Simple AD is a standalone managed directory that is powered by a Samba 4 Active Directory Compatible Server. It is available in two sizes. Show
Simple AD provides a subset of the features offered by AWS Managed Microsoft AD, including the ability to manage user accounts and group memberships, create and apply group policies, securely connect to Amazon EC2 instances, and provide Kerberos-based single sign-on (SSO). However, note that Simple AD does not support features such as multi-factor authentication (MFA), trust relationships with other domains, Active Directory Administrative Center, PowerShell support, Active Directory recycle bin, group managed service accounts, and schema extensions for POSIX and Microsoft applications. Simple AD offers many advantages:
Simple AD does not support any of the following:
Continue reading the topics in this section to learn how to create your own Simple AD.
Active Directory Administrative Center (ADAC) is a tool by Microsoft that is used for managing objects in Active Directory. Microsoft offers ADAC in Windows Server 2008 R2 and higher to help administrators perform usual Active Directory tasks with greater efficiency. ADAC is designed as a graphical interface on top of Windows PowerShell. This means that every time an action is carried out through ADAC, Windows PowerShell cmdlets are executed in the background. How is ADAC Different from Active Directory Users and Computers (ADUC)?ADAC is superior to ADUC in many ways.
How to Install Active Directory Administrative Center (ADAC)?In Windows Server 2019, Active Directory management tools are available as optional features and can be installed using the Server Manager. To install the Active Directory management tools on Windows Server 2019, follow these instructions:
What New Features are Introduced in Active Directory Administrative Center (ADAC)?ADAC introduced three new management features, which are:
Active Directory Recycle BinIn Windows Server 2003, you could recover Active Directory deleted objects through tombstone reanimation. However, the attributes associated with the reanimated objects, like group memberships, could not be recovered. Therefore, IT administrators could not rely on tombstone reanimation for objects that were accidently deleted. Recycle Bin in ADAC is an enhanced version of the tombstone reanimation that enables admins to preserve as well as recover deleted objects in Active Directory. When you enable the Recycle Bin feature, all attributes of deleted objects are restored in the same logical state as they were before deletion. For example, if you accidentally delete a few users, you can restore them using Active Directory Recycle Bin and they will automatically regain all the group memberships and access rights that they had before being deleted from the directory. Fine-Grained Password PolicyPrior to Windows Server 2008 Active Directory, admins could set only one type of password and account lockout policy for all the users in the domain. The policy was specified in the Default Domain Policy for the domain. So, if an organization wanted to set different password and account lockout policies for different users, it would either have to create a password filter or deploy multiple domains, both of which are costly options. With ADAC, admins can apply different password and account lockout policies for different users. For instance, you can apply strict policies for accounts that are highly privileged and set relatively easier policies for less privileged user accounts to keep the organization productive and secure at all times. Windows PowerShell History ViewerSince ADAC is built on Windows PowerShell, every action that is executed in its user interface generates a PowerShell script that is shown in the Windows PowerShell History Viewer. IT administrators can use this feature to learn the scripts, create automated commands, and reduce repetitive tasks while increasing overall productivity. How to Access Active Directory Administrative Center (ADAC)?To access ADAC, do the following:
How to Use Active Directory Administrative Center (ADAC)?ADAC can be used to perform routine Active Directory tasks but in a more advanced and efficient way. When you launch the ADAC console, you will see the two most used options by administrators, namely Reset Password and Global Search, readily available on the landing page. You can perform the following actions through ADAC:
Create an Organizational Unit (OU)An organizational unit (OU) is a container in Active Directory that can hold objects, like users, computers, and groups. Organizational units are very helpful in keeping the directory neat and well-structured. To create an organizational unit using ADAC, follow these instructions:
Create and Add Users to an Organizational UnitWhen new employees join a company, IT administrators have to create their user accounts so that they can access the company’s resources and start working. Here is how you can create new user accounts in your directory using ADAC:
Reset a User’s PasswordUsers often forget their passwords and reach out to IT admins to reset their passwords. Thankfully, ADAC is up to the task and that too, quite efficiently. To reset a user’s password in ADAC:
Restore a Deleted User or ObjectIf you accidentally delete an object from your directory, ADAC allows you to restore that object by enabling the Recycle Bin feature. Here is how you can enable the Recycle Bin feature in ADAC:
Deleting a User from the Directory:
Restoring a Deleted User Using ADAC:
View PowerShell HistoryPowerShell history in ADAC is useful for auditing and tracking as you can see all the changes that were made to the directory. To view the PowerShell history in ADAC:
Here you will see all the changes that were made. In case an unauthorized modification was made, you can reverse it. You can also see the PowerShell cmdlets for the actions made in the directory, which can be used to construct automated scripts to reduce repetitive tasks and increase IT productivity. Taking Active Directory Controls a Step FurtherADAC was meant to be a replacement for ADUC but the truth is that it is not a good substitute. Despite offering some advanced features, there is still room for a lot of improvement.
Instead of switching between ADAC and ADUC to carry out the tasks, you should opt for a one-stop solution that offers a user-friendly interface and helps you perform all the Active Directory tasks with utmost reliability and precision. Try GroupID; it enables you to take the controls of Active Directory a step further by offering all the functions that you can perform with ADAC and much more. GroupID has been a leading tool for managing users and groups in Active Directory for over 21 years. Here’s how GroupID extends Active Directory functions:
Seamless User Provisioning and DeprovisioningKeep your directory up-to-date by syncing it with data from a source, such as an Excel file or an HR database. GroupID Synchronize reads new user records at the source and auto creates user accounts at the destination, such as Active Directory. This feature makes user provisioning and deprovisioning extremely easy and reliable, as new recruits are quickly onboarded and parting employees are offboarded while revoking their access. Powerful Group ManagementGroupID Automate solves a real problem for businesses by enabling them to manage groups automatically and dynamically.
Logical Deletion and the Recycle BinGroupID enables administrators to restore deleted groups, which reinstates all group memberships and permissions. Groups are also restored to their original container. Simplified Password ManagementGroupID Password Center enables end-users to do the following on their own:
Users can perform these operations after authenticating via multifactor authentication. Moreover, helpdesk can also reset passwords and unlock accounts for end-users. They also have access to dashboards and live updates to audit and examine the tasks carried out by end-users. Controlled DelegationGroupID Self-Service is a powerful web-based group and user management tool that allows administrators to delegate directory administration to end-users based on permissions and policies. Users can manage their profiles, accounts, groups, workflows, and much more. Thorough ReportingActive Directory does not come with any reporting tools, which is why administrators are forced to scroll through the Global Address List (GAL) manually to look for records. GroupID Reports offers hundreds of insightful reports on Active Directory users, computers, groups, and contacts, such as:
Summing UpGroupID puts an end to all manual group and user management tasks in Active Directory and Azure AD, saving IT time and effort, which can be utilized for other projects. So, start your journey with GroupID today and reap the benefits of automated object management in Active Directory.
View Profile Since 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think. |