Release Date: June 26, 2015
Adaxes is a solution for comprehensive Active Directory management and automation. The software facilitates the work of Active Directory administrators by automating their day-to-day activities and enabling them to manage multiple Active Directory domains in one administrative environment.
The easy-to-use Web Interface allows any user with sufficient permissions to perform a wide variety of directory-related tasks via a standard web browser. Regular users can use the Web interface as a self-service portal to update their personal information (telephone numbers, home address, etc.), manage their passwords and search the directory. Help Desk technicians can employ the interface to perform basic administrative tasks, such as resetting user passwords, unlocking, enabling or disabling user accounts. Directory administrators or users with appropriate privileges can perform comprehensive management, analysis, and monitoring of the Active Directory environment.
Adaxes 2015 is a cumulative update that, besides new features and enhancements, includes all previous updates that have been made available since the release of Adaxes 2014.1.
The new version brings several major stability and performance improvements, as well as a range of important bug fixes. We've also introduced several automation enhancements and improved the mechanisms used to access Office 365
This is a recommended update for customers using Adaxes 2014.1. All customers having a license for Adaxes 2014.1 can upgrade to Adaxes 2015 free of charge.
Below are the highlights of the new features and the most important enhancements since the previous release.
Performance and Stability
In response to requests from our customers, we've considerably improved interaction between Adaxes and Office 365. In particular, we've implemented a mechanism to optimize and load balance requests to Office 365 sent by multiple Adaxes services sharing a common configuration. This allows to reduce the overall number of requests to Office 365 and also avoid Office 365 administrative account lockout.
Operation Result in Syslog
Starting from the new version, messages transmitted by Adaxes over the Syslog protocol contain not only descriptions of operations performed via Adaxes, but also human-readable results of such operations. This enables system administrators to easily understand whether this or that operation has succeeded, failed or suspended until approval is received.
We've made several optimizations for higher stability and better performance, which can raise the overall productivity of Adaxes implementation in your environment by three to five per cent. We've also improved the overall responsiveness of the Administration Console and the Web Interface to user actions.
Release Date: September 28, 2015
Fixed an issue with Web Interface access control rules caused by the Require LDAP Signing option enabled on a DC. Due to the issue, members of the groups that were allowed access to the Web Interface could not log in, while members of the groups that were denied the access, could log in successfully. Additionally, the following error appeared in Adaxes Event Log:
Failed to fetch the list of groups the user 'username' belongs to. ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072028): A more secure authentication method is required for this server.
Fixed an issue that prevented synchronizing log records to an external logging database when the name of an object on which an operation was performed exceeded 255 characters. A typical symptom of the issue is the following error message in Adaxes Event Log:
Softerra.Adaxes.Logging.ExternalDatabaseException (0x80072035): String or binary data would be truncated.
Release Date: October 14, 2015
Release Date: March 18, 2016
Answers to security questions used for brute force protection are no longer case sensitive.
To make it easier to identify never expiring AD accounts, we've changed the way how the Account Expires property is displayed. Now, the Web Interface displays the Never expires value for accounts whose expiration date is not specified.
We've made the ExtendedRights class public so that you can delegate extended rights to users using custom scripts and third party code.
Fixed the following error that occurred when trying to view or change the list of unmanaged user accounts:
Failed to fetch the list of unmanaged user accounts. 'domain.com' is not operational.
Release Date: June 22, 2016
We've improved the mechanism that is used by Adaxes to cache information on Exchange Online recipients.
Now, conflicts that occur when synchronizing configuration among multiple Adaxes services are resolved automatically.
We've given Adaxes service administrators the ability to reset users' personal settings in the Web Interface. Such settings include the preferred language, the start page, items in the basket etc.
Now, when Adaxes cannot read some elements of your AD schema, a correct error message will be recorded in Adaxes Event Log. Example error message:
Failed to load the schema definition of the 'contact' object class.
Original Release Date: July 21, 2014
Original Release Date: September 4, 2014
Fixed an issue with Office 365 administrative account lockout. Now, Adaxes does not cause the administrative accounts to be locked.
The most typical symptoms of the issue are as follows: you are no longer able to manage user accounts and/or mailboxes in Office 365, and one the following errors appears in Adaxes Event Log:
Original Release Date: November 18, 2014
Fixed the following error that occurred when performing an operation in Office 365:
An error occurred during authentication. Please retry your operation. If this problem persists, contact Technical Support.
Original Release Date: April 9, 2015
Now, to avoid issues with loading log records from an external logging database over a slow network, you can increase the time-out for loading log records.
A typical symptom indicating that log records cannot be loaded because of a slow connection is the following error message that appears when viewing log records:
Failed to load log records. Timeout expired.
Fixed the following error that could appear after a user from a domain managed by Adaxes logged in:
You are authenticated as Guest since your domain (example.com) is not managed by the service.
Fixed the following warning:
The term 'Get-ManagedFolderMailboxPolicy' is not recognized as the name of a cmdlet, function, script file, or operable program.
To learn more about new features and improvements brought by this release, see What's New in Adaxes 2015top of page
Softerra Adaxes offers a wide variety of features essential to create a reliable
and secure environment for complete and automated user life-cycle management.
The key features of Softerra Adaxes include:
Role-Based Security Administration. Role-based administrative model enables Active Directory administrators to organize and efficiently distribute permissions among users. Permissions are arranged in separate units called Security Roles that either allow or deny users to perform a specific range of tasks. Comparing to the native Active Directory security model, Security Roles increase the productivity of Active Directory administrators and reduce the risk of potential errors.
Active Directory Management. Softerra Adaxes provides a rich set of features for Active Directory management that completely satisfies the needs of directory administrators and regular users. The feature set includes:
Directory Search. Softerra Adaxes provides a powerful search functionality
that enables users to find any Active Directory objects using the maximally flexible,
but simple to specify search criteria. The search can be performed either across
domains or in a specific domain location.
Apart from the Standard search that allows users to locate directory objects by a wide variety of search parameters, Softerra Adaxes offers the Quick and Alphabetical searches. Quick Search is useful when the user needs to quickly find an object by its name or a part of the name. Alphabetical Search allows searching for objects by the first letter of object names.
Rules-Based Automation. One of the most valuable features of Softerra Adaxes is the ability to automate routine administrative tasks. Softerra Adaxes allows users to create Business Rules that automatically perform necessary tasks when certain conditions are met. Business Rules allow automatically changing the group membership of an object, modifying object properties, managing user home directories, moving objects to new locations, deleting objects, etc.
Streamlined Provisioning and Enterprise Standards Enforcement. Softerra Adaxes provides means to avoid repetitive entering of the same information and helps observing multiple enterprise standards when creating or modifying Active Directory objects. With the help of Property Patterns, administrators can define rules for automatic generation of property values and formatting constraints that don't allow users to enter data that doesn't correspond to the corporate standards.
Approval-Based Workflow. Softerra Adaxes enables administrators to define critical operations that are executed only after their execution is permitted by a responsible person. If a user is trying to perform such an operation, the operation is suspended and an e-mail notification is sent to all its approvers. No changes are made in the directory until an approver allows the execution of the operation.
Dynamic Business Units. Softerra Adaxes allows users to collect Active Directory objects spread over the Active Directory into virtual collections called Business Units. Business Units are used to organize objects in an alternative way to manage them collectively, overcoming the restrictions of domain or organizational structures. Members of Business Units are defined by flexible membership rules that allow you to include or exclude objects dynamically, adapting to changes in the Active Directory. Business Units can include or exclude specific objects, group members, container children or results of search queries.
Active Directory Reports. Softerra Adaxes provides an extensive list of Active Directory reports that facilitate analysis and monitoring of the Active Directory environment. Reports can be created either for objects located in a specific Active Directory container or organizational unit, or for all objects in one or several Active Directory domains. Information on objects displayed in each report can be customized to represent data, detailed enough to perform effective analysis.
Password Self-Service for Active Directory. Adaxes allows users to reset forgotten passwords and unlock accounts without contacting the help desk, and thus, eliminates the biggest source of help desk traffic. To prevent malicious attacks to the self-password reset system, Adaxes provides a number of strong and reliable security measures. To validate the user's identity, Adaxes uses Security Questions & Answers, and/or Verification Code sent by SMS or Email.
Customization. Adaxes includes extensive customization capabilities that allow aligning the software with unique business processes and requirements. With the help of Custom Commands, complex and routine tasks specific to your work environment can be performed at a single mouse click. The Web Interface can be configured separately for Administrators, Help Desk operators, and Self-Service. For each role, you can customize forms for object creation and modification, define which activities users can perform, allow users to view only specific Active Directory objects, disable certain features of the Web Interface, customize the Active Directory search and browsing capabilities, etc.
Scheduled Tasks for Active Directory. It is often required to run various Active Directory management tasks on a regular basis. With Adaxes you can schedule a wide range of operations, such as:
Logging. By logging all operations performed via Softerra Adaxes in a centralized fashion, the product allows administrators, auditors or any other users to view, who performed what operations, when, on what objects, filter data to view all operations performed from a specific host within a specific period of time, etc.
Exchange Management and Automation. Softerra Adaxes enables administrators, help desk, and other staff to manage recipients in several Microsoft Exchange servers from a single web-based administrative console, and spares the need to switch between several tools for Active Directory and Exchange management. The management of Exchange mailboxes can become significantly faster, less error-prone and much simpler due to the vast capabilities of Web Interface customization for Exchange tasks. The extensive Exchange automation means supplied with Adaxes provide the ability to automate the creation and management of mailboxes, distribution lists, and mail-enabled recipients in Exchange. Supported Exchange versions: 2003, 2007, 2010, and 2013.
Office 365 Management and Automation. Adaxes delivers the infrastructure necessary to automate user provisioning and ongoing management of access to Office 365 services. With the help of condition-based rules, Adaxes can be configured to automatically assign and reassign Office 365 licenses when a user is created, modified, added to a group, moved to another OU, etc. As a part of the deprovisioning process, Adaxes can automatically revoke Office 365 licenses and block user access to their Office 365 account. Apart from automated distribution of Office 365 licenses, Adaxes can be used to automatically configure Office 365 mailboxes, mail-enabled contacts and groups. Management of Office 365 accounts and mailboxes along with Active Directory identities is centralized in a single web-based administrative console.
Automated Provisioning for Lync. Softterra Adaxes provides the possibility to enable and disable users for Lync automatically. For example, you can enable new users in Lync as a part of the user provisioning process. On deprovisioning, you can also disable users for Lync. Adaxes supports Microsoft Lync 2010 and 2013.
Active Directory Management with PowerShell. Adaxes is delivered with a PowerShell module that includes a PowerShell provider and a set of cmdlets for Active Directory management from the command line. The PowerShell module lets users benefit from features like cross-domain management, automated provisioning, approval-based workflow, enforcement of enterprise standards, etc. For example, when an AD user is created using PowerShell, Adaxes can automatically add this user to certain groups, provision this user with a home directory and Exchange mailbox, ensure that the data specified for the user account corresponds to the established organization standards, send e-mail notifications, etc.
SPML Support. Softerra Adaxes can be integrated in SPML-enabled provisioning systems to exchange provisioning data via the SPML v.2 protocol.
For the product requirements and instructions for Softerra Adaxes installing and uninstalling, see Installation Notes.
The Adaxes service does not start on a workstation and the system event log contains the following error messages:
The Adaxes Service uses the account of the default service administrator to log on to the system. During the service installation on a workstation (not on a domain controller), the setup program grants the 'Log on as service' right to this account locally on this workstation via the Local Policy settings. If there is a conflicting domain-based Group Policy object that grants the 'Log on as service' right to other users, the local right granted by the setup program will be removed during the Group Policy refresh, because the domain-based Group Policy settings override the Local Policy settings. If this happens, the Adaxes service will not start.
To work around this behavior, contact your domain administrator to grant the 'Log on as service' right to the account of the default service administrator in a precedent domain-based Group Policy.
This behavior is by design. The Domain Group Policy overrides the Local Policy settings.