Active Directory management & automation

Manage and Automate Office 365

With the help of Adaxes, you can provision Office 365 accounts for Active Directory users, assign and revoke licenses for Office 365 services, as well as deactivate Office 365 accounts. If your Office 365 plan includes a license for Exchange Online, Adaxes will also allow you to manage mailboxes and distribution lists in your Exchange Online organization. In addition to that, Adaxes lets you automate routine and repetitive Office 365 and Exchange Online management tasks.

In this tutorial, you will learn how to complete the 4 easy steps required to configure Adaxes for Office 365 management:

  1. Register Office 365 Tenant
  2. Automate Office 365 User Management
  3. Delegate Office 365 Tasks
  4. Customize Web Interface for Office 365

Adaxes and DirSync

It is possible to use Adaxes in environments where Active Directory is synchronized with Office 365 with the help of DirSync. In such environments, Adaxes can be used to provision and deprovision Office 365 accounts and also manage Office 365 licenses, while DirSync will take care of the synchronization between your AD and Office 365.

Register Office 365 Tenant

To enable Office 365 management in Adaxes, first, you need to register an Office 365 tenant. A tenant represents an Office 365 organization in Adaxes and allows you to associate it with your AD environment.

With Adaxes, you are not limited to a single Office 365 tenant. If you have two or more Office 365 tenants that you need to manage, Adaxes provides you with a flexible way to define, which part of your Active Directory belongs to which tenant.

How to register an Office 365 tenant

To communicate with Office 365, Adaxes requires Microsoft Azure Active Directory Module for Windows PowerShell (version 8362.1). You need to download and install it on the computer where your Adaxes service is running. To do this:

Launch Adaxes Administration Console. In the Console Tree, expand Adaxes service \ Configuration \ Cloud Services and select the Office 365 node.

In the Result Pane (located to the right), click New.

On the Office 365 Administrator Account page, specify credentials of an Office 365 account that has administrative permissions within the Office 365 organization you want to register. The account must be assigned either to the Global Administrator or the User Management Administrator role in Office 365.

Click Next.

On the Tenant Details page, specify a display name for the tenant.

The tenant will appear under this name when viewing or editing an Office 365 user account associated with it.

View screenshot

Under Office 365 plans, select which Office 365 plans will be available when assigning Office 365 licenses to users associated with the tenant. Unchecked plans will not be visible in Adaxes and you won't be able to assign them to any user that belongs to the tenant.

Each plan can provide access to one or more Office 365 services. You can define, access to which services will be granted to users when they are assigned to a particular plan. Also, you can specify a name under which the plan will appear in Adaxes.

How

  • Click the necessary plan.

  • Select the available Office 365 services in the Office 365 Services list.

  • By default, Office 365 plans are displayed under the names assigned to them in Office 365. In the Display name field, you can specify a different name that will be used by Adaxes when displaying the plan.

    View screenshot

By default, when a user's password is changed in Active Directory, the new password cannot be used to authenticate in Office 365 right away. Even if passwords are synchronized with the help of DirSync, it takes some time before the next synchronization occurs.

To automatically set or update a user's password in Office 365 once a new user is created or a user's password is changed with the help of Adaxes, check the Synchronize passwords option.

By clicking on the More options link, you can configure additional synchronization options.

Temporary Passwords

Office 365 does not allow creating accounts without a password. When Adaxes is configured to synchronize passwords, and an Office 365 account is activated automatically when creating a new user, the new user password will be set both in Active Directory and in Office 365. However, if Adaxes is configured not to synchronize passwords or if a password specified for a new user does not meet Password Policy requirements, Office 365 will generate a random temporary password.

In the Temporary Passwords section, you can define how temporary passwords generated by Office 365 will be communicated to users:

Display the temporary password in the Execution Log

Select this option to show the temporary password in the Execution Log of the operation during which an Office 365 account is created.

View screenshot

Email the temporary password to

Select this option to have a temporary password sent by e-mail. In the associated edit box, specify a semicolon-separated list of recipients.

Click the button located to the right to select recipients in Active Directory.

You can use value references when specifying email addresses of recipients. When an Office 365 account is created for a user, value references will be replaced with corresponding property values of that user. For example, if you enter the following template: %mail%, a temporary password will be sent to the user's e-mail address.

More examples

  • %adm-ManagerEmail% - a password will be sent to the user's manager.
  • %adm-InitiatorEmail% - a password will be sent to the user who activates the Office 365 account.
  • %adm-InitiatorManagerEmail% - a password will be sent to the manager of the user who activates the Office 365 account.
Passwords are sent in clear text via e-mail.

On the Associated Active Directory Scope page of the wizard, click Add to associate the Office 365 tenant with objects in Active Directory. In Adaxes, it is possible to manage Office 365 settings of objects associated with an Office 365 tenant only.

If you use Adaxes together with DirSync, it is recommended to adjust the AD scope of your tenant in accordance with DirSync filtering settings.

In the Tenant Associated Scope dialog, select one of the following items:

  • All Objects - select if you want the tenant to be associated with all objects in all AD domains managed by your Adaxes service.

  • Specific Domain - select if you want the tenant to be associated with all objects in the AD domain you specify.

  • OU or Container - select if you want the tenant to be associated with the objects located under the selected Organizational Unit or container.

  • Group - select if you want the tenant to be associated with the selected group and/or objects that are members of the selected AD group.

  • Business Unit - select a Business Unit if you want the tenant to be associated with objects that belong to the Business Unit you specify. To view available Business Units, select the Business Units item in the Look in drop-down list.

    Viewing Business Units

Select the item you need and click Add. When finished, click OK.

You can also exclude some parts of your Active Directory from the scope of a tenant. For example, if you've associated a tenant with an Organizational Unit, but do not want to associate the tenant with members of a certain AD group located in that OU, you can exclude the group from the scope of the tenant explicitly. To exclude an object, select the Exclude the selection option in the Associated Scope Options dialog box.

Step by step

  • In the list of available AD objects, select the object you want to exclude.
  • Click Add.
  • In the Associated Scope Options dialog, select the Exclude the selection option.

  • Click OK.

When done, click Finish.


In Adaxes, you can manage multiple Office 365 tenants. In a multi-tenant environment, if an object falls within the scope of two or more Office 365 tenants, the object will be associated with a tenant that is of a higher precedence. To change the precedence order of a tenant:

  • Select the tenant you need in the Result Pane.
  • Click the Move Up Move Down buttons to change the precedence order of the selected tenant.

To view all AD objects associated with a tenant, select the tenant you need and click the Show All Associated Objects button located under the Associated Active Directory Scope list.

If the Associated Objects dialog doesn't display some objects that fall within the scope of the selected tenant, it means that another tenant with a higher precedence also includes the objects in its associated scope.

To view the Office 365 tenant for a specific AD object, click the Lookup Tenant for Object button located under the tenant list.

Automate Office 365 User Management

Adaxes allows you to automate the management of Office 365 accounts. For example, using a Business Rule triggered when new users are created in AD, you can automatically assign Office 365 licenses for them based on their department, office, location in the AD hierarchy or any other principle. A Business Rule triggered on user modification can be used to adjust the licenses assigned to a user when a user's role within the organization changes.

For information on how to assign Office 365 licenses automatically, see Automatically Assign Office 365 Licenses.

Delegate Office 365 Tasks

Using Security Roles, you can delegate Office 365 management tasks to users. You can allow users to activate and deactivate accounts in Office 365, as well as assign and revoke Office 365 licenses.

For information on how to allow users to perform Office 365 tasks, see Grant Permissions to Perform Office 365 Management Tasks.

Besides managing Office 365 accounts, users can also manage Exchange Online mailboxes associated with them. The permissions to manage Exchange mailboxes are also configured with the help of Security Roles. For more information, see Grant Permissions to Perform Exchange Tasks.

Customize Web Interface for Office 365

Adaxes Active Directory Web Interface allows users to activate and deactivate Office 365 accounts, assign and revoke Office 365 licenses, as well as view Office 365 account settings.

You can allow managing Office 365 account settings on the pages for creating, viewing and editing users. For this purpose, you need to add the Office 365 properties section.

For information on how to add and configure the section, see Customize Forms for User Creation and Editing - Office 365 properties.

Additionally you can create a separate action that will allow editing Office 365 settings directly from the Web Interface home page.

For more details, see Edit Office 365 Properties.

Apart from management of Office 365 account settings, Adaxes also allows managing Exchange Online mailboxes.

For information on how to configure management of Exchange mailboxes, see Configure Exchange Tasks.

? Waiting

Progress status: Checking...