The new version lets you automate user provisioning for Office 365 services. It is especially useful when it comes to assigning and re-assigning licenses, as there is no other automatic way of doing it in Office 365. New deprovisioning options enable you to automatically revoke all the licenses assigned to a terminated employee and block their corporate Office 365 account.
What's New in Adaxes 2014.1
Table of Contents
Release Date: April 10, 2014
Good news for those who are looking into Office 365 or already are there! The headline feature of this release is Office 365 management and automation. With 2014.1 you can automatically assign and revoke licenses for Office 365 users, manage Office 365 mailboxes and delegate Office 365 management tasks.
We've enhanced Business Units to be more dynamic by allowing the use of value references in membership rules. This gives you the ability to create Business Units that will have different members depending on who is viewing their content.
We've also introduced many customization and usability improvements to Adaxes Web Interface and Administration Console. These improvements seek to further streamline Active Directory management routine and give you more control over what users can do and see within AD.
Office 365 Automation and Management
This short 2-minute video highlights some of the new features and functionality that has been introduced for Office 365.
Office 365 Automation
Office 365 Management
Now you can manage Office 365 user accounts and licenses using Adaxes Web Interface, which eliminates the need to switch between multiple apps and tools for Office 365 and your on-premises environment.
Exchange Online Management
With the new version, you can manage Exchange mailboxes hosted in Office 365 in the same way you manage on-premise ones. Adaxes supports both pure cloud and hybrid deployment scenarios. In addition to user mailboxes, you can manage groups and contacts that are mail-enabled in Exchange Online.
Exchange Online Automation
Using condition-based rules, parameters of Office 365 mailboxes, such as mailbox features, policies, storage quotas and mailbox rights, can be configured automatically when a user is created, updated, added to a group, moved to another OU, etc.
Office 365 Delegation
With Adaxes, you can delegate Office 365 management tasks with granular permissions and controls. For example, you can delegate assignment of Office 365 licenses to Help Desk or managers and define, which licenses they can assign or revoke. Regular users can use Adaxes Self-Service portal to select the Office 365 services they need and have access to the desired services after an approval is issued.
Office 365 Multi-Tenancy
Adaxes allows you to manage multiple Office 365 tenants associated with either a single Active Directory domain or multiple domains.
Office 365 Passwords
Adaxes gives you an option to synchronize passwords between Active Directory and Office 365. When a password is changed for a user in Active Directory, Adaxes will immediately update the password of the associated account in Office 365. It also means that the Self-Service Password Reset feature of Adaxes can be used to reset forgotten passwords in Office 365.
Dynamic Membership Rules
The use of value references in membership rules enables you to create Business Units with dynamic content that depends on who is logged in. For example, now you can create a Business Unit that contains users whose department is the same as the department of the logged in user. Using dynamic Business Units in Security Role assignments allows you to delegate rights to users within their department, office, Organizational Unit, etc.
View Affected Objects
Now you can view which objects are included or excluded from a Business Unit by a particular membership rule. If a membership rule contains value references, you can view which objects are covered by the rule when the Business Unit is viewed by a specific user.
Add Members and Add to Group
Now Adaxes Web Interface equips you with the capability to add members to groups in bulk. The Add to Group and Add Members operations are available when browsing Active Directory, in search results, AD reports, Basket, Members and Member Of sections.
The new version gives you greater flexibility in customizing Web Interface forms and views. Now you have an option to specify which Account Options should be visible when creating, editing or viewing user accounts.
Now you have more options to customize object selection in the Web Interface. For example, when selecting a value for the Manager property, Web Interface can now display only users whose job title contains manager.
Now you can choose which user interface control to use for editing Boolean properties of Active Directory objects. It can be either a checkbox (with two or three states) or a drop-down list with customizable text for the True and False states.
Brute Force Protection
The list of Brute Force Protection options has been extended with a new one: When a login error occurs, do not show the reason and the number of login attempts left.
Self Password Reset
Now you can show/hide the links displayed in the Self Password Reset section.
Now you have the ability to add columns containing information about Active Directory objects. You can choose which columns to view when browsing Active Directory, in search results and Basket. In addition to that, you can filter and group the displayed objects by any column.
Grouping Property Values
If a property of an Active Directory object contains more than four values, the values will now be grouped in the Result Pane.
The user experience for executing long-running and bulk operations has been improved significantly.
We've enhanced the views displaying lists of Adaxes configuration objects with new columns and the ability to group and filter their contents.
Now, when selecting objects in Active Directory, you can choose between the Tree View and List View.
For this version, we massaged the code of Administration Console, so now it performs about ten percent faster.
- Windows Server 2012 R2 support
The new version of Adaxes is fully compatible with Windows Server 2012 R2.
- Submit for Approval from Script
Requests for approval can now be submitted from PowerShell scripts executed by Business Rules, Custom Commands and Scheduled Tasks. For more details, see Submitting for Approval.
- SMS via HTTP
Now Adaxes can send SMS messages over HTTP.
- New Custom Properties
We have added 10 new custom properties to store text data (CustomAttributeText21 - CustomAttributeText30), and 10 custom Boolean properties (CustomAttributeBoolean6 - CustomAttributeBoolean15).
- New Calculated Properties
The following new calculated properties have been introduced:
The distinguished name (DN) of the Organizational Unit or container, where the object is located.
The distinguished name (DN) of the Active Directory domain of the object.
The distinguished name (DN) of the manager of the operation initiator.
The global unique identifier (GUID) of the operation initiator.
The message text of the first error that occurred during operation execution. This property can be used in Business Rule actions only.
Release Date: July 21, 2014
- Office 365 and Exchange
- From now on, Adaxes allows you to edit all properties of Exchange Online mailboxes, even the properties that are synchronized with Office 365 via DirSync (e.g. Email Addresses or Exchange Alias).
- Now, you can grant permissions for an Exchange mailbox to a user located in a different domain than the mailbox, provided that appropriate domain and forest trusts are in place.
- Security Enhancements
- Now, to prevent possible username compromising, you can configure Adaxes not to store usernames in browser cookies, prevent using them in URLs, and disable auto-complete for the Username field on the Sign In page. For details, see Prevent Username Compromising.
- We've eliminated the possibility of scanning for open ports via the Web Interface, which is especially important when the Web Interface is available from the outside.
- Now, Adaxes allows managing users' home folders located in a different forest than the forest where Adaxes is installed.
- Now, Adaxes can move and delete home directories of users containing read-only files and/or directories.
- Web Interface
- We've reduced the home page loading time.
- From now on, the timeout for user authentication is sliding, which means that users actively interacting with the Web Interface will not be forced to re-login.
- Now, with the help of Quick Search, you can find not only objects whose names start with the entered text, but also objects that contain the entered text in any part of the name.
- Now, to specify default values for form fields, you can use controls adapted to the content of the fields. For example, now when selecting a default manager, you can browse the AD for the necessary user.
- To make things easier for non-IT users, values of Boolean properties are now displayed as Yes/No instead of True/False.
- The ExecuteScriptContext class has been extended with the GetOffice365Credential method that allows you to retrieve credentials of the Office 365 tenant associated with the target object.
- Now, the built-in PowerShell script editor opens much faster.
- Now, you can restrict the list of Domain Controllers that Adaxes can connect to.
- In response to requests from our customers, we have added 10 new Boolean custom properties (CustomAttributeBoolean16 - CustomAttributeBoolean25).
- Bug Fixes
- Fixed a possible deadlock that could be caused by actions executed asynchronously in Business Rules, Custom Commands, and Scheduled Tasks.
- Fixed a bug that made it impossible to manage Exchange Online mailboxes of users who have the Exchange Alias property populated on premises.
- Fixed replication issues with enabling new users for Lync.
- Fixed an error that prevented creating or editing an Active Directory object in the Web Interface, if the Protect from Accidental Deletion field was present on the form.
- Fixed the Access Denied error that could appear in the Web Interface immediately after a user changes their expired password.
- Now, the Web Interface correctly displays the time when an Exchange mailbox was last logged on to.
- Fixed handling of the Remote Desktop Services Settings property.
- Now, unmanaged accounts are not displayed in Password Self-Service statistics.
- Fixed the Administration Console crash when clicking the Clear All button in the Find dialog.
- Now, Adaxes SPML provider correctly sets the Content Type property of SOAP responses.
Release Date: September 4, 2014
- Web Interface
- To improve the search responce time, Quick Search now returns only objects whose names start with the entered text. The asterisk sign (*) at the beginning allows finding objects that contain the text in any part of the name.
- Now, Web Interface displays Boolean properties of AD objects using settings configured for their editing. For example, if a drop-down list is used to modify a Boolean property, instead of True/False, Web Interface will display the text of the drop-down list item that corresponds to the property value.
- Bug Fixes
- Fixed Adaxes service startup delay that could occur after reinstallation of Adaxes.
- Fixed a bug with renaming AD objects whose old and new names differ in character case only.
Fixed an issue with Office 365 administrative account lockout. Now, Adaxes does not cause the administrative accounts to be locked.
The most typical symptoms of the issue are as follows: you are no longer able to manage user accounts and/or mailboxes in Office 365, and one the following errors appears in Adaxes Event Log:
- Connecting to remote server failed with the following error message: The request is not serviced on the server. Your request is too frequent.
- Fail to create a runspace because you have exceeded the maximum number of connections allowed: 3 for the policy party: MaxConcurrency.
- This operation exceeds the throttling budget for policy part 'LocalTime', policy value '3000000', Budget type: 'PowerShell'.
- Now, if the Edit button is hidden on the Office 365 section, and a user doesn't have an account in Office 365, the Create button is not displayed either.
- Now, the Start the following program at logon option is not enabled when specifying a Remote Desktop Services profile path for a user.
Release Date: November 18, 2014
- Reduced the time required to load recipients who have access to Exchange Online mailboxes and distribution lists.
- Now, you can enable mail forwarding to shared mailboxes and configure recipients to accept or reject messages from shared mailboxes. Also, shared mailboxes can be specified as distribution list moderators and senders who bypass moderation.
- Web Interface
- Improved performance of the Web Interface when certain groups are allowed or denied the access to it.
Now, the following properties are displayed in a human-readable format:
- Now, the following properties are displayed in a human-readable format:
- Bug Fixes
Fixed the following error that occurred when performing an operation in Office 365:
An error occurred during authentication. Please retry your operation. If this problem persists, contact Technical Support.
- Fixed an issue with authenticating users whose custom User Principal Name (UPN) is the same as the implicit UPN of another user.
- Fixed the Administration Console crash when launching the visual HTML editor to edit e-mail messages.
- Now, searching for inactive user and computer accounts using the Search-AdmAccount cmdlet also returns accounts that never logged in.
Release Date: April 9, 2015
- Fixed an issue with Web Interface access control rules in the DMZ. Due to the issue, members of the groups that were allowed access to the Web Interface could not log in, while members of the groups that were denied the access, could log in successfully.
- We've improved performance in environments where Adaxes is used to manage multiple domains.
- Improved the mechanism of checking the availability of Active Directory domains. Now, slowly responding domains are not marked as unavailable.
Now, to avoid issues with loading log records from an external logging database over a slow network, you can increase the time-out for loading log records.
A typical symptom indicating that log records cannot be loaded because of a slow connection is the following error message that appears when viewing log records:
Failed to load log records. Timeout expired.
- Bug Fixes
Fixed the following error that could appear after a user from a domain managed by Adaxes logged in:
You are authenticated as Guest since your domain (example.com) is not managed by the service.
- Fixed Access Denied error that occurred when trying to resend SMS verification code during password reset from the Windows Logon screen.
- Fixed an issue that prevented triggering of Business Rules on certain members of Business Units. Now, if an AD object is a member of a Business Unit on the basis of a LDAP query, operations on such an object will trigger Business Rules which include the Business Unit in their Activity Scopes.
- Fixed the Requested value 'PendingActivation' was not found error when registering or modifying an Office 365 tenant.
- Fixed errors that prevented management of Exchange 2007 accounts and distribution lists when the administrative credentials for managing their domain were specified explicitly. Now, credentials of Adaxes default service administrator are always used to perform operations in Microsoft Exchange 2007.
- Now, with the help of the cmdlets from Adaxes PowerShell Module, you can manage Active Directory objects whose names are the same as aliases for well-known security identifiers, for example, BG, DU etc.
- Fixed overlapping of long names in lists of Active Directory objects displayed in the Web Interface.
Fixed the following warning:
The term 'Get-ManagedFolderMailboxPolicy' is not recognized as the name of a cmdlet, function, script file, or operable program.