When you open Active Directory Administrative Center on your computer that is running Windows Server 2008 R2 or Windows 7 (the latter, by using Windows Server 2008 R2 Remote Server Administrative Tools (RSAT)), the domain that you are currently logged on to on this computer (the local domain) appears in the Active Directory Administrative Center navigation pane. Depending on the rights of your current set of logon credentials, you can view or manage the Active Directory objects in this local domain.

You can also use the same set of logon credentials and the same instance of Active Directory Administrative Center to view or manage Active Directory objects in any other domain (that belongs or does not belong to the same forest as the local domain) as long as it has an established trust with the local domain. Both one-way trusts and two-way trusts are supported.

Note

If there is a one-way trust between Domain A and Domain B through which users in Domain A can access resources in Domain B but users in Domain B cannot access resources in Domain A, if you are running Active Directory Administrative Center on the computer where Domain A is your local domain, you can connect to Domain B with the current set of logon credentials and in the same instance of Active Directory Administrative Center. But if you are running Active Directory Administrative Center on the computer where Domain B is your local domain, you cannot connect to Domain A with the same set of credentials in the same instance of the Active Directory Administrative Center.

There is no minimum group membership required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To manage a foreign domain in the selected instance of Active Directory Administrative Center using the current set of logon credentials
  1. To open Active Directory Administrative Center, click Start, click Administrative Tools, and then click Active Directory Administrative Center.

    Note

    Another way to open Active Directory Administrative Center is to click Start, click Run, and then type dsac.exe.

  2. To open Add Navigation Nodes, in Active Directory Administrative Center, click Add Navigation Nodes.

    Note

    Another way to open Add Navigation Nodes is to right-click anywhere in the Active Directory Administrative Center navigation pane, and then click Add Navigation Nodes.

  3. In Add Navigation Nodes, click Connect to other domains.

  4. In Connect to, type the name of the foreign domain that you want to manage (for example, contoso.com), and then click OK.

  5. When you are successfully connected to the foreign domain, browse through the columns in the Add Navigation Nodes window, select the container or containers to add to your Active Directory Administrative Center navigation pane, and then click OK.

Note

For more information about customizing the Active Directory Administrative Center navigation pane, see Customizing the Active Directory Administrative Center Navigation Pane.

You can also open Active Directory Administrative Center by using a set of logon credentials that is different from your current set of logon credentials. The command in the following procedure can be useful if you are logged on to the computer that is running Active Directory Administrative Center with normal user credentials, but you want to use Active Directory Administrative Center on this computer to manage your local domain as an administrator. This command can also be useful if you want to use Active Directory Administrative Center to remotely manage a domain that is different from your local domain with a set of credentials that is different from your current set of logon credentials. However, this domain must have an established trust with the local domain.

There is no minimum group membership required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To manage a domain using logon credentials that are different from the current set of logon credentials
  1. To open Active Directory Administrative Center, at a command prompt, type the following command, and then press ENTER:

    runas /user:<domain\user> dsac

    Where runas /user is the command that allows users to remotely execute commands as a different user, <domain\user> is the set of credentials that you want to open Active Directory Administrative Center with, and dsac is the Active Directory Administrative Center executable file name (Dsac.exe).

    For example, type the following command, and then press ENTER:

    runas /user:contoso\administrator dsac

  2. When Active Directory Administrative Center is open, browse through the navigation pane to view or manage your Active Directory domain.

Additional references