Adaxes is a standalone software solution that acts as a proxy between users and your Active Directory, Exchange and Office 365. It means that native tools are still in place, so, if you need, you can come back to them at any point and have direct access to your environment the same way as before.
All the Adaxes magic, such as automation rules, approval-based workflows, role-based permissions, data standards enforcements, etc. is only applied when executing operations through Adaxes. So, any of your existing scenarios or integrations, like HR or payroll systems, that directly interact with AD, Exchange or Office 365 won’t be affected and can co-exist with Adaxes.
Adaxes does not pollute your Active Directory in any way. It doesn't store any of its data in AD, doesn't change native permissions and doesn't extend Active Directory schema.
Adaxes doesn't limit you to just what's provided out-of-the-box. It allows you to easily extend and customise its built-in functionality to exactly match the specific needs of your organisation.
You can easily add your own scripts to automated workflows and actions or develop your own custom clients for Adaxes. For more details see Adaxes SDK.
Adaxes allows you to set up multiple Adaxes services that share common configuration. This enables more efficient load distribution on your system and adds a redundancy layer to it. So, if one of the services goes down, users will be automatically redirected to the nearest service available.
Adaxes allows you to manage multiple Active Directory domains even if they are located in different forests and have no trust relationships between them. As a result, all automation rules, access rights, scheduled tasks, approvals, etc. can be applied across all your environment in a unified manner.
All the actions that are performed through Adaxes are executed via service accounts with appropriate access rights in each of the managed domains.
With Adaxes there are no security compromises. All communications between Adaxes service and Adaxes clients (Administration Console, Web Interface, etc.) always use an encrypted TCP channel.
All security sensitive communications between Adaxes service and Active Directory use LDAPS or Kerberos encryption. Other connected systems, such as Exchange, Office 365 and Skype for Business use encrypted channels at all times.
All security-sensitive communications between Adaxes Web Interface and the user's web browser, such as passing credentials during login or resetting passwords, always use 1024-bit RSA encryption. So, they are secured even if HTTPS is not enabled.
To allow access to Adaxes Web Interface from outside your corporate network, you need to put the Web Interface in the DMZ. No other Adaxes components need to be exposed. The Web Interface also requires a Read-Only Domain Controller in the DMZ. Because the RODC doesn’t store passwords and has only one-way replication and the Web Interface doesn’t directly interact with Active Directory, any security risks are minimized.
To prevent possible attacks on your Active Directory through the Web Interface that's publicly exposed to the Internet, Adaxes provides a robust brute force protection mechanism.
Adaxes features a rule-based platform for Active Directory, Exchange and Office 365 automation, provides an enhanced web-based management environment, gives you a role-based access control model for delegating privileges, adds security with approval-based workflow, allows enforcing corporate data standards and much more.
Adaxes provides rule-based automation for Active Directory, Exchange and Office 365. It allows executing sets of operations that are governed by if/else conditions before or after certain events in AD. So, for example, after the department of a user is changed, Adaxes can then automatically update the user’s group membership and send an email notification to the user’s manager, following the rules you define.
Using condition-based rules you can automate the entire user provisioning process. Once a new user account is created in Active Directory, Adaxes will automatically execute the rest of onboarding procedures for you: moving the user account to a correct OU, adding it to necessary groups, creating and configuring an Exchange mailbox, assigning Office 365 licenses, enabling the user for Skype for Business, creating and sharing a home folder, sending a welcome email, etc. Similarly to that, you can also automate all operations associated with user updates. Finally, when a user is terminated, Adaxes can automatically execute all the provisioning operations in reverse, ensuring instant and errorless offboarding.
Adaxes Web Interface enables Active Directory management via a standard web browser. It features a modern responsive design, so users can access it on their laptops, tablets, phones or any other devices. You can set up different Web Interfaces specifically tuned for the needs of different job roles, like administrators, help desk, HR, managers, and others, giving them a clean and intuitive way to access the tasks they need. Adaxes Web Interface also incorporates Exchange and Office 365 management, so users get a single console without the need to learn and use multiple tools for their day-to-day routines.
The Adaxes Web Interface is fully customisable, so you can configure it to have the exact views, forms, and operations that each user needs. For example, administrators can have a full set of management activities in Active Directory, Exchange and Office 365 across the entire environment, whereas managers can be set to view just their subordinates and only be able to update their group membership, assign Office 365 licences and change certain AD properties.
Adaxes Web Interface can act as a self-service portal for regular users. You can granularly specify, which operations they have access to, like updating their personal info, changing their own password, searching Active Directory, managing own group membership, updating Office 365 licences, etc.
Adaxes Password Self-Service allows users to reset forgotten passwords and unlock accounts by themselves. To do that they need to go through a simple identity verification procedure that may involve answering security questions, SMS verification, using authenticator apps like Google Authenticator, Authy and others. A self-password reset can be accessed from the Windows logon screen, Adaxes Web Interface or it can be integrated into your own portal.
Adaxes automates Exchange mailbox management both on-premises and in Office 365. For example, after creating a new user account in Active Directory, Adaxes can automatically create an Exchange mailbox for the user. The database distribution of mailboxes can be done based on the first letter of the users’ surname, least number of mailboxes in the DB, the round-robin method, etc. Adaxes can then configure the mailbox, e.g. modify storage quotas or enable mailbox features like Unified Messaging or Archiving.
Adaxes can automatically assign and revoke Office 365 licences using condition-based rules. For example, when a new user is created in Active Directory, Adaxes can activate an account in Office 365 for the user and assign the necessary O365 licences according to the rules you define. Different licences can be assigned to different users based on their job title, department, location, etc.
Adaxes introduces Role-Based Access Control for Active Directory, Exchange and Office 365. In a role-based delegation model, instead of assigning permissions to users, they are assigned to roles that correspond to actual job functions. So, when you need to change privileges for all users with the same job function, all you need to do is modify the permissions of the associated role. Assigning roles to users is done in a centralised manner, allowing you to easily control, who can do what and where. With role-based delegation, you can granularly specify, which parts of Active Directory are visible to users. For example, you can allow certain users to only view AD objects located in their own OU, while hiding the rest of the Active Directory structure from them.
Adaxes allows you to add an approval step to practically any operation in Active Directory, Exchange and Office 365. For example, you can delegate user creation to HR, but after they fill in the form and click Create, Adaxes can suspend the operation and only proceed once a member of IT staff reviews and approves it. For more complex and security-sensitive scenarios, you can set up multi-level approvals. Such an approach allows delegating more tasks to lower level staff without taking the risk of losing control over them.
Adaxes comes with reporting capabilities, allowing you to monitor and analyse what’s going on in your environment. Out of the box, you get more than 200 reports, which should cover the majority of your requirements. For more demanding scenarios Adaxes also provides various ways to create custom reports, including using your own scripts. It enables you to create reports of practically any complexity that can be specific to your organisation's needs. To deliver reports to users Adaxes supports centralised scheduling and also provides a self-scheduling option, allowing users to choose by themselves, which reports they want to receive and when.
With Custom Commands users can launch complex multi-step operations in one go. For example, if you need to send a user on vacation, you can do it with just one click in the Web Interface. The operation can include steps like disabling the user account, adding it to a corresponding group, sending a notification to the user’s manager, etc. Such an approach allows you to delegate complicated tasks to users and not worry that they will miss a step or do something wrong. Besides, you don’t over-privilege them, as you only give out permissions to execute the Custom Command as a whole, not the individual steps it consists of. Administrators can also use Custom Commands in their day-to-day routines to make the management process simpler and accomplish the same results with a lot fewer clicks.
Adaxes allows you to automate various routine management tasks by scheduling them. For example, it can automatically de-provision inactive accounts in AD, allocate users to necessary groups, maintain OU structure, etc. You can also schedule tasks like importing new users from CSV. Automating such a sensitive operation doesn’t mean that you need to sacrifice any control, as you can add an approval step to it. This way users will be created in AD only after a member of IT staff reviews and approves the operation. You can also use scheduled tasks to send various notifications to users, like reminders about their password or account expiration.
Active Directory management involves many different operations that require administrative privileges granted by default to AD administrators only. Though operations like password reset or account unlock are pretty simple, they take a lot of time of highly-skilled IT staff, not allowing them to focus on more complex and important issues. Active Directory delegation helps you optimize the productivity of the IT department by letting non-administrative users (e.g. department managers or Help Desk operators) perform certain administrative activities in Active Directory.
If you would like a one on one session with our engineer, who will discuss your needs and demonstrate Adaxes via remote session, please select this option.
If you've already had a demo from us and are ready for the next step or you simply prefer to try things yourself, then this is the option for you.
If you'd like to have a chat with us about Adaxes, please select this option. If you'd prefer to email or phone us, our details are also here.
Armstrong is the only Softerra partner capable of delivering Adaxes Professional Services in the UK. We have customers globally and have delivered remote consultancy to customers as far as Japan. We are technically accredited by Softerra and have several years of technical expertise with this product.
This 2-day Adaxes course takes a comprehensive look at the basics of getting up to speed understanding and configuring Adaxes for your business and getting the best value from the tool.
If your organisation is large or complex then Active Directory will be playing a major role in your critical processes. So Active Directory Management is becoming increasingly important, but, as you know, increasingly challenging too, potentially taking up increasing amounts of your IT team’s valuable time...
Ask your IT team to name a list of tasks that regularly interrupt their more important, strategic work and there’s a good chance that ‘onboarding’ will appear on their list. The good news is it’s a task that Armstrong IT and our partner Adaxes can easily take off their hands...