To date, one of the biggest restrictions of Microsoft's Web-based management tools has been that the company did not provide any functions for Active Directory, DNS, and DHCP servers. Microsoft began to close this gap in Preview 1903. However, the AD module is mostly limited to basic functions.

Currently, Windows Admin Center (WAC) only supplements the RSAT; it does not replace them. So far, it is almost impossible to avoid using the two toolboxes side-by-side because the WAC exclusively covers some new features of Windows Server, such as System Insights, while many common tasks are still left to MMC-based tools.

Implementation as extensions ^

The Windows Server roles that the Admin Center has completely ignored to date include AD Domain Services, DNS and DHCP servers. Since their administration is one of the core tasks of many admins, the modules for these roles were at the top of users' wish lists for WAC.

These wishes are fulfilled by Microsoft's three new modules in Preview 1903. However, they are not an integral part of the WAC yet; they must be installed as extensions. Consequently, the development of the new modules is decoupled from the overall system, which allows Microsoft to publish updates at shorter intervals.

Information about extension updates ^

To inform users in general about new versions of extensions, the WAC Preview 1903 introduces a notification function. A corresponding message appears when an extension is opened and an update is available.

WAC displaying a notification about an update for an extension

WAC displaying a notification about an update for an extension

For extensions that originate from hardware manufacturers, it is sufficient if the user in WAC connects to a server offered by the hardware provider. However, the extension must explicitly support notifications.

Adding extensions for AD, DNS, and DHCP ^

The list of extensions can be displayed using the gear symbol in the top right-hand corner of the menu bar. You can install the previews for Active Directory, DNS, and DHCP individually from there. However, afterwards they only appear in the navigation of Admin Center when you connect to a domain controller, a DHCP, or a DNS server.

The modules for AD, DNS, and DHCP must be installed via the list of extensions

The modules for AD, DNS, and DHCP must be installed via the list of extensions

Managing the Active Directory ^

When called, the AD module provides several information about the domain, such as name, functional level, or the standard containers for users and computers. The actual administration is essentially limited to adding, deleting, and editing user accounts as well as creating groups and managing their members.

When editing user accounts, only some of the attributes are available

When editing user accounts, only some of the attributes are available

Password reset is one of the features that is especially useful for web-based tools. This task can be delegated to employees without having to install any software on their computer.

Password reset in WAC Preview 1903

Password reset in WAC Preview 1903

The AD extension also supports this function. However, WAC's rough role model does not allow users to be limited to this task. Rather, they can use all the AD module features within the scope of their permissions.

Objects in the Active Directory can only be accessed via the search function

Objects in the Active Directory can only be accessed via the search function

Unlike Active Directory Users and Computers or the Active Directory Administrative Center, the new WAC extension does not allow you to navigate through the AD's tree structure; instead, all activities start with the integrated search function.

It also allows the entry of substrings and returns all objects (users, computers, groups) that match the pattern. Depending on the type you choose, specific operations are available. The password reset, for example, only works for users.

There is no access to OUs. Therefore, these cannot be displayed, edited, moved, or newly created. Currently, it is also not possible to manage group policies via the WAC.

When adding a server, you can look up its name in Active Directory

When adding a server, you can look up its name in Active Directory

The integration with the AD is also noticeable elsewhere. If you want to add a new computer to the list of managed systems, you can now trigger a search in the AD.

DNS Management ^

The new extension handles most of the core features needed for this service. Thus, the DNS module can display details of forward and reverse lookup zones, create them, and edit their properties (such as master server or dynamic updates).

Displaying DNS zones and their entries with the new DNS extension from WAC.

Moreover, admins can use it to create records of host type (A or AAAA), CNAME, or MX. Existing DNS entries and their properties, such as FQDN, IP address, or TTL, can be edited. The tool also allows you to create PTR type entries under a Reverse Lookup Zone.

To use the DNS extension, the PowerShell DNS module must be installed on the target server. If necessary, this can be done directly from the error message or with:

Install-WindowsFeature -ComputerName <DNS-Server> -Name RSAT-DNS-Server

DHCP Extension ^

The module for DHCP provides the essential status information for the IPv4 and IPv6 scopes (use of addresses, reservations). Scopes can also be created and configured (IP addresses for the start and end of a range, expiration of leases, exclusion of ranges, reservations).

Editing DHCP scope in the Windows Admin Center

Editing DHCP scope in the Windows Admin Center

Advanced functions, such as configuring DHCP failover or filtering clients via policies, are not supported. It is also not possible to authorize DHCP servers in Active Directory.

The DNS and DHCP extensions need their respective PowerShell modules on the target system

The DNS and DHCP extensions need their respective PowerShell modules on the target system

The DHCP extension also requires the respective PowerShell module (RSAT-DHCP) on the target systems. You can add it following the same pattern used for DNS.

Availability ^

WAC Preview 1903 can be downloaded from the Windows Server Preview website once you are registered as an Insider. As mentioned above, you have to add the extensions for AD, DNS, and DHCP separately.

  1. Michael C. Cook Sr. 4 years ago

    Looks like IPAM. I don’t use that type of modulation, I prefer to write the scripts that do what this tool does. Does it amount to capability? Sure. Does it amount to easy replication? Doesn’t seem like it. At least when you create a root structure through a script, you can control those variables and ‘seedlings’ with a database. That’s pretty much what this tool is… it just has a pretty face. Like IPAM.

  2. Wolfgang Sommergut 4 years ago

    Hi Luc, thank you for your kind words 🙂

  3. Michael C. Cook Sr. 4 years ago

    I don’t use IPAM or this tool. I use a script and my own gui that does the same thing… Everyone uses a different tool and that’s ok. I was just chiming in and saying that a lot of these tools seem to be rebrands of the same old idea. I’m all for progress but progress seems to be a new skin on the same old tools these days… rather than encapsulating them all into a refined script that can restore from bare metal in the least amount of time.

    What they should develop is a way to set up as many tools as you need from the root variables you want the server to sustain. They already have a way to pull the XML script in Features/etc… but the wizards are all disconnected from each other… For instance, if I know my domain controller will always be “dc####.domain.tld”, then I could have the seedling pull that info from the start and input its variables that way rather than going through individual wizards in order to set up IPAM or Windows Admin Center.

    I’m working on a gui/script/program called Hybrid that does exactly that, whether it’s a virtual or physical machine you’re building, and you can use the same program to set up child items too.

    It’s sort of how Azure would do this or an AD Federation Services would, only, it works without Azure or WSUS, or a few other utilities and such.

    If you want to scope it out so far? Here it is.

    I still have a lot to do on the server end, but the end result will look like this…

  4. David 3 years ago

    No offense but custom scripting to re-implement solid tools that are out there does really sounds like a waste of time and a 0 value task…and trust me I know what I'm talking about, I developed years ago a custom GUI application based on Powershell to completely manage the DNS servers accross the AD Forests of my company. All that programming, in terms of business needs, was a waste of time. A bunch of code just to manage a DNS service. I bet my company prefers to have their engineers dedicated to real business critical tasks and developing custom infrastructure tools. When IPAM became available we didn't think twice and made the move, we lost some custom features but most of them were just defensive programming ones that can be easily sorted out. Fortunately that project went away, we no longer use that tool…reinventing the wheel when there folks out there dedicated to provide these kind of tools? Sorry, but no thanks.

    We still have another custom tool I created in the company, an asp website to automate SCCM OSD deployments and when they ask me, I say….if you find out there anything that does the same, don't think about it….fire it off.

    Custom deployments are just justified to cover gaps (and for self education obviously), not to feel proud because you create tools that for the most part does the same as others.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account