Active Directory management & automation

What's New in Adaxes 2013.2

Version: 3.6.9925.0
Release Date: October 24, 2013

For Adaxes 2013.2, we focused on making Active Directory automation even more efficient and flexible, enhancing the logging and notification features, improving Password Self-Service, preventing brute force attacks on Web Interface, and much, much more - all to make Active Directory management easier, faster, and secure.

We paid a lot of attention to detail, even to small things that are really unnoticeable at first glance. Many improvements and ideas suggested by our customers are included in this release. As usual, we made great efforts to enhance performance of Adaxes, making it even more faster and productive.


Logging

External MS SQL Database
External MS SQL Database

Now Adaxes can be configured to store log records in an external MS SQL database. This option is especially helpful if you have multiple replicated Adaxes services, as log records generated by all the services will be stored in one database. Adaxes supports distributed MS SQL databases (databases that are spread out over several hosts).

Syslog Support
SIEM Integration via Syslog

The new release introduces support for the Syslog protocol, allowing you to integrate Adaxes into SIEM (Security Information and Event Management) products and enterprise audit logging solutions.

Web Interface

Brute Force Attack Protection
Brute Force Attack Protection

Adaxes Web Interface is now protected against brute-force attacks aimed at stealing passwords and locking out accounts. The protection measures include captcha verification, web server response delays, and security questions.

Group Membership Filtering
Group Membership Filtering

Now you can configure the Members and Member Of sections to display only objects that match certain criteria. For example, you can configure Member Of section to display only groups whose name contains Office. Or, you can configure Members section to display only users belonging to the department of the logged-on user.

Adding New Web Interfaces
Adding New Web Interfaces

Adding new Web Interfaces is now very easy. Instead of manually copying files and configuring IIS, now you can use a simple user interface. But what is more important is that you don't need to do anything when upgrading to a newer version of Adaxes, as the job to upgrade custom Web Interfaces is done by the Backup/Restore utility.

Enhanced Active Directory Reports
Enhanced AD Reports

All Active Directory reports related to password management now honor Fine-Grained Password Policies. Also, we have added two new reports: Recently Created Groups and Recently Modified Groups.

Refined Active Directory Pane
Refined Active Directory Pane

The Active Directory pane serves to display specific AD objects on the Home page. We have added an option to show different objects depending on who is connected to the Web Interface. For example, you can configure the pane to display a group called Staff that is located in the Organizational Unit of the logged-on user.

More Options for Active Directory List Views
More Options for List Views

Now, list views for Active Directory objects can display columns that show custom object properties stored in Adaxes (e.g. CustomAttributeText1). Also, we have added an option to set the default page size for Active Directory object lists.

Automation

Scheduled Task Load Balancing
Scheduled Task Load Balancing

In the new version it is possible to bind a Scheduled Task to a specific Adaxes service. A task bound to an Adaxes service runs on that service only and under no circumstances is reassigned to another one. This option is helpful if you have multiple replicated Adaxes services and want to manually distribute the load across them.

Scheduled Tasks Management
Scheduled Tasks Management

It has become easier to control execution of Scheduled Tasks. The tasks that are currently running are highlighted bold in the Console Tree. For each task you can view the host on which it runs, how long it runs, and the duration of the last execution. Also, now you can manually stop a Scheduled Task that is currently running.

More Flexible Actions/Conditions
More Flexible Actions/Conditions

Now you have more flexibility when working with Business Rules, Custom Commands, and Scheduled Tasks, as we have extended some actions and conditions to support value references. This enables you to define different behaviour depending on the object on which the operation is performed and the operation initiator.

Actions and conditions

Value references are now supported in:
  • Add/Remove object from group action
  • Move object action
  • If located under <location> condition
  • If is a member of <Group> condition
  • If the initiator is a member of <Group> condition
  • If the initiator is <User> condition
HTML Email Notifications
HTML Email Notifications

E-mail notifications sent by Business Rules, Custom Commands, and Scheduled Tasks can now be formatted as HTML. To compose HTML-formatted notifications you can use the embedded visual HTML editor.

Approval Workflow

Improved Group Membership Support
Improved Group Support

The Approval Workflow module now supports scenarios in which objects are managed by a group of users. When a request is submitted for approval to the owner or manager of an object, and the owner/manager is a group, members of the group are recognized as approvers and are able to approve or deny the request.

Viewing and Notifying Approvers
Viewing and Notifying Approvers

Now, when working with approval requests in Adaxes Web Interface, it is possible to view all approvers authorized to approve a specific request, and send them email notifications and reminders.

Permission Delegation

Secretary and Assistant
Secretary and Assistant

The new version introduces two new security principals: Secretary and Assistant. When a Security Role is assigned to one of the principals, the permissions are granted to the user or group specified in the Secretary or Assistant property of a user account.

Password Self-Service

System Tray Notification to Enroll
System Tray Notification to Enroll

Now Adaxes can periodically remind users to enroll for Password Self-Service by popping up a balloon in the system notification area (system tray).

Administration Console

Grouping
Grouping

The first thing you will see when you open Adaxes Administration Console is the new Result Pane. Among other improvements, it allows you to arrange Active Directory objects into groups, which greatly enhances user experience when browsing and managing Active Directory. The Grouping feature is available in the Result Pane, Find dialog, and Basket.

Data Import/Export
Data Import/Export

By following the expectations of our customers, we have improved the Import/Export wizard.
Here is what we have done:

  • Export of Adaxes custom properties allowed.
  • Data validation for CSV files enhanced.
  • Support for Macintosh line breaks added.
  • BOM support for UTF-8 CSV files added.
Improved Performance
Improved Performance

We have seriously worked on performance improvements for Adaxes Administration Console. As a result, Active Directory browsing and searching now work several times faster than before.

And more!

  • Automation
    • A new condition for Business Rules, Custom Commands and Scheduled Tasks added: If account/password expires.
    • Introduced two new virtual (calculated) properties: adm-ManagerPhone and adm-InitiatorManagerPhone. The properties can be used to retrieve the phone number of user's manager and the manager of the operation initiator.
    • Error reporting enhanced for the Run PowerShell script action and If PowerShell script returns true condition.
  • Logging
    • The way how operations on Adaxes configuration objects are logged has been improved (got rid of tons of log records generated by one operation).
    • Log records for Approve, Deny and Cancel operations are now human-readable.
  • Password Self-Service
    • Now Adaxes allows users to enroll for Password Self-Service if the only enabled verification method is SMS Verification, there is no mobile number assigned to a user account, and the user has the right to update their mobile number in Active Directory.
    • ADMX administrative template for GPO is now available for Adaxes Self-Service Client.
  • Web Interface
    • Now users can be logged on to multiple Web Interfaces simultaneously.
    • The following pages can now be set as the default start page: Home, Search, Reports, Basket, My Favorites, My Properties, My Department, My Managed Objects, My Approvals, My Requests, and My Settings.
    • The My Properties page now has a separate URL. You can publish the URL to allow users to edit properties of their own account.
    • Now, in the Web Interface Configuration tool, instead of entering object DNs manually, you can use a user-friendly interface to select Active Directory objects.
  • Administration Console
    • Now, using Administration Console you can change primary groups of users in Active Directory.
    • The Unlock Account and Reset Account operations can now be performed in bulk.
    • Now you can use the embedded visual HTML editor in the Hint & Help dialog for Property Patterns.
  • New option in the Adaxes installer: Open Adaxes ports in Windows Firewall.
  • Support for SPML Connectors dropped.
  • Discovery of Adaxes services improved. Now we use Active Directory sites to find the nearest instance of Adaxes service.

Updates

Update 1

Version: 3.6.10022.0
Release Date: November 22, 2013

  • Web Interface
    • Reduced load time for Web Interface pages.
    • Added an option not to show server names in error messages.
    • Now, Web interface can be embedded into web pages as an inline frame.
    • Added the Always perform on a specific AD object option to Home Page Actions that launch Custom Commands.
  • Miscellaneous
    • Now, when configuring SMS settings, you can use the plus character ('+') in e-mail addresses.
  • Bug Fixes
    • Fixed the Administration Console crash when trying to delete an object in the Find dialog.
    • Fixed a bug that prevented renaming objects in the Web Interface if the new name was generated by a Property Pattern.
    • Fixed the following error in the View Approvers section of the Web Interface: The specified directory property is not supported.
    • Fixed an issue that caused loss of Web Interface settings for Custom Commands when restoring Web Interface configuration.
    • Fixed errors that prevented restoring Web Interface configuration from backup files generated by Adaxes 2011.3 and earlier.

Update 2

Version: 3.6.10109.0
Release Date: December 10, 2013

  • Fixed a bug that made it impossible to view Management History and Management Activity if Adaxes stores log records in an external MS SQL database.
  • Now, Custom Commands whose execution is explicitly denied for a user, are not displayed in the Web Interface.
? Waiting

Progress status: Checking...