Active Directory management & automation

Adaxes for Education

When it comes to managing educational IT environments, the main challenge is quite obvious. Lots of students come and go every year. Managing such a number of accounts being created, archived and deleted is not easy at all, but that is just the tip of the iceberg. The real problem is that usually they all do it simultaneously. As a result IT departments experience periods of peak loading and properly handling them is extremely important for any educational institution.

So the challenge is to create, archive and delete a lot of accounts in a very small period of time in addition to everyday management of a vast amount of users. Facing this challenge can be quite difficult, but luckily there is a solution for that — Adaxes.

Automated Provisioning

Among the other great features of Adaxes that help in Active Directory management, Automated Provisioning does stand out. Shortly speaking, it transforms long and tedious provisioning procedures into a single click of a button. But let’s have a closer look at how a typical account would be created with Adaxes.

First thing you need to know is that instead of launching multiple consoles to provision a single student, everything now happens in one place — Adaxes Web Interface. It provides a form that can be completely customized to the exact needs of an educational institution, i.e. have any set fields that have to be filled in, including custom ones.

Adaxes Web Interface

An important point is that using Adaxes Web interface doesn’t actually require any advanced technical skills. As long as you are able to open a browser and type, you’re good to go. In other words, no highly qualified admins or other IT staff members are required for the process. Anybody who can handle a web browser would be more than enough, which means that more tasks can be delegated to lower level authorities.

So once all personal information is entered, the magic of Adaxes begins.

Student Provisioning with Adaxes

First Adaxes checks if operation requires approval. Once it is granted by a respective level authority or if it is not needed at all, Adaxes will create a user in Active Directory, generate missing properties, move user to a required OU, assign group membership, create Exchange mailbox, create home folder, assign Office 365 licenses and perform any custom action that can either be defined in Adaxes GUI or by executing a script. All this is fully automated with no intervention needed from IT staff at all.

Adaxes also can be integrated into an already existing provisioning workflow. For example, you can import new users from CSV files. This procedure can be scheduled, so there will be no unnecessary distractions for the IT department as well.

Student deprovisioning with Adaxes

Same thing applies to deprovisioning procedures. Disabling account, removing it from all groups, moving to a specific archive OU, revoking all the licenses, etc. — all that happens automatically, so there is no waste of time for the IT Department and, moreover, there is no chance for a security breach due to inappropriate access after students leave.

Bulk Operations

Managing an educational IT environment often suggests making same modifications to large groups of accounts throughout their lifecycle. Previously this had to be done manually or with scripts that only admins could fully understand and use. With Adaxes this problem is gone.

To modify multiple AD objects all that needs to be done is selecting them in the Web Interface (e.g. via search) and applying the modification. As simple as that.

Bulk modifications can also be scheduled. For example, at the end of the year description for all users that proceed to the next year will change automatically, their account expiration date should change and any other actions can apply. All you need to do is to predefine the time (or a time period) when it should happen.

Role-Based Access Control

Managing access permissions in educational institutions can be very tough for IT staff. There are lots of different roles with different permissions and on top of that, users occupying them change all the time. All that makes maintaining the least privilege principle extremely difficult.

To make life easier a Role-Based Access Control (RBAC) model can be used — another area where Adaxes shines. It literally does what it says on the box. It allows to delegate and manage all access permissions from a centralized console using a concept of Security Roles.

However, the best way to use RBAC is in conjunction with automation capabilities of Adaxes. Roles can be changed dynamically depending on specific properties. So, for example, if a student proceeds to the next year and requires additional permissions, you can setup Adaxes in a way that once the ‘year’ property is changed, a corresponding role is applied automatically.

Web UI for Student Self-Service Portal

We have now looked at how it all works from the administration point of view, but that’s not all. Students can also benefit from having Adaxes in the environment. Specifically, the Web Interface.

One of the ways it can be used is a self-service web portal. Students will be able to log in via a standard web browser, reset passwords and unlock accounts, edit their personal information or perform any other AD operations that can be added to the Web UI.

Custom actions can also be created that can include multiple steps but still will be resembled as single buttons on the home page of Adaxes Web UI, keeping everything simple and straightforward for end-users. E.g. students can add or remove themselves from distribution lists or request Office 365 licenses.

Adaxes also lets you to create other custom Web Interfaces for any purposes. E.g. teachers can manage their own groups (classes) by themselves with no help from IT staff required. All you need is to give them appropriate access and set the Web UI.

Conclusion

Adaxes can make an educational IT environment much more efficient by adding an extra automation layer to the system and simplifying management of large amounts of users. Implementing features like automated provisioning, role-based access control system, Active Directory web interface and others can sufficiently reduce the load on the IT staff and save both time and costs.

To request a quote contact Softerra Sales Department.

Download a FREE 30-day Trial

We provide all start-up assistance free of charge

Case Studies

See how Adaxes helps educational institutions in real world:

? Waiting

Progress status: Checking...