Active Directory management & automation

Tutorials

Make Employee ID a Required Property & Specify its Format

With the help of Adaxes, it is possible to specify the format for any property of Active Directory objects. Also, Adaxes allows setting any AD property as required without modification of the Active Directory schema. In this tutorial, you will learn how to make the Employee ID property mandatory and make sure this property is formatted correctly.

To configure Adaxes to verify that the Employee ID property is always specified and validate the format of this property, you need to create a Property Pattern for the User object type and specify certain constraints for the Employee ID property.

1Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Property Pattern. The Create Property Pattern wizard will open.

Launching the Create Property Pattern wizard

2Enter the name for the new Property Pattern and click Next.

3Here you need to select the AD object type, properties of which the new Property Pattern will affect. As we want to set certain constraints for the Employee ID property of user objects, select User in the Object Type list and click Next.

Selecting the object type

4 At the Configure Property Pattern page, you can specify value generation options and formatting constraints for the AD properties you need. Click Add, select the Show all properties option in the drop-down list and select the Employee ID property.

Select an AD object property.

5 In the Add Property Pattern Item dialog that opens, perform the following steps:

  • Select the The property is required option.
  • Select the Must match regexp option.
  • In the edit box for the selected option, specify the regular expression to verify the format of the Employee ID property.
  • Click the icon located next to the edit box and specify the error message that will be shown if an employee ID has an invalid format.

The Add Property Pattern Item dialog

Optionally, specify the minimum and maximum value length for the Employee ID property and provide a template for automatic generation of the property values. When finished, click OK and then click Next.

On how to validate AD object properties by using a script, see Validate/Modify User Input Using a Script.

6 Here, at the Activity Scope page, you need to specify where in Active directory a user must be located or to what groups or Business Units it must belong to be affected by the Property Pattern. Click Add.

Specifying activity scope for the Property Pattern

7 In the Property Pattern Activity Scope dialog, select one of the following items:

  • All Objects - select if you want this Property Pattern to be effective when creating or modifying any user in any AD domain managed by the Adaxes service.

  • Specific Domain - select if you want this Property Pattern to be effective when creating or modifying any user in the AD domain you specify.

  • OU or Container - select if you want this Property Pattern to be effective when creating or modifying any user located under the selected OU or container.

  • Group - select a specific group if you want this Property Pattern to be effective when modifying users that are members of the selected group.

  • Business Unit - select a Business Unit if you want this Property Pattern to be effective when modifying users that are members of the selected Business Unit. To view available Business Units, select the Business Units item in the Look in drop-down list.

    • Viewing Business Units

Select the item you need and click Add. When finished, click OK.

8 The specified activity scope items will be displayed in the Assignments list. Click Finish.

Now, when the Property Pattern is complete, Adaxes will verify that the Employee ID property is always specified for AD users and that the values of this property correspond to the specified regular expression.

Delegating Permissions

Hide Active Directory objects from users
Grant rights to create users
Grant rights to modify account options
Allow managers to manage their teams
Grant rights to modify AD group membership
Grant rights to reset passwords and unlock accounts
Grant rights to create and modify Business Units
Deny rights to delete users
Grant rights to execute Custom Commands
Grant rights to modify specific properties of AD objects
Grant rights to move users between OUs

Automating Daily Tasks

Automate user home directory creation
Relocate home directories after disabling users
Automatically add users to groups by department
Add users to a specific group when they are disabled
Automatically change group membership using scripts
Move newly created users to a specific OU
Request approval for user deletion
Run PowerShell script after creating a user
Automate Exchange mailbox creation for new users
Automate Exchange mailbox configuration
Schedule tasks for AD management
Automatically set profile path for Remote Desktop Services
Send e-mail on adding members to specific groups
Send initial password to newly created users via SMS
Delete inactive computers from Active Directory
Automatically deprovision inactive AD users

Simplifying Data Entry

Auto-populate the company name when creating users
Change template for auto-generating users' full name
Specify list of departments to avoid repetitive typing
Disallow specifying telephones without country code
Make Employee ID a required property & specify its format
Set default account options for creating users
Validate/modify user input using a script
Predefine selection of Exchange mailbox stores
Automatically set account expiration date for new users
Generate initial password on user creation
Automatically set users' address based on their office
Provide custom help and tips for AD object properties

Active Directory Management

View & manage AD objects collectively
Create a Custom Command
Rename multiple AD users with one operation
Reset passwords for multiple users
Import user accounts from a CSV file
Schedule import of users from a CSV file
Modify Remote Desktop Services settings in bulk
Update user account options in bulk
Update multiple AD objects using PowerShell
View AD operations performed via Adaxes
Manage Fine-Grained Password Policies
Configure user deprovisioning

Web Interface Customization

Set custom logo and colors
Customize forms for user creation and editing
Customize Sign-In page and logon name options
Prevent users from viewing the Active Directory structure
Allow/deny access to the Web Interface
Disallow certain operations on Active Directory objects
Customize the Home page
Configure Home page actions
Configure the Active Directory pane
Customize Active Directory search
Put a custom message on the Change Password form
Hide specific Active Directory reports
Disable specific Web Interface components
Select the AD object types to be displayed in the UI
Manage Active Directory objects of a custom type
Configure columns in Active Directory object lists
Allow using templates for user creation
Customize Help and Support links
Create additional Web Interface sites

Self-Service

Configure Password Self-Service
Autoenroll users for Self-Password Reset
Allow users to modify specific properties of their accounts