This is the post I have wanted to write for a long time. I had to wait until the designs had been shown in public (see bottom of this post). This is also the latest in a series on filter designs.
Let’s get back to our original goal of…
…making a filtering mechanism that works well for the majority of cases. ‘Works well’ means that it is easy to use and complete enough to cover 95% of the scenarios of the people who use our products. Getting deep on Filtering
We have looked at a number of different examples of Attribute based filtering and we need something that is as good as the Zune filter yet is much more scalable.
Enter the design for Active Directory Administrative Center. This is the application in all it simple might and glory once you have navigated to a folder (called Organizational Unit in Active Directory) full of user accounts.
In the following screens we will focus in on the list area:
- A: Title. Tells you the name of the folder and number of items in the folder or the number of items in the filter
- B: Free text filter. Filters across most attributes
- C: Add criteria button. Lets you add rules or attributes to your query
- D: Saved queries.
- E: Button for saving the current filter.
We also change the background color to indicate that the list is filtered. Hit ESC to clear the free-text filter. CTRL+E will set focus on the free-text filter.
We added the free-text filter because most times you can get by with a quick search even when you have a couple of thousand records in a given folder. If you have more than a couple of thousand records you may need more advanced filtering. The ‘Add criteria button’ provides a set of rules (see Different kinds of Filtering) and a list of attributes to filter on. Active Directory Administrative Center lets you filter on about 20 attributes. From a pure design point of view that number could be much bigger. From this applications’ perspective, we went through rounds of user testing to figure out what the right attributes were to include and it did simply not make sense to include all 150 or so attributes.
We added the idea of rules for two reasons. First of they are a helping hand in what we expect a lot of people to be filtering on all the time such as for instance “users with disabled/enabled accounts” which is really just a shortcut for “Object type = user AND Account state = disabled/enabled”. Rules can also be a way to package a filter that would otherwise not be possible to make with this design. More on that later.
To get the enabled accounts, simply click on the link “disabled” and you will get a dropdown with possible values. And we could of course have added more than one rule and several attributes. Here is just one more attribute:
Notice the ‘and’ in the beginning of each line? We automatically AND the free-text filter and the rules and attributes together. this gets us to the core of this filter design:
Criteria on different attributes are AND’ed and Criteria on the same attribute are OR’ed.
In the example above we have created a filter for
((Name starts with ‘t’) OR (Name starts with ‘a’)) AND (Type = User) AND (Free-text contains ‘hund’)
We do not allow you change the Boolean operators, and we do not allow you change the attribute once it has been added. you can remove a criteria (click the red x) and add new attributes. We do not allow you change the Boolean operators or change the attribute because that way we can take care of grouping automatically and prevent filters where you get the too much due to wrongly grouped ORs (the Cartesian product) or nothing at all due to wrongly placed ANDs.
On one hand we have avoided the raw Boolean logic exposed in products such as Winamp which we know most people have a really hard time getting right, and on the other hand we have avoided jumping through hoops as Itunes does or created a design that is inherently limited as Zune has done.
We also have created a design that can take care of about 95% of the scenarios. And if 95% is too little there is room to improve it through rules that target special cases where a set of criteria across different attributes should be OR’ed. We don’t ship any of those in Active Directory Administrative Center. We could not come up with any even through extensive user testing.
What about the last 5%?
The Active Directory team has put a lot of effort into PowerShell in Windows Server 2008 R2 so if you need a really advanced filter you can always go to command line. The alternative would be to make a GUI design that covers all cases, but honestly, I don’t believe we could do that and still keep it usable. This is a trade-off, but by not designing for all edge cases we also don’t pollute the experience for the majority of people using the application.
A little more on this specific Design
I am sure you could implement the core design idea differently and still get a great design. The following covers some specific choices we made for this implementation of the idea.
To get the query shown above we first selected Name and Type
…and then added Name again…
The new criteria is inserted under the existing criteria for Name and indented and OR’ed.
This may seem like a round-about way of adding the same attribute twice, but we chose to do it this first of all because we believe most filters will only use the same attribute once, and second because this allows us to insert the second instance of an attribute at the right spot and hence both take care of grouping and get it to visually line up without having to move criteria around after you have already interacted with them.
If you are an Active Directory admin you may very well be working across multiple domains. If you have 2 domains, say ‘Corp’ and ‘Sub’ and you want to find users with expired accounts in the User OU of either domain, you can create the query anywhere, save it and reapply it in a different OU:
I hope you have enjoyed reading about filtering as much as I have enjoyed designing for it and writing about it and if you have comments or questions, please leave them here or catch me at Twitter @rulerbreaker.
Like all other designs this was a team effort. A lot of people from our UX team (Twitter @MS_ITPro_UX) have contributed and it should go without saying that so have the great Program Mangers, Developers, and Testers who have worked on this.
Active Directory Administrative Center will ship as part of Windows Server 2008 R2 which means it is not out yet but has been presented at TEC and will also be touched upon at TechEd 2009 (session SIA326 “What Windows Server 2008 R2 Does for Your Active Directory”).