creating any kind of AD object in ADAC, although fields may change depending on the object (such as a new computer or user). Creating and managing users is detailed more thoroughly in Chapter 5.

ADAC also allows you to perform domain-wide duties, such as changing the domain controller or raising the forest or domain functional level.

The Active Directory Recycle Bin is a way to restore deleted AD objects without losing any of those objects’ attributes. For example, if you delete a user account and restore it using the AD Recycle Bin, that account retains its permissions and group memberships.

ADAC in Server 2012 provides an easy way to enable the AD Recycle Bin. From the right side of the ADAC window, under Tasks, click Enable Recycle Bin (Figure 4-20).

Click OK in the pop-up message to confirm enabling the Recycle Bin (Figure 4-21). Refresh the screen and a new container, Deleted Objects, is listed.

To restore a deleted object, open Deleted Objects and either right-click the container and select Restore to restore the object to its original location, or click Restore To to specify a location (Figure 4-22). You can also access the same commands under the Tasks menu.

Sometimes you need to perform an action on a specific object within AD. Perhaps you have to disable a user account for a user who no longer is part of your organization. It can be tedious to scroll through Active Directory looking for that user account, especially in large organizations that may have many AD objects.

That’s where ADAC’s search capabilities come in very handy. You can perform global searches in the ADAC against the local AD or throughout an entire AD infrastructure.

To search, click Global Search on the left menu of ADAC. You can type a term directly, or you can build a search query for more complex searches.

To start building a query, click the arrow to the far right of the search field to display the “+Add criteria” drop-down menu (Figure 4-23).

The drop-down list contains the fields you can search against to build your query. Figure 4-24 shows a query built with the Name, City, and State fields.

Press Enter or click the magnifying glass to execute the query.

You can save queries by clicking the disk icon to the right of the search field (Figure 4-25).

Once you’ve saved a query, you can quickly access it by clicking the query list icon (Figure 4-26).

At the bottom of the ADAC interface is Windows PowerShell History, a section that is collapsed by default. By clicking on the up arrow all the way to the right of the section, you can expand the area.

Displayed here are all the PowerShell commands associated with the tasks you perform in the ADAC GUI. It’s a great way to become acquainted with PowerShell syntax. The Copy option will copy selected syntax to the clipboard for you to save for later use.

Take the time to learn how the routine tasks are iterated with PowerShell. Microsoft could not have made it easier with Server 2012 for you to see how much more efficiently you can do some of your normal tasks with PowerShell. So, when you need to get many things done, you have a scripted way to avoid spending incredible amounts of interactive time in the GUI.