Active Directory management & automation

Active Directory Automation

From day to day, Active Directory administrators and other staff involved in Active Directory management have to spend tons of time performing routine tasks related to user provisioning, management, and deprovisioning, group membership maintenance, security administration, etc. The use of native tools is ineffective and time-consuming at best, as they offer no opportunities for standardization of the process and are completely inefficient when it comes to Active Directory automation.

The introduction of an automated approach to Active Directory management and administration allows you to:

  • standardize and streamline user provisioning and deprovisioning,
  • reduce the time and effort associated with Active Directory maintenance,
  • improve the compliance with security policies by minimizing the human factor,
  • ensure the integrity and consistency of Active Directory data.

It becomes evident that for an effective and productive Active Directory management, the need for a solution that enables Active Directory automation is insistent. Softerra Adaxes includes powerful features that allow you to automate and streamline complex and time-consuming Active Directory tasks. Depending on certain rules and conditions, Adaxes enables you to automatically execute different sets of additional actions before or after any operation is performed in Active Directory.

Active Directory Automation - Business Rules

Active Directory Automation: User Provisioning and Deprovisioning

Active Directory automation is extremely important for user provisioning, reprovisioning, and deprovisioning, as these processes put significant burden on the administrative and management staff. Usually, Active Directory provisioning includes a number of strictly defined complex operations that vary depending on the user's position, department, or location. Performing these operations manually is highly ineffective, time-consuming, and error-prone.

Active Directory automation capabilities provided by Softerra Adaxes let you automate, speed up and secure the whole process of provisioning and deprovisioning of Active Directory users. Based on the rules you specify, Adaxes will automatically provision users with Exchange mailboxes and home folders, add users to certain security groups and distribution lists, enable users for Lync, fill in some properties of user accounts, move the accounts to corresponding OUs, execute custom scripts, etc.

Active Directory Automation - user provisioning

Active Directory Automation - user reprovisioning

Active Directory Automation - user deprovisioning

Active Directory Automation: Group Management

Active Directory automation is also essential when it concerns Active Directory group management. Errors made during manual maintenance of group memberships can result in users not having timely access to the necessary resources at best. At worst, it could lead to the accumulation of redundant group memberships and, as a result, to users having undesirable administrative access to sensitive data. If you add to this the amount of valuable hours spent on AD group management by qualified administrative staff, you quickly realize how important and significant Active Directory automation is.

The Active Directory automation means offered by Softerra Adaxes allow you to quickly and effectively address the issues described above. Adaxes enables you to dynamically maintain Active Directory group membership based on the organization-specific rules, such as 'All users in an office should be members of the security group associated with this office' or 'All users from a specific department should be on the corresponding distribution lists', etc. When Active Directory automation is configured, Adaxes will add newly created AD users to appropriate security groups and distribution lists basing on the user's location, department, position, role, etc. When the user information changes or the account is terminated, Adaxes will update the appropriate DLs and security groups without the participation of people.

Active Directory Automation - group membership

Automated Maintenance of OU Structure

Organizations keep AD organizational units (OUs) structured according to certain business, geographic, functional, or other criteria. As permissions and group policy objects are often applied on the OU level, it is highly important that all AD objects (users, computers, groups, etc.) are located in correct OUs. Maintaining the consistency of the Active Directory hierarchy across the entire organization is another challenge that can be overcome by the utilization of Active Directory automation.

The Active Directory automation feature of Softerra Adaxes enables you to automatically move newly created or updated AD objects across OUs based on certain rules. For example, when a new AD user is created, and the user's department is Sales, Adaxes will automatically move this user to the Sales OU. If the user's department is modified, this user will be immediately moved to the OU that corresponds to the new department.

Active Directory Automation - OU structure for new users

Active Directory Automation - OU structure for updated users

Furthermore, the Active Directory automation feature of Softerra Adaxes can give you even more - it is possible to automatically execute additional operations once the location of an Active Directory object is changed. For example, when a user is moved to an OU, Adaxes can automatically change the group membership of the user, update some user's properties, execute scripts, send e-mails, etc.

Active Directory Automation - when an object moved

Active Directory Automation: Exchange Management

In many business processes, Active Directory automation is closely linked with Exchange automation. For example, new user provisioning can involve not only making changes in AD, but also setting up an Exchange mailbox for the user. Adaxes allows you to automatically create mailboxes within the proper mailbox store and configure various parameters of the mailboxes, such as storage quotas, policies, mailbox access rights etc. If some changes are made to a user's account afterwards, Adaxes can reflect the changes in Exchange by making corresponding adjustments to mailbox properties or moving the user's mailbox to another store, if necessary.

Active Directory Automation via Scheduled Tasks

When you manage Active Directory, you'll often want to perform tasks like updating AD objects, sending emails, checking compliance, maintaining group memberships, or similar on a regular basis. For example, you may want to automatically remind users to change their passwords before they expire, purge inactive computer accounts from Active Directory, update properties of Active Directory objects based on certain policies, move AD objects between OUs, etc.

Fortunately, the arsenal of Active Directory automation features provided by Adaxes includes Scheduled Tasks. Using this feature you can schedule one-time or recurring AD management tasks to run automatically at any hour of the day or night. A scheduled task performs a set of actions on each Active Directory object included in the scope of activity of the task. Certain actions can be performed only if specific conditions are met.

Active Directory Automation - Scheduled Tasks

Active Directory automation requires highly reliable control capabilities, especially if you want to automate tasks like deprovisioning of inactive user accounts or management of membership in security groups. One of the most important features of Scheduled Tasks is the ability to control their execution by submitting specific task actions for approval. Actions that require approval are not executed until approved by an authorized person. Such an approach gives you complete control over all critical operations performed automatically, and makes efficient and secure Active Directory automation possible.


Active Directory automation reduces costs associated with Active Directory management, improves Active Directory security and allows you to simplify and standardize complex Active Directory tasks. Approval-based workflow provided by Softerra Adaxes facilitates Active Directory automation as it provides additional control over the process. No matter what tools are used for Active Directory management (Adaxes Administration Console, Adaxes Web Interface, Adaxes PowerShell module, ADSI scripts, Adaxes SPML provider, etc.), all the Active Directory automation activities are performed timely and accurately, saving tons of time for Active Directory administrators.

To learn more about the Softerra Adaxes, see Adaxes features and Adaxes tutorials.