Active Directory Management

The problem with native tools

Active Directory plays a major role in many critical processes within organisations.

Effective and secure Active Directory management becomes increasingly important and can at the same time be increasingly challenging, especially in large and complex environments.

Native tools for Active Directory management are inefficient as they provide only basic functionality and cannot be used for Active Directory automation, web-based administration, role-based security, cross-domain management, audit of changes, etc.

How Adaxes helps with Active Directory Management

Adaxes helps you cope with all challenges associated with Active Directory management.  Adaxes provides a number of much-needed features that make Active Directory management, maintenance and administration much more simple, secure and effective.

Adaxes includes two powerful tools for Active Directory management: Adaxes Administration Console and Adaxes Active Directory Web Interface.  Adaxes Administration Console is a desktop application that provides a GUI interface designed for the use by Active Directory administrators.  While at first glance it looks pretty similar to Active Directory Users and Computers (ADUC), there are a number of significant differences.  Apart from the functionality provided by ADUC, Adaxes Administration Console offers you plenty of great features aimed at facilitating the everyday Active Directory management, including:

  • Bulk operations on AD objects using templates (e.g.  %username% %fullname%)
    • Bulk updates
    • Additional property pages for multi-selections
    • Bulk object copy
    • Bulk password reset
  • Cross-domain Active Directory management
  • Active Directory import and export (LDIF, DSML, CSV, HTML, MS Excel)
  • Specialised views (virtual OUs) for Active Directory management
  • Cross-domain Active Directory search
  • Favorites and Basket features
  • Easy view and update of AD object properties
  • Creating mailboxes and mail-enabling recipients for Exchange 2003, 2007, 2010, and 2013
  • and much more...

The Adaxes Web Interface provides secure access to Active Directory via a standard web browser.  Administrators can use the web interface for comprehensive Active Directory management, Help Desk staff can perform operations like Reset Password or Unlock Account, regular users can search in Active Directory and carry out self-service tasks like updating personal information, changing passwords, etc.

Active Directory User Management

One of the main goals of Softerra Adaxes is to make Active Directory user management simple and efficient.  Adaxes allows you to update thousands of Active Directory users in one operation using modification templates.  For example, you can change the Display Name property of multiple users using a template like '%lastname%, %firstname%'.  Also, Adaxes enables you to assign default property values, specify a range of allowed values, and make certain user properties required.  For example, you can assign default value '90210' to the Zip/Postal Code property and make this property mandatory, specify that the Department property can contain only 'Sales', 'HR', and 'IT' values, automatically generate the Web Page property for new AD users using a template like 'http://example.com/%department%/%username%'.

Also, Adaxes aids in avoiding routine and repetitive Active Directory management tasks by giving the ability to automate user provisioning, management, and deprovisioning.  For example, after a new user is created, Adaxes can automatically create an Exchange mailbox and home folder for the user, add the user to certain AD groups, enable the user for Lync, send a welcome email, etc.  When the Department property of the user is changed, Adaxes will automatically update the group membership of the user, move the user to the OU associated with the new department, update necessary properties of the user account, execute a PowerShell script to synchronize the changes with an HR application, etc.

Specialised Views of Active Directory Content

It often happens that you need to perform certain operations on Active Directory objects that are located in different OUs or even in different AD domains and forests.  For example, members of one and the same department can be spread across multiple OUs if you have a geographically based Active Directory OU structure.  To make Active Directory management easier without changing the OU structure, Adaxes introduces virtual OUs called Business Units.  Business Units let you collectively manage objects regardless of their location in Active Directory.  Business Unit membership is determined by flexible membership criteria that allow including AD objects that match specific search parameters, objects located under a specific OU, members of AD groups, etc.

Business Units make Active Directory management even more flexible by letting you assign specific automation rules, enforce enterprise standards and delegate administrative responsibilities over members of a Business Unit.

Delegation of Active Directory Management

Delegation of administrative tasks to non-administrative level users is yet another challenge in Active Directory management.  Native Active Directory security model involves a very labour-intensive manual maintenance of multiple Access Control Lists (ACLs) across Active Directory and makes it very difficult to control what privileges users and groups are granted.

Adaxes makes the delegation of Active Directory management tasks more effective, transparent, and traceable by providing a role-based access control (RBAC) model.  Permissions necessary to perform a certain set of tasks are grouped in Security Roles (e.g.  Help Desk or Account Manager) that are assigned to users in accordance with their role in the organisation.  This approach enables centralised access management across Active Directory, helps you apply the principle of 'least access', allows you to securely and effectively grant and revoke multiple rights for multiple users and groups.

Tracking Active Directory Changes

Adaxes provides powerful means for monitoring of Active Directory management activities.  Each operation performed in Active Directory via Adaxes is logged in the Adaxes Service Log.  This allows you to track who made a change, when, from which host, etc.  You can also monitor the activities of a specific AD user or see what operations were performed on a specific AD object.

Security sensitive Active Directory changes can also be monitored through establishing an approval mechanism.  The approval-based workflow implemented in Adaxes gives you additional control over Active Directory management as it provides the ability to perform critical operations only after their execution is approved by a higher level official or administrator.

Also, Adaxes can be configured to automatically send email notifications of critical changes performed in Active Directory thus enabling you to react to suspicious activities once they have occurred.

Custom Commands for Active Directory Management

Active Directory management very often involves various in-house administrative tasks that require multiple steps to complete.  For example, every time an employee gets promoted, transferred to a new department, is assigned to a project, goes on a vacation, gets sick, etc, a variety of different activities must be carried out.  Such activities usually include updating properties of the user account, changing membership in AD groups, enabling/disabling the user, sending e-mail notifications, etc.  Performing all these operations manually could be very time-consuming and error-prone, especially if non-technical users are involved in the process.

Adaxes enables you to define your own Custom Commands to perform such complex and routine Active Directory management tasks in a single mouse click.

Using either Adaxes Web Interface or Administration Console users can execute Custom Command just as they execute any other operations on Active Directory objects.

Scheduled Tasks for Active Directory Management

Adaxes can automatically perform various tasks related to Active Directory management based on a predefined schedule.  The most typical Active Directory management tasks that can be automated with the help of Scheduled Tasks include:

  • sending password/account expiration notifications,
  • deleting inactive user and computer accounts from Active Directory,
  • automatically maintaining Active Directory group membership,
  • automatically moving Active Directory objects between OUs,
  • synchronising Active Directory with external data sources,
  • and much more...

If necessary, you can control the execution of Scheduled Tasks via approvals.  A task can be configured to request an approval for each action it executes.  Actions that require approval will not be executed until approved by a person in charge.

Adaxes is a comprehensive solution for cross-domain Active Directory management that enables you to automate user lifecycle management, securely delegate administrative duties using proven role-based access control model, effectively enforce enterprise standards on the data stored in AD, provides secure web-based access to the Active Directory environment, helps you track administrative activities within Active Directory, and much more.  As a result, Softerra Adaxes decreases administrative costs, increases security, simplifies and centralises the whole process of Active Directory management.

Other Features

Active Directory Management

Adaxes features a rule-based platform for Active Directory, Exchange and Office 365 automation, provides an enhanced web-based management environment, gives you a role-based access control model for delegating privileges, adds security with approval-based workflow, allows enforcing corporate data standards and much more.  

More Info

Active Directory Automation

Adaxes provides rule-based automation for Active Directory, Exchange and Office 365.  It allows executing sets of operations that are governed by if/else conditions before or after certain events in AD.  So, for example, after the department of a user is changed, Adaxes can then automatically update the user’s group membership and send an email notification to the user’s manager, following the rules you define.  

More Info

Active Directory Provisioning

Using condition-based rules you can automate the entire user provisioning process.  Once a new user account is created in Active Directory, Adaxes will automatically execute the rest of onboarding procedures for you: moving the user account to a correct OU, adding it to necessary groups, creating and configuring an Exchange mailbox, assigning Office 365 licences, enabling the user for Skype for Business, creating and sharing a home folder, sending a welcome email, etc.  Similarly to that, you can also automate all operations associated with user updates.  Finally, when a user is terminated, Adaxes can automatically execute all the provisioning operations in reverse, ensuring instant and errorless offboarding.

More Info

Web Interface for Active Directory

Adaxes Web Interface enables Active Directory management via a standard web browser.   It features a modern responsive design, so users can access it on their laptops, tablets, phones or any other devices.  You can set up different Web Interfaces specifically tuned for the needs of different job roles, like administrators, help desk, HR, managers, and others, giving them a clean and intuitive way to access the tasks they need.   Adaxes Web Interface also incorporates Exchange and Office 365 management, so users get a single console without the need to learn and use multiple tools for their day-to-day routines.

More Info

Web Interface Customisation

The Adaxes Web Interface is fully customisable, so you can configure it to have the exact views, forms, and operations that each user needs.  For example, administrators can have a full set of management activities in Active Directory, Exchange and Office 365 across the entire environment, whereas managers can be set to view just their subordinates and only be able to update their group membership, assign Office 365 licences and change certain AD properties.  

More Info

Active Directory Self Service

Adaxes Web Interface can act as a self-service portal for regular users.  You can granularly specify, which operations they have access to, like updating their personal info, changing their own password, searching Active Directory, managing own group membership, updating Office 365 licences, etc.

More Info

Active Directory Password Self-Service

Adaxes Password Self-Service allows users to reset forgotten passwords and unlock accounts by themselves.  To do that they need to go through a simple identity verification procedure that may involve answering security questions, SMS verification, using authenticator apps like Google Authenticator, Authy and others.  A self-password reset can be accessed from the Windows logon screen, Adaxes Web Interface or it can be integrated into your own portal.

More Info

Exchange Management and Automation

Adaxes automates Exchange mailbox management both on-premises and in Office 365.  For example, after creating a new user account in Active Directory, Adaxes can automatically create an Exchange mailbox for the user.  The database distribution of mailboxes can be done based on the first letter of the users’ surname, least number of mailboxes in the DB, the round-robin method, etc.  Adaxes can then configure the mailbox, e.g.  modify storage quotas or enable mailbox features like Unified Messaging or Archiving.

More Info

Office 365 Automation and management

Adaxes can automatically assign and revoke Office 365 licences using condition-based rules.  For example, when a new user is created in Active Directory, Adaxes can activate an account in Office 365 for the user and assign the necessary O365 licences according to the rules you define.  Different licences can be assigned to different users based on their job title, department, location, etc.

More Info

Active Directory Role-Based Security

Adaxes introduces Role-Based Access Control for Active Directory, Exchange and Office 365.  In a role-based delegation model, instead of assigning permissions to users, they are assigned to roles that correspond to actual job functions.  So, when you need to change privileges for all users with the same job function, all you need to do is modify the permissions of the associated role.  Assigning roles to users is done in a centralised manner, allowing you to easily control, who can do what and where.  With role-based delegation, you can granularly specify, which parts of Active Directory are visible to users.  For example, you can allow certain users to only view AD objects located in their own OU, while hiding the rest of the Active Directory structure from them.

More Info

Approval-Based Workflow

Adaxes allows you to add an approval step to practically any operation in Active Directory, Exchange and Office 365.  For example, you can delegate user creation to HR, but after they fill in the form and click Create, Adaxes can suspend the operation and only proceed once a member of IT staff reviews and approves it.  For more complex and security-sensitive scenarios, you can set up multi-level approvals.  Such an approach allows delegating more tasks to lower level staff without taking the risk of losing control over them.

More Info

Active Directory Reports

Adaxes comes with reporting capabilities, allowing you to monitor and analyse what’s going on in your environment.  Out of the box, you get more than 200 reports, which should cover the majority of your requirements.  For more demanding scenarios Adaxes also provides various ways to create custom reports, including using your own scripts.  It enables you to create reports of practically any complexity that can be specific to your organisation's needs.  To deliver reports to users Adaxes supports centralised scheduling and also provides a self-scheduling option, allowing users to choose by themselves, which reports they want to receive and when.

More Info

Custom Commands for Active Directory

With Custom Commands users can launch complex multi-step operations in one go.  For example, if you need to send a user on vacation, you can do it with just one click in the Web Interface.  The operation can include steps like disabling the user account, adding it to a corresponding group, sending a notification to the user’s manager, etc.  Such an approach allows you to delegate complicated tasks to users and not worry that they will miss a step or do something wrong.  Besides, you don’t over-privilege them, as you only give out permissions to execute the Custom Command as a whole, not the individual steps it consists of.  Administrators can also use Custom Commands in their day-to-day routines to make the management process simpler and accomplish the same results with a lot fewer clicks.

More Info

Scheduled Tasks for Active Directory Management

Adaxes allows you to automate various routine management tasks by scheduling them.  For example, it can automatically de-provision inactive accounts in AD, allocate users to necessary groups, maintain OU structure, etc.  You can also schedule tasks like importing new users from CSV.  Automating such a sensitive operation doesn’t mean that you need to sacrifice any control, as you can add an approval step to it.  This way users will be created in AD only after a member of IT staff reviews and approves the operation.  You can also use scheduled tasks to send various notifications to users, like reminders about their password or account expiration.

More Info

Active Directory Delegation

Active Directory management involves many different operations that require administrative privileges granted by default to AD administrators only.  Though operations like password reset or account unlock are pretty simple, they take a lot of time of highly-skilled IT staff, not allowing them to focus on more complex and important issues.  Active Directory delegation helps you optimise the productivity of the IT department by letting non-administrative users (e.g.  department managers or Help Desk operators) perform certain administrative activities in Active Directory.  

More Info
[PRODUCT_DOCUMENTS]