Adaxes provides rule-based automation for Active Directory, Exchange and Microsoft 365. It allows executing sets of operations that are governed by if/else conditions before or after certain events in AD. So, for example, after the department of a user is changed, Adaxes can then automatically update the user’s group membership and send an email notification to the user’s manager, following the rules you define.
Using condition-based rules you can automate the entire user provisioning process. Once a new user account is created in Active Directory, Adaxes will automatically execute the rest of onboarding procedures for you: moving the user account to a correct OU, adding it to necessary groups, creating and configuring an Exchange mailbox, assigning Microsoft 365 licenses, enabling the user for Skype for Business, creating and sharing a home folder, sending a welcome email, etc. Similarly to that, you can also automate all operations associated with user updates. Finally, when a user is terminated, Adaxes can automatically execute all the provisioning operations in reverse, ensuring instant and errorless offboarding.
Adaxes Web Interface allows performing Active Directory management via a standard web browser. It features a modern responsive design, so users can access it on their laptops, tablets, phones or any other devices. You can set up different Web Interfaces specifically tuned for the needs of different job roles, like administrators, help desk, HR, managers and others, giving them a clean and intuitive way to access the tasks they need. Adaxes Web Interface also incorporates Exchange and Microsoft 365 management, so users get a single console without the need to learn and use multiple tools for their day-to-day routines.
The Adaxes Web Interface is fully customizable, so you can configure it to have the exact views, forms and operations that each user needs. For example, administrators can have a full set of management activities in Active Directory, Exchange and Microsoft 365 across the entire environment, whereas managers can be set to view just their subordinates and only be able to update their group membership, assign Microsoft 365 licenses and change certain AD properties.
Adaxes Web Interface can act as a self-service portal for regular users. You can granularly specify, which operations they have access to, like updating their personal info, changing their own password, searching Active Directory, managing own group membership, updating Microsoft 365 licenses, etc.
Adaxes Password Self-Service allows users to reset forgotten passwords and unlock accounts by themselves. To do that they need to go through a simple identity verification procedure that may involve answering security questions, SMS verification, using authenticator apps like Google Authenticator, Authy and others. Self-password reset can be accessed from the computer login screen (Windows and macOS), Adaxes Web Interface, or it can be integrated into your own portal.
Adaxes Self-Password Reset also works for users who are offsite or offline. Normally, when they forget their password while working away from company’s premises, e.g. from home or on a business trip, the only way to log in again is to come back to the corporate network, even if help desk did reset their password in AD. But with Adaxes they can go through a standard password-reset procedure, as if they were on-prem, with no VPN required. After that Adaxes updates the local credentials cache on the laptop and allows users to simply log in with their new password, no matter where they are.
Adaxes automates Exchange mailbox management both on-premises and in Microsoft 365. For example, after creating a new user account in Active Directory, Adaxes can automatically create an Exchange mailbox for the user. The database distribution of mailboxes can be done based on the first letter of the users’ surname, least number of mailboxes in the DB, the round-robin method, etc. Adaxes can then configure the mailbox, e.g. modify storage quotas or enable mailbox features like Unified Messaging or Archiving.
Adaxes also allows manually managing Exchange mailboxes from the Web Interface. This way there’s no need for the users to switch between multiple consoles during their day-to-day management activities.
Adaxes can automatically assign and revoke Microsoft 365 licenses using condition-based rules. For example, when a new user is created in Active Directory, Adaxes can activate an account in Microsoft 365 for the user and assign the necessary M365 licenses according to the rules you define. Different licenses can be assigned to different users based on their job title, department, location, etc.
Users can also manually manage Microsoft 365 licenses and configure Exchange Online mailboxes via the same Adaxes Web Interface they use for Active Directory management.
As a part of automated provisioning procedures, Adaxes allows you to enable new users for Skype for Business and assign the required policies to them. Also, when users are terminated, Adaxes can automatically disable their accounts for Skype for Business along with other offboarding operations.
Adaxes introduces Role-Based Access Control for Active Directory, Exchange and Microsoft 365. In a role-based delegation model, instead of assigning permissions to users, they are assigned to roles that correspond to actual job functions. So, when you need to change privileges for all users with the same job function, all you need to do is modify the permissions of the associated role. Assigning roles to users is done in a centralized manner, allowing you to easily control, who can do what and where.
With role-based delegation you can granularly specify, which parts of Active Directory are visible to users. For example, you can allow certain users to only view AD objects located in their own OU, while hiding the rest of the Active Directory structure from them.
Adaxes allows you to add an approval step to practically any operation in Active Directory, Exchange and Microsoft 365. For example, you can delegate user creation to HR, but after they fill in the form and click Create, Adaxes can suspend the operation and only proceed once a member of IT staff reviews and approves it. For more complex and security sensitive scenarios, you can set up multi-level approvals. Such approach allows delegating more tasks to lower level staff without taking the risk of losing control over them.
Adaxes allows enforcing corporate data standards in your Active Directory environment. It enables you to put format restrictions on certain properties of AD objects. For example, you can make the Employee ID to always have two capital letters and five digits. To make sure that fields like Description are never left empty, you can mark them as required. Also, you can limit properties like Department or Office to only have one of the predefined values and provide them as drop-down lists. This way you can keep your AD data consistent and minimize any human-factor mistakes.
All operations performed via Adaxes are logged, so you can always see, who did what when and from which host. The logs are presented in a human-readable format with convenient filters, making it easy to view them and find any specific operations. If you have a centralized log collection system, Adaxes can be integrated with it using the Syslog protocol. Also, you can create reports based on Adaxes logs. For example, managers can get a weekly report on their subordinates’ activity for the past 7 days.
Adaxes comes with reporting capabilities, allowing you to monitor and analyze what’s going on in your environment. Out of the box you get more than 200 reports, which should cover the majority of your requirements. For more demanding scenarios Adaxes also provides various ways to create custom reports, including using your own scripts. It enables you to create reports of practically any complexity that can be specific to your organization's needs. To deliver reports to users Adaxes supports centralized scheduling and also provides a self-scheduling option, allowing users to choose by themselves, which reports they want to receive and when.
Adaxes also brings report overviews that combine charts from multiple reports and present them in a single view. By default, you are provided with built-in report overviews, such as Risk Analysis, AD Cleanup, Exchange, etc. but you can also create your own ones by combining charts from the reports of your choice.
Adaxes enables you to automate the membership of your AD groups by making them rule-based. You can establish membership rules for any security or distribution group, and Adaxes will manage its members for you. For example, you can configure a group to include users with the word Supervisor or Manager in their job title, but only if their account is enabled. Of course, membership rules can be more complex, to accommodate any membership logic.
From the Active Directory point of view, rule-based groups are no different from any other group. You can use them to delegate permissions, apply GPOs, distribute emails, i.e., accomplish everything you can with ordinary groups. Using rule-based groups, you can eliminate the need to manage group members manually and ensure that objects in your AD always have correct group membership.
Business Units are collections of Active Directory objects governed by rule-based membership. For example, a Business Unit can combine all users from a specific department that are spread across different OUs, domains and forests. Business Units can be arranged into folders, which enables you to create alternative hierarchies of Active Directory objects. For example, you may have geo-based OUs and at the same time arrange users into Business Unit based on their department. It is particularly useful if you have a multi-domain environment, as you can create a single virtual structure of Business Units for it. You can then allow users to browse your Business Units hierarchies instead of showing them the actual Active Directory structure.
Business Units can also be used when applying automation rules, scheduled tasks, permissions, etc. For example, you can allow your help desk team to reset passwords for all users from the Sales department or for all users whose Employee ID starts with a ‘1’, no matter where in AD those users are located.
With Custom Commands users can launch complex multi-step operations in one go. For example, if you need to send a user on vacation, you can do it with just one click in the Web Interface. The operation can include steps like disabling the user account, adding it to a corresponding group, sending a notification to the user’s manager, etc. Such approach allows you to delegate complicated tasks to users and not worry that they will miss a step or do something wrong. Besides, you don’t over-privilege them, as you only give out permissions to execute the Custom Command as a whole, not the individual steps it consists of. Administrators can also use Custom Commands in their day-to-day routines to make the management process simpler and accomplish same results with a lot less clicks.
Custom Commands can also be used to run your own scripts straight from the user interface. You can even delegate the execution of scripts to non-technical staff, presenting it like yet another one-click operation for them. Additionally, with Custom Commands you get centralized storage and management of all your scripts.
Adaxes allows you to automate various routine management tasks by scheduling them. For example, it can automatically deprovision inactive accounts in AD, allocate users to necessary groups, maintain OU structure, etc. You can also schedule tasks like importing new users from CSV. Automating such a sensitive operation doesn’t mean that you need to sacrifice any control, as you can add an approval step to it. This way users will be created in AD only after a member of IT staff reviews and approves the operation. You can also use scheduled tasks to send various notifications to users, like reminders about their password or account expiration.
Adaxes provides a single administration environment for all your Active Directory domains as well as Exchange and Microsoft 365, reducing the number of tools that administrators need to use in their daily routines. It significantly simplifies the management process by enabling admins to execute bulk operations on AD objects from different domains and forests, running complex multi-step operations with single-click commands, integrating custom scripts into automated workflows, etc. It also gives them tools to control and monitor your AD environment, like centralized delegation of permissions, approval-based workflows, Active Directory reports, comprehensive operation logs and more.
Adaxes provides a single management and administration environment for multiple Active Directory domains that can be located in different forests and can have no trust relationships between them. This way all the automation rules, scheduled tasks, enforced data standards, etc. are applied across your entire AD environment in a unified manner. Adaxes also enables centralized delegation of permissions across the managed domains. For example, you can allow your help desk team to reset passwords for all users from the Sales department, no matter which domains or forests they are located in.
Adaxes provides load balancing capabilities by leveraging multiple Adaxes services and distributing the load across them. It comes with high availability, i.e. in case of a failure of one of the services, users are automatically switched to another one available. In case your environment has multiple locations, you can also distribute multiple Adaxes services across them. This way users will be automatically connected to the nearest service to them, which helps to minimize latency and optimize network resources.
Adaxes provides several APIs that facilitate integrations with external systems. The APIs enable you to programmatically access Adaxes functionality, meaning you can seamlessly fuse it with your existing environment. For example, your HR system that supports such integration can send calls to Adaxes, which will trigger user creation in Active Directory along with the rest of onboarding procedures, like creating an Exchange mailbox, assigning Microsoft 365 licenses, etc. Adaxes offers a REST API, supports the SPML 2.0 protocol, and allows you to take advantage of the ADSI provider to develop advanced integrations using any COM-based language like C++ or C#. For more details, see Adaxes SDK.
Adaxes comes with its own PowerShell module, which allows managing Active Directory from the command line. The cmdlets it provides are similar to the AD PowerShell module by Microsoft, so you get a familiar user experience, but at the same time you can take advantage of all the Adaxes features, like automation rules, approvals, data standards, etc. For example, when you use the New-AdmUser cmdlet to create a new user in Active Directory, Adaxes then automatically adds the account to necessary groups, moves it to a correct OU, assigns Microsoft 365 licenses and executes all the other onboarding procedures according to your rules.