Active Directory management & automation

What's New in Softerra Adaxes 2012.1

Version: 3.3.8530.0
Release Date: August 30, 2012

Adaxes 2012.1 comes with many long-awaited features aimed at making the process of Active Directory management even more agile and efficient. Below are the highlights of the new major features and important changes since the previous version.

Web Interface Enhancements

Web Interface Sign In

The latest release includes a few enhancements of the Sign In process in the Web Interface.

Domainless Logon

Now users can specify only their username without the domain part (e.g. JSmith, not EXAMPLE\JSmith or jsmith@example.com) when logging in via the Web Interface.

Domainless Logon

This option is enabled by default in case Adaxes manages only one AD domain. In case Adaxes manages multiple AD domains, you will need to specify the domain that will be used by default for the username authentication.

Custom Property for Username

Now, the Web Interface can be configured to allow using any property of user accounts as the logon name. For example, users can specify their e-mail or Employee ID as the logon name.

Custom Property for Username

Username Example

You can also customize the text for the example that is displayed below the Username field in the Sign In form.

Username Example

Sign In Page Customization

It’s now possible to customize the HTML code of the top part of the Sigh In page. For example, you can add any link, place any text or even add an image to this area.

Sign In Page Customization

Copying Objects

We have equipped the Web Interface with a long-awaited feature that allows copying any type of Active Directory objects.

Copying Active Directory Objects Using Web Interface

If the Copy operation is performed frequently, you can configure the Home page to display the operation in the Actions pane. Like for any other Home page action, you can customize execution parameters for the Copy action. For example, you can configure the action to always use a specific Active Directory object as the source object for copying.

Copying Active Directory Objects Using Home Page

List View or Tree View for Object Selection

Now, when selecting the target container for creating, moving or copying AD objects, you can choose between the Tree View and List View.

Tree View is more convenient when the target container is located at the first or second level of the Active Directory tree.

Tree View

List View allows searching a container by its name which is more convenient if the needed container is located at deeper levels of the Active Directory structure.

Tree View

If a user has no permissions to view the AD structure, only the List View option is available.

Operations Available in Object Lists

In the Web Interface, if a user doesn't have any permission to perform an operation, the operation is not displayed. However, previously, in the views where Active Directory objects were displayed in lists, all operations were always available, even if a user didn't have the rights to perform an operation.

Now, when working with AD object lists, an operation is visible only if the user is assigned to a Security Role that allows him/her to perform that operation. Also if an object list cannot contain objects of a certain type, operations specific only to that object type are not displayed.

'Click to Display Objects' Link

Now, each Home page action can be configured not to display the list of available objects by default. In this case, available objects are displayed only after the user clicks the 'Click to display objects' link or types a search filter and clicks the Search button. This option reduces time required to load pages and minimizes unnecessary requests to Active Directory.

Click to Display Available Active Directory Objects

Customization of the Help and Support Links

It's now possible to customize the Help and Support links that are displayed at the top of each page in the Web Interface. You can change the links to refer to any resource you need (for example, to your local Help and Support).

Help and Support Lists Customization

Command Line for Web Interface Backup/Restore

The new version enables you to back up and restore the configuration of the Web User Interface from the command line.

Command Line for Web Interface Backup/Restore

Description for Sections in Forms and Views

From now on, you can provide a description for each section in forms and views displayed in the Web Interface.

Descriptions  for forms and Views

'View Object' Action for Home Page

A new action can now be placed on the Home page of the Web Interface. The action enables users to view Active Directory objects in customized views. If necessary, the action can be configured to allow viewing only AD objects that correspond to certain search criteria, are located under a specific OU, etc.

View Object Action

Parlez-vous français?

Our French-speaking customers can now enjoy a fully localized version of the Web-Interface. If the user's Regional Settings are set to French, the Web Interface automatically switches to French. It is also possible to switch the user interface language using the My Settings section.

French Version of Web Interface

top of page

Custom Help and Hints for Object Properties

Now, with the help of Property Patterns it is possible to provide custom help and hints for Active Directory object properties.

Custom Help and Hints for Object Properties

The hint text is displayed in a tooltip when moving the mouse over the property input field. When possible, the hint text is also displayed inside the input field (as long as the field is empty).

top of page

Protection from Accidental Deletion

Adaxes 2012.1 includes an option for protecting objects from accidental deletion. An object protected from deletion cannot be deleted even if a user is granted full control over the object.

Protection from Accidental Deletion

The Protect from accidental deletion option is set at the level of native AD permissions. This means that it is impossible to delete a protected object using Adaxes, native Active Directory tools, or any other 3rd party tools until the protection is disabled.

The option can be applied to various object types: Organizational Units, users, groups, contacts and Adaxes configuration objects (Business Rules, Custom Commands, and Business Units, etc.).

Adaxes can be configured to apply the protection automatically via Business Rules, Custom Commands or Scheduled Tasks. For example, a user account can be automatically protected from deletion after it is moved to a specific Organizational Unit.

Protection from Accidental Deletion via Business Rules

You can also specify the default value for the Protect from Accidental Deletion option using Property Patterns. For example, you can create a Property Pattern for the Organizational Unit object type and specify the default value True for the Protect from Accidental Deletion property. This means that all new Organizational Units will be protected from accidental deletion by default upon creation.

Protection from Accidental Deletion via Property Patterns

Active Directory objects can be also protected from accidental deletion in bulk with the help of the Add/Modify Property wizard.

Protection from Accidental Deletion in Bulk

When importing objects from a CSV file, you can also protect them from accidental deletion by adding the ProtectedFromAccidentalDeletion column to the CSV file.

Protection from Accidental Deletion via CSV

In order to allow a user to protect/unprotect objects from accidental deletion, they must be granted appropriate permissions via Security Roles.

Protection from Accidental Deletion - Rights

top of page

New Actions and Conditions

Account Options Condition

Now, if your Business Rule, Scheduled Task or Custom Command needs to check whether specific options of a user account are enabled or disabled, you can use a new condition - If certain Account Options are enabled/disabled.

Account Options Condition

PowerShell Script Condition

This condition type lets you check whether a condition is met with the help of a PowerShell script. It is useful for advanced scenarios when regular conditions cannot be used. For example, you can use the Script Condition during user creation to check whether an account with a specified Employee ID exists in an HR database.

PowerShell Script Condition

Modify Account Options Action

With the help of the Modify Account Options action your Business Rules, Custom Commands, and Scheduled Tasks can now modify specific options of user accounts.

Modify Account Options Action

top of page

Clipboard Operations in Administration Console

Clipboard Operations for Business Rules, Custom Commands and Scheduled Tasks

One of the most awaited features in Adaxes 2012.1 is the possibility to copy/paste contents of Business Rules, Scheduled Tasks and Custom Commands using the clipboard. Now users can copy/paste actions and conditions inside a single object or between two different objects. For example, you can copy a condition from a Business Rule and paste it into a Custom Command.

Clipboard Operations for Business Rules, Custom Commands and Scheduled Tasks

Copying Configuration Objects between Adaxes Services

Another new feature allows copying Adaxes configuration objects (Business Rules, Property Patterns, Security Roles, etc.) between different Adaxes services using the clipboard or drag and drop. The option makes the deployment of Business Rules, Security Roles, Property Patterns etc. from your testing environment to the production service easier and serves as an alternative to configuration backup/restore.

Copying Configuration Objects between Adaxes Services

top of page

Data Import and Export

Import Account Options from CSV

Previously, when importing user accounts from a CSV file, one had to specify Account Options for imported users in a single column called userAccountControl. Each account option was represented as a flag of the integer value specified in the column.

Now, each account option can be specified in a separate column. For example, if you want a user to change his/her password at the first logon, just specify True in the ChangePasswordAtLogon column.

Import Account Options from CSV

Along with the columns related to Account Options, two more columns are now available: AccountPassword and ProtectedFromAccidentalDeletion.

The table below provides the full list of properties available:

Column Name Description Example
AccountPassword The password of a user. secret
CannotChangePassword Specifies whether the account password can be changed. true or 1,
false or 0
ProtectedFromAccidentalDeletion Specifies whether an object is protected from accidental deletion. true or 1,
false or 0
ChangePasswordAtLogon Specifies whether the password must be changed during the first logon. true or 1,
false or 0
PasswordNeverExpires Specifies whether the password of the account can expire. true or 1,
false or 0
Enabled Specifies whether the user account is enabled. true or 1,
false or 0
AccountNotDelegated Specifies whether the security context of the user is delegated to a service. true or 1,
false or 0
TrustedForDelegation Specifies whether an account is trusted for Kerberos delegation. true or 1,
false or 0
AllowReversiblePasswordEncryption Specifies whether reversible password encryption is allowed for the account. true or 1,
false or 0
SmartcardLogonRequired Specifies whether a smart card is required to logon. true or 1,
false or 0
PasswordNotRequired Specifies whether the account requires a password. true or 1,
false or 0
UseDesEncryptionTypes Specifies whether Data Encryption Standard (DES) is supported for the account. true or 1,
false or 0
DontRequireKerberosPreAuth Specified whether Kerberos pre-authentication is required. true or 1,
false or 0

Updating Existing Objects during Data Import

With the help of the Update existing objects option, now it is possible to update objects during data import. If this option is selected, Adaxes will update the existing objects using the data from the file instead of throwing the 'Object already exists' error.

Updating Existing Objects During Data Import

Selecting Properties to Export

The Select Properties dialog in the Export Data wizard has become much more user-friendly.

Selecting Properties to Export

Replacing DN Suffixes in Properties

Now, if the Replace DN suffix option is enabled during data import, DN suffixes are also replaced in all DN syntax properties (properties that contain DNs of AD objects).

Commit DN Syntax Properties at the End of Data Import

A new option for data import is now available - Commit DN syntax properties after all objects are imported. If the option is enabled, all DN syntax properties of all objects being imported are saved to the directory only after all objects are imported. With the help of this option it's now possible to import files that contain objects that refer to each other (e.g. two groups that are members of each other).

Commit DN Syntax Properties at the End of Data Import

Correcting the Import Order

If the file being imported contains records in an incorrect order (child objects precede their parent objects), now Adaxes will automatically fix the order and will always import parent objects before their child objects.

top of page

Delegating Rights to Move Objects

Previously, in order to move an object, users had to be granted permissions to delete objects from the source OU and create objects in the destination OU. Now Security Roles have become more granular and include two new permissions:

  • Move Objects from - allows users to move AD objects from a given OU.
  • Move Objects to - allows users to move AD objects to a given OU.

Delegating Rights to Move Objects

With the help of the new permissions, you can allow users to perform the Move operation without giving them rights to delete and create objects. It makes delegating permissions more efficient and granular.

Miscellaneous

Improved Performance of Security Roles

We've improved the performance of access control checks made by Adaxes. This has significantly improved the overall performance of Adaxes Web Interface and Administration Console.

PowerShell Script Editor

Now, when editing scripts for Run PowerShell Script Action and PowerShell Script Condition, you can use an embedded PowerShell script editor. The editor includes all features one would expect from a modern day text editor, like syntax coloring, context IntelliSense, outlining, and much more.

PowerShell Script Editor

Unlock Account on Password Reset

Now a user account can be unlocked during password reset in just one action. The Unlock Account option is available in the Reset Password dialog both in Administration Console and the Web Interface.

Unlock Account on Password Reset

Filtering Items Available for Selection

Using the latest version of Administration Console, the selection of items from lists has become easier. The filtering option has been added to the most often used dialogs (e.g. Members/Member of, Role Permissions, Actions/Conditions). Now users can save time when searching usernames, properties, permissions, etc.

Filtering Items Available for Selection

Filtering Items Available for Selection

User Account Image Modification

The new version of Administration Console allows changing user account images using the Properties dialog for user objects.

User Account Image Modification

Add/Remove in the Direct Reports List

Now, the Organization tab of the Properties dialog for user accounts includes Add and Remove buttons for the Direct Reports list. This feature facilitates assigning many subordinates to the same manager.

Add/Remove in the Direct Reports List

Copying of Account Options

Now, when copying users, all Account Options are copied as well, and you don't have to modify Account Options every time you copy a user.

Enhanced Group Membership Management

Two new operations are now available for group objects in Administration Console: Add Members and Add to Group. You can use these operations instead of using the Members of and Member Of tabs of the Properties dialog.

Enhanced Group Membership Management

Delete Items in Auto-Completes

The Auto-Complete feature remembers what you type and automatically makes suggestions to help you populate fields. Sometimes the auto-complete suggestions are no longer appropriate. Now you can easily delete unnecessary items from auto-complete drop-downs.

Delete Items in Auto-Completes

? Waiting

Progress status: Checking...