Active Directory management & automation

What's New in Softerra Adaxes 2011.2

Version: 3.1.7124.0
Release Date: June 24, 2011

The new release of Softerra Adaxes is aimed at making Active Directory management processes even more effective and efficient. Below are the highlights of the new major features and important changes in Softerra Adaxes 2011.2.

New Approval Workflow Options

The new version introduces the following new options for the approval-based workflow:

  • Owner of the requestor's OU. The owner of the Organizational Unit (OU) containing the account of the user who initiated the operation can approve or deny this operation.
  • Manager of the target object. The manager of the AD object on which the operation is performed can approve or deny this operation.
  • Owner of the target object. The owner of the AD object on which the operation is performed can approve or deny this operation.
  • Owner of the target object's OU. The owner of the Organizational Unit (OU) containing the AD object on which the operation is performed can approve or deny this operation.

Modifying DN Properties Using Templates

Now, when modifying AD objects properties that contain Distinguished Names (DNs) of other objects, you can use modification templates. For example, if you need to forward all incoming messages of a user to his/her manager, you just need to set the value of the Forward To property of this user to %manager%.

Business Rules and Custom Commands

Extended Capabilities of the Execute Script Action

Now, PowerShell scripts launched by Business Rules can access and modify practically any parameter of the triggering operation via the pre-defined variable called Context. With the help of this variable, a script can determine whether a property was modified during the operation, get the value entered by the user for this property, modify this value, cancel the operation, update the operation Execution Log, etc.

For example, to validate that Employee ID specified for new users is unique and formatted correctly, you can create a Business Rule that will execute the following PowerShell script before creation of new user accounts:

        Import-Module Adaxes
        if ($Context.IsPropertyModified("employeeID"))
        {
            $value = $Context.GetModifiedPropertyValue("employeeID");
            # Validate employeeID
            if ($value.Contains("-"))
            {
                $Context.Cancel("employeeID is invalid.");
                return;
            }
            # Ensure that the employeeID is unique
            if ((Get-AdmUser -Filter 'employeeID -eq $value') -ne $NULL)
            {
                $Context.Cancel("A user with the specified EmployeeID already exists!");
                return;
            }
        }
        

For more details, see tutorial: Validate/Modify User Input Using a Script.

Launching Business Rules Before/After Resetting Passwords

Now it is possible to launch Business Rules before or after resetting user passwords. For example, you can define a Business Rule that will send the new password to the user or force the user to change the password at the next logon.

Home Page Actions

Value References Support

When configuring Home Page Actions for the Adaxes Web Interface, now you can use value references. For example, using the value reference %adm-InitiatorParentDN%, you can configure the Create User action to always create new accounts in the OU of the user who initiated the operation.

Also you can use value references when specifying default property values for Create Object and Modify Object actions. For example, you can automatically set the user who is performing the operation as the Manager of the target object.

Specifying the Top-Level OU

When configuring Create Object and Move Object home page actions, now you can allow users to create/move objects only to OUs that are located under a specific Organizational Unit.

New Virtual Properties

In the new version, you can use the following calculated (virtual) properties in value references:

Property Name Description
adm-InitiatorParentDN The distinguished name (DN) of the OU/container, where the user who initiated the operation is located.
adm-InitiatorDomainDN The DN of the AD domain, where the operation initiator is located. For example, if you specify the value CN=Users,%adm-InitiatorDomainDN%, the value reference %adm-InitiatorDomainDN% will be replaced with the DN of the domain of the user, who performed the operation that resulted in the property resolve. So, if this user is located in the domain example.com, the resulting value will be CN=Users,DC=example,DC=com.
adm-OperationDescription The description of the current operation. You can use this virtual property to insert the description of the operation to e-mail notifications sent by a Business Rule. To do this, you need to insert the %adm-OperationDescription% value reference into the text of an e-mail notification. In this case, e-mail message will contain detailed description of the operation that triggered the Business Rule.

Filtering for AD Object Properties

In the Add/Modify Property wizard and the Insert Value Reference dialog, you can easily filter property names, which significantly speeds up the selection of the property you need.

Back Up/Restore Configuration

GUI Tool For Backup and Restore

Now you can back up and restore the configuration of your Adaxes service using a user-friendly GUI tool.

Back Up Credentials Option

Now you have an option to include credentials used by the Adaxes service to the backup file.

Enhanced Backup and Restore for the Web Interface Configuration

Now you can back up and restore the configuration of multiple Web Interface types, including custom Web Interfaces.

Backup/Restore in Adaxes Installer

Now, prior to uninstalling Adaxes, you can back up the configuration right from the Installation Wizard.

When Adaxes is installed, you can restore the configuration of the Adaxes service and Web Interface on the last step of the Installation Wizard.

Unmanaged Accounts

Now it is possible to add user accounts that you don't want to manage with the help of Adaxes to the list of unmanaged accounts. Unmanaged user accounts are not displayed in the Adaxes environment and are ignored during license validation.

? Waiting

Progress status: Checking...