- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
- Switch between Windows Terminal and the legacy console - Thu, Nov 16 2023
Currently, Windows Admin Center (WAC) only supplements the RSAT; it does not replace them. So far, it is almost impossible to avoid using the two toolboxes side-by-side because the WAC exclusively covers some new features of Windows Server, such as System Insights, while many common tasks are still left to MMC-based tools.
Implementation as extensions
The Windows Server roles that the Admin Center has completely ignored to date include AD Domain Services, DNS and DHCP servers. Since their administration is one of the core tasks of many admins, the modules for these roles were at the top of users' wish lists for WAC.
These wishes are fulfilled by Microsoft's three new modules in Preview 1903. However, they are not an integral part of the WAC yet; they must be installed as extensions. Consequently, the development of the new modules is decoupled from the overall system, which allows Microsoft to publish updates at shorter intervals.
Information about extension updates
To inform users in general about new versions of extensions, the WAC Preview 1903 introduces a notification function. A corresponding message appears when an extension is opened and an update is available.
For extensions that originate from hardware manufacturers, it is sufficient if the user in WAC connects to a server offered by the hardware provider. However, the extension must explicitly support notifications.
Adding extensions for AD, DNS, and DHCP
The list of extensions can be displayed using the gear symbol in the top right-hand corner of the menu bar. You can install the previews for Active Directory, DNS, and DHCP individually from there. However, afterwards they only appear in the navigation of Admin Center when you connect to a domain controller, a DHCP, or a DNS server.
Managing the Active Directory
When called, the AD module provides several information about the domain, such as name, functional level, or the standard containers for users and computers. The actual administration is essentially limited to adding, deleting, and editing user accounts as well as creating groups and managing their members.
Password reset is one of the features that is especially useful for web-based tools. This task can be delegated to employees without having to install any software on their computer.
The AD extension also supports this function. However, WAC's rough role model does not allow users to be limited to this task. Rather, they can use all the AD module features within the scope of their permissions.
Unlike Active Directory Users and Computers or the Active Directory Administrative Center, the new WAC extension does not allow you to navigate through the AD's tree structure; instead, all activities start with the integrated search function.
It also allows the entry of substrings and returns all objects (users, computers, groups) that match the pattern. Depending on the type you choose, specific operations are available. The password reset, for example, only works for users.
There is no access to OUs. Therefore, these cannot be displayed, edited, moved, or newly created. Currently, it is also not possible to manage group policies via the WAC.
The integration with the AD is also noticeable elsewhere. If you want to add a new computer to the list of managed systems, you can now trigger a search in the AD.
The new extension handles most of the core features needed for this service. Thus, the DNS module can display details of forward and reverse lookup zones, create them, and edit their properties (such as master server or dynamic updates).
Moreover, admins can use it to create records of host type (A or AAAA), CNAME, or MX. Existing DNS entries and their properties, such as FQDN, IP address, or TTL, can be edited. The tool also allows you to create PTR type entries under a Reverse Lookup Zone.
To use the DNS extension, the PowerShell DNS module must be installed on the target server. If necessary, this can be done directly from the error message or with:
Install-WindowsFeature -ComputerName <DNS-Server> -Name RSAT-DNS-Server
The module for DHCP provides the essential status information for the IPv4 and IPv6 scopes (use of addresses, reservations). Scopes can also be created and configured (IP addresses for the start and end of a range, expiration of leases, exclusion of ranges, reservations).
Advanced functions, such as configuring DHCP failover or filtering clients via policies, are not supported. It is also not possible to authorize DHCP servers in Active Directory.
The DHCP extension also requires the respective PowerShell module (RSAT-DHCP) on the target systems. You can add it following the same pattern used for DNS.
Subscribe to 4sysops newsletter!
WAC Preview 1903 can be downloaded from the Windows Server Preview website once you are registered as an Insider. As mentioned above, you have to add the extensions for AD, DNS, and DHCP separately.