Active Directory management & automation

Tutorials

Configure the Active Directory Pane

The Active Directory pane located on the Home page of the Active Directory Web Interface can be configured to display either managed Active Directory domains or specific Active Directory objects. The latter option enables users to access objects located deeply in the Active Directory structure without having access to the structure itself.


For example, to allow users to subscribe and unsubscribe from specific distribution lists by themselves, you can configure the Active Directory pane to display the distribution lists you need in the Web Interface for self-service. In this case, users will be able to access these objects, even if they don't have permissions to view their parent Organizational Units or containers. Users won't even have to know where in the Active Directory the distribution lists are located.

For details on how to disallow users to view the Active Directory structure, see Hide Active Directory Objects from Users.

Also, the Active Directory pane can significantly speed up users' access to frequently used Active Directory objects, as all objects they need are placed right on the Home page.

If a user doesn't have rights to view an Active Directory object, this object will not be displayed in the Active Directory pane for this user.

In this tutorial, you will learn how to customize the Active Directory pane to display specific Active Directory objects and how to organize the objects located in the Active Directory pane into groups.

On the computer, where the Web Interface is installed, start the Web Interface Customization tool.


In the Interface type drop-down list, select the Web Interface you want to configure.



Activate the General tab and click Configure Active Directory Pane.



Select the Show the following Active Directory objects option.

To add an object to the Active Directory pane, do the following:
  • Click the Add button located on the right side of the dialog.
  • Specify the DN (Distinguished Name) of the Active Directory object you want to add.
  • Click OK.
To get the DN of an Active Directory object:
  • Launch the Adaxes Administration Console.
  • Right-click the object you need.
  • In the context menu, open the submenu of the Copy item.
  • Click Copy DN. The DN of the selected Active Directory object will be copied to the clipboard.
The Active Directory pane can also display Business Units and Active Directory domains. You can get the DN of a Business Unit or managed Active Directory domain in the same way as you get DNs of Active Directory objects.

The objects located in the Active Directory pane can be organized into groups.


To add a group to the Active Directory pane, do the following:
  • Click the Add Group button located on the right side of the dialog.
  • Type a name for the group.
  • Press Enter.
To add an object to the group:
  • Select the group.
  • Click the Add button located on the right side of the dialog.
  • Specify the DN (Distinguished Name) of the Active Directory object you want to add.
  • Click OK.
Groups and objects within a group are displayed according to their order in the list. To change the order of groups and objects, use Move Up and Move Down buttons.

When finished, click Apply.
There is no need to restart IIS to apply the changes, as the changes are applied automatically.

Delegating Permissions

Hide Active Directory objects from users
Grant rights to create users
Grant rights to modify account options
Allow managers to manage their teams
Grant rights to modify AD group membership
Grant rights to reset passwords and unlock accounts
Grant rights to create and modify Business Units
Deny rights to delete users
Grant rights to execute Custom Commands
Grant rights to modify specific properties of AD objects
Grant rights to move users between OUs

Automating Daily Tasks

Automate user home directory creation
Relocate home directories after disabling users
Automatically add users to groups by department
Add users to a specific group when they are disabled
Automatically change group membership using scripts
Move newly created users to a specific OU
Request approval for user deletion
Run PowerShell script after creating a user
Automate Exchange mailbox creation for new users
Automate Exchange mailbox configuration
Schedule tasks for AD management
Automatically set profile path for Remote Desktop Services
Send e-mail on adding members to specific groups
Send initial password to newly created users via SMS
Delete inactive computers from Active Directory
Automatically deprovision inactive AD users

Simplifying Data Entry

Auto-populate the company name when creating users
Change template for auto-generating users' full name
Specify list of departments to avoid repetitive typing
Disallow specifying telephones without country code
Make Employee ID a required property & specify its format
Set default account options for creating users
Validate/modify user input using a script
Predefine selection of Exchange mailbox stores
Automatically set account expiration date for new users
Generate initial password on user creation
Automatically set users' address based on their office
Provide custom help and tips for AD object properties

Active Directory Management

View & manage AD objects collectively
Create a Custom Command
Rename multiple AD users with one operation
Reset passwords for multiple users
Import user accounts from a CSV file
Schedule import of users from a CSV file
Modify Remote Desktop Services settings in bulk
Update user account options in bulk
Update multiple AD objects using PowerShell
View AD operations performed via Adaxes
Manage Fine-Grained Password Policies
Configure user deprovisioning

Web Interface Customization

Set custom logo and colors
Customize forms for user creation and editing
Customize Sign-In page and logon name options
Prevent users from viewing the Active Directory structure
Allow/deny access to the Web Interface
Disallow certain operations on Active Directory objects
Customize the Home page
Configure Home page actions
Configure the Active Directory pane
Customize Active Directory search
Put a custom message on the Change Password form
Hide specific Active Directory reports
Disable specific Web Interface components
Select the AD object types to be displayed in the UI
Manage Active Directory objects of a custom type
Configure columns in Active Directory object lists
Allow using templates for user creation
Customize Help and Support links
Create additional Web Interface sites

Self-Service

Configure Password Self-Service
Autoenroll users for Self-Password Reset
Allow users to modify specific properties of their accounts