Active Directory management & automation

What's New in Adaxes 2015

Updates

Version: 3.7.11926.0
Release Date: June 26, 2015

Adaxes 2015 is a cumulative update that, besides new features and enhancements, includes all previous updates that have been made available since the release of Adaxes 2014.1.

The new version brings several major stability and performance improvements, as well as a range of important bug fixes. We've also introduced several automation enhancements and improved the mechanisms used to access Office 365.

This is a recommended update for customers using Adaxes 2014.1. All customers having a license for Adaxes 2014.1 can upgrade to Adaxes 2015 free of charge.

Automation

Archive Home Folder Action
Archive Home Folder Action

In the new version, you can archive a user's home folder to a ZIP file. This can be used to archive home folders of leaving employees for further reference or to back up important user data from time to time.

Export Exchange Mailbox Action
Export Exchange Mailbox Action

If you delete user mailboxes in your on-premises Exchange 2010 or Exchange 2013 organization, you can now export the mailox content to a Personal Storage Table (PST) file. The file can be used later to access the mailbox content or to import the data back to Exchange.

Scheduled Tasks for Approval Requests
Scheduled Tasks for Approval Requests

Now, you can automatically manage Approval Requests with the help of Scheduled Tasks. For example, you can automatically clean up Approval Requests that have already been processed.

Office 365 Management

Office 365 Management
Performance and Stability

In response to requests from our customers, we've considerably improved interaction between Adaxes and Office 365. In particular, we've implemented a mechanism to optimize and load balance requests to Office 365 sent by multiple Adaxes services sharing a common configuration. This allows to reduce the overall number of requests to Office 365 and also avoid Office 365 administrative account lockout.

Logging

Logging
Operation Result in Syslog

Starting from the new version, messages transmitted by Adaxes over the Syslog protocol contain not only descriptions of operations performed via Adaxes, but also human-readable results of such operations. This enables system administrators to easily understand whether this or that operation has succeeded, failed or suspended until approval is received.

Performance

Performance

We've made several optimizations for higher stability and better performance, which can raise the overall productivity of Adaxes implementation in your environment by three to five per cent. We've also improved the overall responsiveness of the Administration Console and the Web Interface to user actions.

Bug Fixes

  • Fixed an issue with viewing delegates of Exchange Online mailboxes. Users that have access to Exchange Online mailboxes are now again visible both in the Administration Console and the Web Interface.
  • Fixed the following error that occurred when trying to update information about an Office 365 tenant:
    Failed to connect to Office 365. Exception of type 'Microsoft.Online.Administration.Automation.MicrosoftOnlineException' was thrown.
  • Now, it is possible to add members of more than one Active Directory group to a Business Unit.
  • Fixed an issue with displaying a wrong number of members of mail-enabled groups in the Web Interface.


Updates

Update 1

Version: 3.7.12228.0
Release Date: September 28, 2015

  • Security Enhancements
    • FIPS Compliance
      The new version of Adaxes is fully compatible with the Federal Information Processing Standard (FIPS), which means that Adaxes can now be deployed on computers operating in FIPS mode.
    • Improved Security for Password Self-Service
      We've improved the security of the algorithm used to store hash codes of answers to security questions.
  • Bug Fixes
    • Fixed an issue with Web Interface access control rules caused by the Require LDAP Signing option enabled on a DC. Due to the issue, members of the groups that were allowed access to the Web Interface could not log in, while members of the groups that were denied the access, could log in successfully. Additionally, the following error appeared in Adaxes Event Log:

      Failed to fetch the list of groups the user 'username' belongs to. ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072028): A more secure authentication method is required for this server.

    • Fixed an Adaxes service crash that occurred when trying to save properties of an Office 365 mailbox associated with a tenant that has been removed from Adaxes.
    • Fixed a bug in Web Interface that could make the Add to Group operation unavailable in OUs and containers that don't contain groups.
    • Fixed an issue that prevented synchronizing log records to an external logging database when the name of an object on which an operation was performed exceeded 255 characters. A typical symptom of the issue is the following error message in Adaxes Event Log:

      Softerra.Adaxes.Logging.ExternalDatabaseException (0x80072035): String or binary data would be truncated.

    • Fixed an issue with displaying user photos when hovering the mouse over user accounts in the Web Interface.
    • To prevent backup/restore issues, now Adaxes verifies that the length of configuration object names does not exceed 64 characters not only when creating, but also when renaming them.
    • Fixed an issue that could cause a confirmation for a Home Page Action to be shown twice.
    • Now, the IADsGroup::IsMember method correctly verifies the group membership of objects whose name contains the slash ('/') character.

Update 2

Version: 3.7.12314.0
Release Date: October 14, 2015

  • Security Enhancements
    • Now, to enhance security, you can increase the pool of security questions for Self-Service Password Reset, yet leaving the number of answers required to reset a password unchanged.
    • We've optimized the algorithm used for re-enrolling users when Password Self-Service Policies applied to them change. Now, when possible, Adaxes re-enrolls users automatically.
    • Users whose accounts are disabled or expired will no longer be able to reset their passwords.
  • Bug Fixes

Update 3

Version: 3.7.12818.0
Release Date: March 18, 2016

  • Security Enhancements

    Answers to security questions used for brute force protection are no longer case sensitive.

  • Web Interface

    To make it easier to identify never expiring AD accounts, we've changed the way how the Account Expires property is displayed. Now, the Web Interface displays the Never expires value for accounts whose expiration date is not specified.

  • Scripting

    We've made the ExtendedRights class public so that you can delegate extended rights to users using custom scripts and third party code.

  • Bug Fixes
    • Fixed the Object reference not set to an instance of an object error during Self-Service Password Reset.
    • Fixed the following error that occurred when trying to view or change the list of unmanaged user accounts:

      Failed to fetch the list of unmanaged user accounts. 'domain.com' is not operational.

Update 4

Version: 3.7.13122.0
Release Date: June 22, 2016

  • Office 365

    We've improved the mechanism that is used by Adaxes to cache information on Exchange Online recipients.

  • Adaxes Service

    Now, conflicts that occur when synchronizing configuration among multiple Adaxes services are resolved automatically.

  • Web Interface

    We've given Adaxes service administrators the ability to reset users' personal settings in the Web Interface. Such settings include the preferred language, the start page, items in the basket etc.

  • Bug Fixes
    • Fixed a bug due to which not all users affected by Password Self-Service Policies received enrollment invitations by e-mail.
    • Fixed an issue with Business Rules that occurred when modifying Account Options via the Web Interface. Due to the issue, modifying any Account Option triggered Business Rules that must be executed when enabling or disabling a user account. Now, such Business Rules are executed only when the Account is disabled option is modified.
    • Fixed the One or more input parameters are invalid error that appeared in the Web Interface when modifying Account Options of a user.
    • Fixed an issue that occurred when performing searches or running reports in the Web Interface. Due to the issue, the Web Interface did not return all results when configured to show 500 objects per a page.
    • Fixed a bug in the Web Interface due to which Password Reports did not return all users.
    • Now, when Adaxes cannot read some elements of your AD schema, a correct error message will be recorded in Adaxes Event Log. Example error message:

      Failed to load the schema definition of the 'contact' object class.



Previously Released Features Included in this Cumulative Update

Updates Made Available in version 3.7.10905.0

Original Release Date: July 21, 2014

  • Office 365 and Exchange
    • From now on, Adaxes allows you to edit all properties of Exchange Online mailboxes, even the properties that are synchronized with Office 365 via DirSync (e.g. Email Addresses or Exchange Alias).
    • Now, you can grant permissions for an Exchange mailbox to a user located in a different domain than the mailbox, provided that appropriate domain and forest trusts are in place.
  • Security Enhancements
    • Now, to prevent possible username compromising, you can configure Adaxes not to store usernames in browser cookies, prevent using them in URLs, and disable auto-complete for the Username field on the Sign In page. For details, see Prevent Username Compromising.
    • We've eliminated the possibility of scanning for open ports via the Web Interface, which is especially important when the Web Interface is available from the outside.
  • Automation
    • Now, Adaxes allows managing users' home folders located in a different forest than the forest where Adaxes is installed.
    • Now, Adaxes can move and delete home directories of users containing read-only files and/or directories.
  • Web Interface
    • We've reduced the home page loading time.
    • From now on, the timeout for user authentication is sliding, which means that users actively interacting with the Web Interface will not be forced to re-login.
    • Now, with the help of Quick Search, you can find not only objects whose names start with the entered text, but also objects that contain the entered text in any part of the name.
    • Now, to specify default values for form fields, you can use controls adapted to the content of the fields. For example, now when selecting a default manager, you can browse the AD for the necessary user.
    • To make things easier for non-IT users, values of Boolean properties are now displayed as Yes/No instead of True/False.
  • Scripting
    • The ExecuteScriptContext class has been extended with the GetOffice365Credential method that allows you to retrieve credentials of the Office 365 tenant associated with the target object.
    • Now, the built-in PowerShell script editor opens much faster.
  • Miscellaneous
    • Now, you can restrict the list of Domain Controllers that Adaxes can connect to.
    • In response to requests from our customers, we have added 10 new Boolean custom properties (CustomAttributeBoolean16 - CustomAttributeBoolean25).
  • Bug Fixes
    • Fixed a possible deadlock that could be caused by actions executed asynchronously in Business Rules, Custom Commands, and Scheduled Tasks.
    • Fixed a bug that made it impossible to manage Exchange Online mailboxes of users who have the Exchange Alias property populated on premises.
    • Fixed replication issues with enabling new users for Lync.
    • Fixed an error that prevented creating or editing an Active Directory object in the Web Interface, if the Protect from Accidental Deletion field was present on the form.
    • Fixed the Access Denied error that could appear in the Web Interface immediately after a user changes their expired password.
    • Now, the Web Interface correctly displays the time when an Exchange mailbox was last logged on to.
    • Fixed handling of the Remote Desktop Services Settings property.
    • Now, unmanaged accounts are not displayed in Password Self-Service statistics.
    • Fixed the Administration Console crash when clicking the Clear All button in the Find dialog.
    • Now, Adaxes SPML provider correctly sets the Content Type property of SOAP responses.

Updates Made Available in version 3.7.11004.0

Original Release Date: September 4, 2014

  • Web Interface
    • To improve the search responce time, Quick Search now returns only objects whose names start with the entered text. The asterisk sign (*) at the beginning allows finding objects that contain the text in any part of the name.
    • Now, Web Interface displays Boolean properties of AD objects using settings configured for their editing. For example, if a drop-down list is used to modify a Boolean property, instead of True/False, Web Interface will display the text of the drop-down list item that corresponds to the property value.
  • Bug Fixes
    • Fixed Adaxes service startup delay that could occur after reinstallation of Adaxes.
    • Fixed a bug with renaming AD objects whose old and new names differ in character case only.
    • Fixed an issue with Office 365 administrative account lockout. Now, Adaxes does not cause the administrative accounts to be locked.

      The most typical symptoms of the issue are as follows: you are no longer able to manage user accounts and/or mailboxes in Office 365, and one the following errors appears in Adaxes Event Log:

      • Connecting to remote server failed with the following error message: The request is not serviced on the server. Your request is too frequent.
      • Fail to create a runspace because you have exceeded the maximum number of connections allowed: 3 for the policy party: MaxConcurrency.
      • This operation exceeds the throttling budget for policy part 'LocalTime', policy value '3000000', Budget type: 'PowerShell'.
    • Now, if the Edit button is hidden on the Office 365 section, and a user doesn't have an account in Office 365, the Create button is not displayed either.
    • Now, the Start the following program at logon option is not enabled when specifying a Remote Desktop Services profile path for a user.

Updates Made Available in version 3.7.11218.0

Original Release Date: November 18, 2014

  • Exchange
    • Reduced the time required to load recipients who have access to Exchange Online mailboxes and distribution lists.
    • Now, you can enable mail forwarding to shared mailboxes and configure recipients to accept or reject messages from shared mailboxes. Also, shared mailboxes can be specified as distribution list moderators and senders who bypass moderation.
  • Web Interface
    • Improved performance of the Web Interface when certain groups are allowed or denied the access to it.
  • Miscellaneous
    • Now, the following properties are displayed in a human-readable format:
      • msDS-LastSuccessfulInteractiveLogonTime
      • msDS-LastFailedInteractiveLogonTime
  • Bug Fixes
    • Fixed the following error that occurred when performing an operation in Office 365:

      An error occurred during authentication. Please retry your operation. If this problem persists, contact Technical Support.

    • Fixed an issue with authenticating users whose custom User Principal Name (UPN) is the same as the implicit UPN of another user.
    • Fixed the Administration Console crash when launching the visual HTML editor to edit e-mail messages.
    • Now, searching for inactive user and computer accounts using the Search-AdmAccount cmdlet also returns accounts that never logged in.

Updates Made Available in version 3.7.11709.0

Original Release Date: April 9, 2015

  • Security Enhancements
    • Fixed a vulnerability that allowed running arbitrary JavaScript code stored as a part of an AD object name or a Favorites folder name.
    • Fixed an issue with Web Interface access control rules in the DMZ. Due to the issue, members of the groups that were allowed access to the Web Interface could not log in, while members of the groups that were denied the access, could log in successfully.
  • Performance
    • We've improved performance in environments where Adaxes is used to manage multiple domains.
    • Improved the mechanism of checking the availability of Active Directory domains. Now, slowly responding domains are not marked as unavailable.
  • Logging
    • Now, to avoid issues with loading log records from an external logging database over a slow network, you can increase the time-out for loading log records.

      A typical symptom indicating that log records cannot be loaded because of a slow connection is the following error message that appears when viewing log records:

      Failed to load log records. Timeout expired.

  • Bug Fixes
    • Fixed the following error that could appear after a user from a domain managed by Adaxes logged in:

      You are authenticated as Guest since your domain (example.com) is not managed by the service.

    • Fixed Access Denied error that occurred when trying to resend SMS verification code during password reset from the Windows Logon screen.
    • Fixed an issue that prevented triggering of Business Rules on certain members of Business Units. Now, if an AD object is a member of a Business Unit on the basis of a LDAP query, operations on such an object will trigger Business Rules which include the Business Unit in their Activity Scopes.
    • Fixed the Requested value 'PendingActivation' was not found error when registering or modifying an Office 365 tenant.
    • Fixed errors that prevented management of Exchange 2007 accounts and distribution lists when the administrative credentials for managing their domain were specified explicitly. Now, credentials of Adaxes default service administrator are always used to perform operations in Microsoft Exchange 2007.
    • Now, with the help of the cmdlets from Adaxes PowerShell Module, you can manage Active Directory objects whose names are the same as aliases for well-known security identifiers, for example, BG, DU etc.
    • Fixed overlapping of long names in lists of Active Directory objects displayed in the Web Interface.
    • Fixed the following warning:

      The term 'Get-ManagedFolderMailboxPolicy' is not recognized as the name of a cmdlet, function, script file, or operable program.

? Waiting

Progress status: Checking...