Scheduled Tasks for Active Directory Management

Active Directory management involves a lot of activities that must be performed on a regular basis.  Very often such activities must be carried out during off hours and require a long time to complete.  Here is a list of typical routine actions that usually need to be performed periodically:

  • send e-mail notifications to users whose passwords are about to expire,
  • notify managers about soon-to-expire accounts of their subordinates,
  • delete inactive user and computer accounts from Active Directory,
  • add users to groups based on predefined rules,
  • move users across OUs if certain conditions are met,
  • synchronize Active Directory with external data sources,
  • update properties of Active Directory object using modification templates, etc.

With Adaxes you can quickly and easily automate such tasks, and you don't need to be a software developer to do this!

Scheduled Tasks is a very powerful feature for Active Directory automation that enables you to schedule the execution of practically any operation on Active Directory objects.  A Scheduled Task periodically performs a predefined set of actions on each object included in the activity scope of the task.  For example, a task that applies to user objects can be executed for all users in a domain, for members of specific groups, for users located in specific Organisational Units, for individual users, etc.  If necessary, you can exclude specific users, groups and OUs from the scope of activity of the task.  With the help of conditions, you can control whether certain actions must be performed on a particular Active Directory object.

Workflow Automation and Monitoring

When it comes to Active Directory automation, you will often want to control the execution of some critical operations, like deleting inactive accounts or adding/removing users from security groups.  A great feature of Scheduled Tasks is the ability to control their execution by submitting specific task actions for approval.  Actions that require approval will not be executed until approved by a person in charge.  Adaxes sends e-mail notifications to all authorised approvers once an operation is submitted.

To monitor operations performed by a Scheduled Task, Adaxes provides you with great reporting capabilities.  With the help of the Activity History view, you can find out what actions have been carried out by the task, when, on what objects, etc.

Password Expiration Notifications

For users, passwords always expire unexpectedly.  This often results in an increased number of Help Desk calls and losses in productivity.  This is not a problem if a user logs on to Windows interactively (via Ctrl + Alt + Del), as Windows notifies users when their passwords are about to expire.  However, if a user account is used only for VPN connections, accessing file shares or working with web applications like Outlook Web Access, users are not notified about password expiration, and as a result, forget to change their passwords in time.

With the help of the built-in Scheduled Task called Password Expiration Notifier, you can easily automate sending of email or SMS notifications to inform users about password expiration in advance.  All you need to do is enable the Password Expiration Notifier task.

To change their passwords, users can use Adaxes Active Directory Web Interface.

Account Expiration Notifications

Sometimes it is important to notify the account owner and his/her manager about expiration of the account.  With the help of the Account Expiration Notifier task, you can easily enable automated sending of account expiration notifications to users and their managers.  To start sending account expiration notifications, just enable the Account Expiration Notifier task.

Deleting Inactive Computers from Active Directory

Keeping Active Directory clean of unused computer accounts is very important.  However this can be a tedious process as it is difficult to distinguish inactive computers from computers used occasionally, or computers that have not been rebooted for a long time.

The Inactive Computer Deleter task helps you automatically purge inactive computer accounts from Active Directory.  To identify unused computers, the task uses a complex algorithm that takes into account a lot of factors.

f a computer is inactive for a certain period of time, the Inactive Computer Deleter task submits a request to disable this account and marks this computer as inactive.  If the computer is not enabled during some time after it was marked as inactive, the task submits a request to delete this computer account.  The computer is deleted only after the operation is approved by an authorised person.

Deprovisioning Inactive Users

Active Directory may contain a lot of user accounts that are not required any longer, e.g.  accounts of terminated employees, expired accounts of external subcontractors, etc.  It is very important to periodically purge Active Directory from such dormant accounts.

It is highly NOT recommended to delete terminated user accounts from Active Directory.  Instead, user accounts must be properly deprovisioned.  For example, you may need to forward all incoming emails of the terminated employee to the his/her manager, move the user's home directory to a new location, hide the user's mailbox from Exchange address lists, disable the user for Lync, etc.

To introduce strong and reliable mechanism for deprovisioning of inactive user accounts, Adaxes provides a built-in Scheduled Tasks called Inactive User Deleter.

If a user account is inactive during a certain period of time, the Inactive User Deleter task submits a request to execute the built-in Custom Command called Deprovision for this account.  You configure this Custom Command to execute deprovisioning operations specific to your environment.  After a certain period of time, the Inactive User Deleter task submits a request to delete the deprovisioned user account.  The user account is not deleted, until the operation is approved by a responsible person.

Automated Management of Group Membership

With the help of Scheduled Tasks, you can also automate the management of group memberships in Active Directory.  Based on certain conditions, you can automatically add or remove AD objects from security groups or distribution lists.  For example, if you want all users located under a specific Organisational Unit to be members of a specific group, you can create the following Scheduled Task:

Along with Scheduled Tasks, Adaxes offers other helpful features for effective Active Directory management that allow you to automate user provisioning and deprovisioning, securely delegate rights using the Role-Based Access Control model, ensure the uniformity and validity of data in Active Directory, and much more.

Other Features

Active Directory Management

Adaxes features a rule-based platform for Active Directory, Exchange and Office 365 automation, provides an enhanced web-based management environment, gives you a role-based access control model for delegating privileges, adds security with approval-based workflow, allows enforcing corporate data standards and much more.  

More Info

Active Directory Automation

Adaxes provides rule-based automation for Active Directory, Exchange and Office 365.  It allows executing sets of operations that are governed by if/else conditions before or after certain events in AD.  So, for example, after the department of a user is changed, Adaxes can then automatically update the user’s group membership and send an email notification to the user’s manager, following the rules you define.  

More Info

Active Directory Provisioning

Using condition-based rules you can automate the entire user provisioning process.  Once a new user account is created in Active Directory, Adaxes will automatically execute the rest of onboarding procedures for you: moving the user account to a correct OU, adding it to necessary groups, creating and configuring an Exchange mailbox, assigning Office 365 licences, enabling the user for Skype for Business, creating and sharing a home folder, sending a welcome email, etc.  Similarly to that, you can also automate all operations associated with user updates.  Finally, when a user is terminated, Adaxes can automatically execute all the provisioning operations in reverse, ensuring instant and errorless offboarding.

More Info

Web Interface for Active Directory

Adaxes Web Interface enables Active Directory management via a standard web browser.   It features a modern responsive design, so users can access it on their laptops, tablets, phones or any other devices.  You can set up different Web Interfaces specifically tuned for the needs of different job roles, like administrators, help desk, HR, managers, and others, giving them a clean and intuitive way to access the tasks they need.   Adaxes Web Interface also incorporates Exchange and Office 365 management, so users get a single console without the need to learn and use multiple tools for their day-to-day routines.

More Info

Web Interface Customisation

The Adaxes Web Interface is fully customisable, so you can configure it to have the exact views, forms, and operations that each user needs.  For example, administrators can have a full set of management activities in Active Directory, Exchange and Office 365 across the entire environment, whereas managers can be set to view just their subordinates and only be able to update their group membership, assign Office 365 licences and change certain AD properties.  

More Info

Active Directory Self Service

Adaxes Web Interface can act as a self-service portal for regular users.  You can granularly specify, which operations they have access to, like updating their personal info, changing their own password, searching Active Directory, managing own group membership, updating Office 365 licences, etc.

More Info

Active Directory Password Self-Service

Adaxes Password Self-Service allows users to reset forgotten passwords and unlock accounts by themselves.  To do that they need to go through a simple identity verification procedure that may involve answering security questions, SMS verification, using authenticator apps like Google Authenticator, Authy and others.  A self-password reset can be accessed from the Windows logon screen, Adaxes Web Interface or it can be integrated into your own portal.

More Info

Exchange Management and Automation

Adaxes automates Exchange mailbox management both on-premises and in Office 365.  For example, after creating a new user account in Active Directory, Adaxes can automatically create an Exchange mailbox for the user.  The database distribution of mailboxes can be done based on the first letter of the users’ surname, least number of mailboxes in the DB, the round-robin method, etc.  Adaxes can then configure the mailbox, e.g.  modify storage quotas or enable mailbox features like Unified Messaging or Archiving.

More Info

Office 365 Automation and management

Adaxes can automatically assign and revoke Office 365 licences using condition-based rules.  For example, when a new user is created in Active Directory, Adaxes can activate an account in Office 365 for the user and assign the necessary O365 licences according to the rules you define.  Different licences can be assigned to different users based on their job title, department, location, etc.

More Info

Active Directory Role-Based Security

Adaxes introduces Role-Based Access Control for Active Directory, Exchange and Office 365.  In a role-based delegation model, instead of assigning permissions to users, they are assigned to roles that correspond to actual job functions.  So, when you need to change privileges for all users with the same job function, all you need to do is modify the permissions of the associated role.  Assigning roles to users is done in a centralised manner, allowing you to easily control, who can do what and where.  With role-based delegation, you can granularly specify, which parts of Active Directory are visible to users.  For example, you can allow certain users to only view AD objects located in their own OU, while hiding the rest of the Active Directory structure from them.

More Info

Approval-Based Workflow

Adaxes allows you to add an approval step to practically any operation in Active Directory, Exchange and Office 365.  For example, you can delegate user creation to HR, but after they fill in the form and click Create, Adaxes can suspend the operation and only proceed once a member of IT staff reviews and approves it.  For more complex and security-sensitive scenarios, you can set up multi-level approvals.  Such an approach allows delegating more tasks to lower level staff without taking the risk of losing control over them.

More Info

Active Directory Reports

Adaxes comes with reporting capabilities, allowing you to monitor and analyse what’s going on in your environment.  Out of the box, you get more than 200 reports, which should cover the majority of your requirements.  For more demanding scenarios Adaxes also provides various ways to create custom reports, including using your own scripts.  It enables you to create reports of practically any complexity that can be specific to your organisation's needs.  To deliver reports to users Adaxes supports centralised scheduling and also provides a self-scheduling option, allowing users to choose by themselves, which reports they want to receive and when.

More Info

Custom Commands for Active Directory

With Custom Commands users can launch complex multi-step operations in one go.  For example, if you need to send a user on vacation, you can do it with just one click in the Web Interface.  The operation can include steps like disabling the user account, adding it to a corresponding group, sending a notification to the user’s manager, etc.  Such an approach allows you to delegate complicated tasks to users and not worry that they will miss a step or do something wrong.  Besides, you don’t over-privilege them, as you only give out permissions to execute the Custom Command as a whole, not the individual steps it consists of.  Administrators can also use Custom Commands in their day-to-day routines to make the management process simpler and accomplish the same results with a lot fewer clicks.

More Info

Scheduled Tasks for Active Directory Management

Adaxes allows you to automate various routine management tasks by scheduling them.  For example, it can automatically de-provision inactive accounts in AD, allocate users to necessary groups, maintain OU structure, etc.  You can also schedule tasks like importing new users from CSV.  Automating such a sensitive operation doesn’t mean that you need to sacrifice any control, as you can add an approval step to it.  This way users will be created in AD only after a member of IT staff reviews and approves the operation.  You can also use scheduled tasks to send various notifications to users, like reminders about their password or account expiration.

More Info

Active Directory Delegation

Active Directory management involves many different operations that require administrative privileges granted by default to AD administrators only.  Though operations like password reset or account unlock are pretty simple, they take a lot of time of highly-skilled IT staff, not allowing them to focus on more complex and important issues.  Active Directory delegation helps you optimise the productivity of the IT department by letting non-administrative users (e.g.  department managers or Help Desk operators) perform certain administrative activities in Active Directory.  

More Info
[PRODUCT_DOCUMENTS]