When Active Directory is accessed via Softerra Adaxes, native Active Directory permissions are not applied. So, once all managed domains are registered you need to grant users from these domains necessary permissions to work with Active Directory via Adaxes. Also, you may want to delegate permissions to configure Adaxes and add users to the list of Adaxes service administrators.
Delegation of Permissions in Softerra Adaxes
To delegate necessary permissions to users, you need to create a Security Role, specify corresponding permissions for this Role, select users or groups that will be able to exercise these permissions, and specify the Active Directory scope where they will be able to exercise these permissions.
In this section you can find out how to:
- Hide Active Directory objects from users
- Grant rights to create users
- Grant rights to modify account options
- Allow managers to manage their teams
- Grant rights to modify AD group membership
- Grant rights to reset passwords and unlock accounts
- Grant rights to create and modify Business Units
- Deny rights to delete users
- Grant rights to execute Custom Commands
- Grant rights to modify specific properties of AD objects
- Grant rights to move users between OUs