Change configuration parameters
Configuration parameters let you fine-tune certain internal mechanisms of Adaxes. For example, you can change the timeout for script execution and the frequency of Microsoft 365 tenant data update.
To change the value of a specific parameter, execute the following script in Windows PowerShell on a computer where any Adaxes component is installed. In the script:
-
$serviceHost – the host name of the computer where the Adaxes service is installed.
-
$parameterName – the name of the configuration parameter.
-
$parameterValue – new parameter value. To reset the value to default, specify
$null.
Only Adaxes service administrators have the rights to change configuration parameters.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$serviceHost = "localhost"
$parameterName = # See below
$parameterValue = # See below
# Connect to the Adaxes service.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)
# Prompt for credentials.
$credential = Get-Credential
# Bind to the 'Configuration Set Settings' container.
$path = $service.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
$settings = $service.OpenObject($path, $credential.UserName,`
$credential.GetNetworkCredential().Password, 0)
# Change parameter value.
$settings.FromJson($parameterName, ($parameterValue | ConvertTo-Json))
List of parameters
Here is the list of all available configuration parameters and their default values.
| Parameter name | Description | Default value |
|---|---|---|
| Adsi.ShowServerInErrorMessages | Show or hide server names in error messages | false |
| Adsi.ScriptExecutionTimeout | Script execution timeout | 60000 |
| Adsi.PasswordSpellOut | Password spell out settings | See parameter details |
| Adsi.PasswordGenerationSettings | Password generation settings | See parameter details |
| Approvals.PendingRequestsWarningThreshold | Display a warning if the number of pending approval requests reaches the threshold | 1000 |
| Approvals.StampApproversPeriod | Frequency of updating pending approval requests with the list of approvers | 00:10:00 |
| Group.UpdateMembershipCancellationPeriod | Group membership update timeout | 00:10:00 |
| Logging.SqlQueryTimeout | Timeout for loading log records | 30 |
| O365.UpdateTenantDataPeriod | Frequency of Microsoft 365 tenant data update | 03:00:00 |
| O365.StampExchangePropertiesPeriod | Frequency of Exchange Online recipient cache update | 03:00:00 |
| O365.IgnoreExchangeServices | Ignored Exchange services | See parameter details |
| O365.GraphApiAppId | Application ID for Microsoft Graph API | 1b730954-1685-4b74-9bfd-dac224a7b894 |
| O365.ExchangeOnlinePSAppId | Application ID for Exchange Online | a0c73c16-a7e3-4564-9a95-2bdf47383716 |
| O365.SuppressDirSyncedPropsUpdateWarnings | Show or hide warnings when updating objects synced with Microsoft 365 | false |
| O365.SyncExternalResourcesCoefficient | The ratio between the frequency of Microsoft Entra ID synchronizations and external resource synchronizations | 10 |
| Reports.GenerationTimeout | Report generation timeout | 00:10:00 |
Adsi.ShowServerInErrorMessages
Specifies whether the name of a domain controller that was used to perform an operation will be included in error messages.
To show server names in error messages, set the parameter value to $true, or set it to $false to hide them. For example:
$parameterValue = $true
Adsi.ScriptExecutionTimeout
Specifies the timeout (in milliseconds) for running PowerShell scripts and external programs. The default value is 600000 (10 minutes).
To change the timeout, specify the new parameter value in milliseconds. For example:
$parameterValue = [Timespan]::FromMinutes(15).TotalMilliseconds
Adsi.PasswordSpellOut
Specifies the phonetic alphabets that are used for password spell out.
For details, see Customize password spell out.
Adsi.PasswordGenerationSettings
Specifies the password generation parameters.
For details, see Change password generation parameters.
Approvals.PendingRequestsWarningThreshold
Specifies the number of pending approval requests that is deemed unhealthy. If the threshold is reached, Adaxes will display a warning in the Administration console and Web interface (if the Adaxes notifications component is enabled). Set the parameter to 0 to disable the warning.
To change the threshold, specify the new threshold as the parameter value:
$parameterValue = 200
Approvals.StampApproversPeriod
Specifies how frequently (in minutes) Adaxes should update all pending approval requests with the list of their current approvers. This process facilitates searching for pending approval requests of specific users and viewing own approval requests in the Web interface. The default value is 10.
To change how frequently approvers are stamped, specify the new parameter value as a TimeSpan. For example:
$parameterValue = [TimeSpan]::FromMinutes(7).ToString()
Group.UpdateMembershipCancellationPeriod
Specifies the timeout (in minutes) for updating the members of rule-based groups. If any group in your configuration has many complicated rules and not all members are added/removed in time, you can increase the timeout. The default value is 10.
To change the timeout, specify the new parameter value as a TimeSpan. For example:
$parameterValue = [TimeSpan]::FromMinutes(15).ToString()
Logging.SqlQueryTimeout
The timeout (in seconds) for loading log records from an external logging database. The default value is 30.
To change the timeout, specify the new parameter value in seconds. For example:
$parameterValue = 45
O365.UpdateTenantDataPeriod
Specifies the frequency of Microsoft 365 tenant data cache update. The default value is 3 hours.
To change the update frequency, specify the new parameter value as a TimeSpan. For example:
$parameterValue = [TimeSpan]::FromHours(2).ToString()
O365.StampExchangePropertiesPeriod
Specifies the frequency of Exchange Online recipient cache update. The default value is 3 hours.
To change the update frequency, specify the new parameter value as a TimeSpan. For example:
$parameterValue = [TimeSpan]::FromHours(2).ToString()
O365.IgnoreExchangeServices
Specifies the list of Microsoft 365 services that contain the word Exchange in their name but do not provide an Exchange Online mailbox. Adaxes will not enable remote mailboxes when such services are assigned to a user.
To change the parameter value, first, get the current list of ignored services, and then add new services as required.
# Get parameter value.
$parameterValue = $settings.ToJson("O365.IgnoreExchangeServices") | ConvertFrom-Json
# Add new service.
$parameterValue = ($parameterValue += "My_Service") | select -Unique
# Save parameter value.
$settings.FromJson("O365.IgnoreExchangeServices", ($parameterValue | ConvertTo-Json))
O365.GraphApiAppId
Specifies the application identifier Adaxes uses for authentication in Microsoft Graph API. By default, the well-known Graph API PowerShell client ID is used.
To change the identifier, specify the new identifier as a string. For example:
$parameterValue = "1b730954-1685-4b74-9bfd-dac224a7b894"
O365.ExchangeOnlinePSAppId
Specifies the application identifier Adaxes uses for authentication in Exchange Online. By default, the well-known Exchange Online PowerShell Microsoft Entra application ID is used.
To change the identifier, specify the new identifier as a string. For example:
$parameterValue = "a0c73c16-a7e3-4564-9a95-2bdf47383716"
O365.SuppressDirSyncedPropsUpdateWarnings
Specifies whether to display a warning that the properties of a synced object will be modified in Microsoft 365 only after synchronization takes place.
To suppress such warnings, set the parameter value to $true. To display them, set it to $false. For example:
$parameterValue = $true
O365.SyncExternalResourcesCoefficient
In Microsoft Entra domains, some attribute values (e.g. birthday, user picture) have to be fetched from external resources. This can take a long time since querying these resources is performance-intensive. Moreover, the values of such attributes rarely change, so there is no need to synchronize them as often.
This configuration parameter specifies the ratio between the frequency of Microsoft Entra ID synchronizations and external resource synchronizations. For example, if Adaxes is configured to synchronize Microsoft Entra ID data every minute, the ratio of 10 will mean external resources are synchronized every 10 minutes.
To change the ratio, specify the new number as the parameter value:
$parameterValue = 15
Reports.GenerationTimeout
Specifies the timeout for generating reports. The default value is 10 minutes.
To change the timeout, specify the new parameter value as a TimeSpan. For example:
$parameterValue = [TimeSpan]::FromMinutes(1).ToString()
View current settings
To view the current value of a specific configuration parameter, use the following script. In the script:
-
$serviceHost – the host name of the computer where the Adaxes service is installed.
-
$parameterName – the name of the configuration parameter.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$serviceHost = "localhost"
$parameterName = "Adsi.ScriptExecutionTimeout"
# Connect to the Adaxes service.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)
# Prompt for credentials.
$credential = Get-Credential
$path = $service.Backend.GetConfigurationContainerPath("ConfigurationSetSettings")
# Bind to the 'Configuration Set Settings' container.
$settings = $service.OpenObject($path, $credential.UserName,`
$credential.GetNetworkCredential().Password, 0)
# Display parameter value.
$value = $settings.ToJson($parameterName) | ConvertFrom-Json
$value