Day-to-day directory management involves many multi-step procedures that can take a lot of time and effort to execute. Adaxes significantly simplifies such activities with the help of Custom Commands, which transform any sequences of operations into one-click actions irrespective of their complexity and the number of steps involved. Such approach makes administration easier and quicker for the IT staff and even allows delegating complicated tasks to users and not worry that they will miss a step or do something wrong.
Some operations within Custom Commands can be executed only if certain conditions are met. It allows carrying out different sets of actions depending on the property values of AD objects, their location, group membership or any other criteria.
One of the most common scenarios where a Custom Command can be useful is user offboarding. Instead of manually executing all the operations required for terminating a user, like disabling the account, resetting the user’s password, revoking Microsoft 365 licenses and others, you can do all that with just one click. Adaxes even provides the Deprovision Custom Command, which is available straight out of the box.
Custom Command for user offboarding
Parameters for Custom Commands
Custom Commands can also have parameters, which allows you to vary the execution process depending on the user input. This means that you can execute different sets of actions depending on the provided parameter values or use parameters in the actions themselves.
For example, you can give your HR staff a Custom Command that executes operations required to send users on vacation. When initiating the command, HR managers can then be asked to enter a return date for the user, which can be used to set the Out-Of-Office message, and to decide whether to disable the user account by checking a corresponding checkbox.
Using Scripts with Custom Commands
Custom Commands can also be used to run your own scripts straight from the user interface. This means you no longer need to switch to the command line to accomplish custom operations and you can even delegate the execution of scripts to non-technical staff, presenting them to users as just another one-click action. As an additional benefit, Custom Commands can serve as a centralized place to store and manage all the scripts you need for day-to-day administration.
Delegation of Custom Commands
Adaxes allows you to granularly control which users can execute which commands on which objects. For example, IT staff can have access to all the Custom Commands, whereas help desk, managers, regular users, and others can see only the commands they need for their specific job duties.
To delegate a Custom Command to users all you need to do is assign a single permission to execute a particular command and nothing more. You don’t need to grant rights to run every single step included in the procedure, which significantly reduces the risk of over-privileging your users.
Delegating permissions to execute Custom Commands
Delegating certain tasks often requires additional control, for example, you might not want to execute the Deprovision command on any user accounts before an administrator reviews and approves it. This can be achieved by simply adding an approval step to the corresponding Custom Command.
Custom Commands in Automated Workflows
If the same set of actions needs to be executed in multiple automated workflows, you can share the logic between them by putting those actions in a Custom Command. For example, you can create a command that allocates users to OUs according to your policies and automatically execute it after creating new users, after updating existing accounts and on a regular basis.
Sharing logic between multiple Business Rules and Scheduled Tasks
If at some point any of your policies change, all you need to do is edit a single Custom Command and the modifications will automatically apply to all the Business Rules and Scheduled Tasks it’s a part of.
So, at the end of the day, Custom Commands are a powerful tool to simplify everyday management for both technical and non-technical users, making complex multi-step management procedures more comprehensive, less prone to all sorts of errors and much easier to handle.