What's New in Adaxes 2023
- Release date
- November 17, 2022
This release marks a new step in the evolution of Adaxes. The most requested feature on our roadmap, Azure AD management, has arrived. Offline / out-of-office password reset for Mac and a new Web interface configurator are also among the highlights.
The new version can already be considered massive as it is, but we added plenty of other features along the way. Everything comes with a cherry on top – hefty performance improvements.
Here’s more about what’s new in Adaxes 2023.
Azure AD management
You can now manage Azure AD domains in Adaxes, plain and simple.
On-premises AD and Azure AD are fundamentally different, but we did our best to level that difference.
For instance, all automation features like business rules and scheduled tasks work exactly the same for on-premises and Azure AD domains. All cloud and on-premises group memberships of a hybrid user can be viewed next to each other in the same interface. You can finally experience on-premises AD and Azure AD as a single ecosystem.
How Adaxes interacts with Azure AD
When you register an Azure AD domain, Adaxes caches the data from that domain. Afterwards, Adaxes synchronizes just the changes, without performing a full read of your directory every time.
Such an approach avoids throttling from Microsoft APIs, minimizes network traffic, yet allows Adaxes to instantly perform operations and always have relevant information about objects in your Azure AD.
After you upgrade to the new version, built-in reports and overviews will not work with Azure AD domains right away. To replace the existing reports with the updated versions, you will need to restore them to the initial state.
Organizational Units for Azure AD
Some say the absence of Organizational Units in Azure AD is an oversight. So we decided to fix it. Adaxes enables you to organize Azure AD objects into OUs, literally creating a directory structure out of nowhere.
This structure will exist only inside Adaxes and will not affect your Azure AD whatsoever. You can use it to make Adaxes automation more granular, simplify permission assignment, or browse a convenient directory tree in the Web interface with no strings attached.
Offline and out-of-office password reset for Mac
In the previous release, we added a password self-service capability for macOS users. It is time to expand on it and enable those users to reset their passwords when they are offline or out of the office. Mac users who are always on the move will be happy.
New Web interface configurator
The first thing you'll notice about the new configurator is the new design. It's not just a reskin. The configurator remains familiar, but under the hood, it's a new piece of software.
Not only it looks prettier and has new features, but it also works faster. Much faster. We have changed how the Web interface configuration is stored and loaded, which improved the performance tenfold.
Multiple object owners
Active Directory objects can now have multiple owners. These secondary owners can be from anywhere in your environment, even from unrelated domains, even if they are cloud-only objects from Azure AD.
There are some differences between how multiple owners work on-premises and in Azure, and you are encouraged to read about it here.
However, the main principle is the same – within Adaxes, the power of all owners is equal. For example, approval requests sent to Owners of the object can be processed by any owner. Permissions granted to the Owner security principal are granted to all owners equally. You get the idea.
Criteria for object queries
Behold, criteria – a universal and user-friendly mechanism for searching and filtering objects. Criteria replaces LDAP filters for all object queries everywhere within Adaxes.
It is trivial to use compared to LDAP filters. It allows for more elaborate queries. Besides, using criteria in scripts is straightforward. For more details on criteria in scripts, have a look at this article in our SDK.
Don't worry though, we didn't completely get rid of good old LDAP filters. You can still use them inside criteria, but we hope you won't need to. Criteria can do more and can do it better.
Dropped LDAP filter parameter support
The LDAP filter editor parameter in custom commands and reports is gone for good. If anyone was using it, it will be replaced by the Text editor parameter in your existing custom commands and reports.
Web interface enhancements
As usual, an Adaxes update can't be complete without improvements to the Web interface.
Now, all values of multi-valued properties can be displayed in columns in the Web interface.
Values can be expanded into a list with a handy filter. If a value is a distinguished name of an object, you can click on it to navigate directly to that object.
Expanded object visibility settings
You can now specify different visibility rules for different object types (e.g. users, room mailboxes, etc.) without fiddling with LDAP filters several hundred symbols long. Everything is easily done with the help of criteria.
If you can't quite remember where object visibility is configured, here's a tutorial to refresh your memory.
We usually don't make emphasis on performance tweaks, but this improvement deserves its own paragraph. We significantly improved Web interface loading time, especially for distributed setups where Adaxes components are split between different servers.
We also addressed the issues when the initial loading of the Web interface with a complicated configuration took longer than a minute.
Domain part selection for usernames
In the new version, the domain part (UPN suffix) for usernames can be selected from a handy drop-down list.
This was kind of possible in the previous versions with custom attributes and some hacks, but now it's much simpler.
Now, Adaxes automatically identifies all available domain names in your domain. You can then restrict which of those can be used in usernames and which cannot. You can even restrict which domain part a username can have based on the OU where you are creating a new user.
To see for yourself how simple it is – check out this tutorial.
We will never run out of feature requests for the approvals system. So here's what we have in store this time.
Approval requests used to pile up in some environments and considerably slow down Adaxes because of the sheer volume of unprocessed data. We have added a mechanism that will ensure your environment will maintain a healthy number of approval requests in the backlog.
Now, Adaxes issues a warning when the number of pending approval requests exceeds an unhealthy number, 1000 by default, configurable here.
Also, Adaxes automatically deletes pending requests that were created long ago. If your approvers keep forgetting or ignoring requests, you'll know how useful this is. A backlog of thousands of those is never happening again.
After you upgrade to the new version, all pending approval requests older than 365 days will be deleted at 1:00 AM (in the time zone of the computer where the Adaxes service is installed). If you need to keep dated approval requests, you can extend the retention period or disable the feature.
Disable approval notifications
You can now completely disable email notifications for approval requests. Can be helpful if you configured custom notifications (e.g. using the Send email notification action), and would like to prevent Adaxes from sending the default template as well.
Windows 11 support for Administration console
Adaxes Administration console now feels at home on Windows 11. All menu items and other visual elements are now aligned with Windows 11 style, but it's not just about the UI. The console has been thoroughly tested on the latest Windows release, so you can be sure unexpected issues don't pop up.
New custom properties
This time, we not only increased the number of custom properties but also added a new custom property type.
Properties for storing directory objects
Adaxes now has custom properties for storing directory objects, CustomAttributeObject1..15 and CustomAttributeObjectMultiValue1..5. The standard set of such DN properties in Active Directory was never enough, and we figured out it's time to expand it.
Besides simply referencing related objects, you can use these properties to implement sophisticated workflows. For example, you can allow selecting several groups on the user creation form, and the new user will automatically receive Send As permissions for those groups.
Many more calculated properties
We have also added a bunch of new calculated properties that simplify obtaining property values of certain objects. For instance, sending automated emails to the user's secretary or assistant can now be done without scripts.
You can find a detailed list of all calculated properties in this article. For those wondering which ones are new, here's a short version.
New calculated properties
Display names for managed domains
Now, domains managed in Adaxes can have user-friendly display names.
If you manage many domains with similar names, you can make it easier to differentiate between them. Your users will appreciate the change when they browse the directory in the Web interface.
Converting Exchange Online mailboxes that are being created
Adaxes has a mechanism where it waits until a mailbox is created in Exchange Online before applying any modifications, sending emails to it, etc. In this release, we have implemented the same mechanism for converting mailboxes.
For example, you can now assign an Exchange Online license to a user, convert the mailbox to shared, and then revoke the license in the same business rule.
New formatting options for value references
Value references for email-format properties and DN properties now have additional formatting options. For example, you can grab only the domain part from the username like so: %username:format[domain]%. For more details, have a look at the updated Value references article.
- It is now possible to reset room mailbox passwords in the Web interface using a dedicated Reset password operation.
- Default column settings of Members and Member Of sections on object views can now be individually configured for each section.
- Language and date format for new entries in the general log can now be manually set.
- The tree view in the Web interface configurator now has a filter field that helps locate objects quickly.
- You can now specify unique criteria for different object types in the membership rules of rule-based groups. Also, the criteria can be copied between membership rules.
- Password spell out settings and password generation settings are now shared between all Adaxes services in a multi-server environment. Also, these settings are now included in the configuration backup.
- Now, any character can be used in mobile numbers when sending SMS messages.
- All Adaxes assemblies are now cryptographically signed for security purposes.
- Room mailboxes now have the Manager field on the Organization tab in Adaxes Administration console, just like user accounts do.
- When Country is updated via cmdlets from Adaxes PowerShell module, related properties like Country Code and Country Name are automatically updated as well.
- Opening the base URL of Adaxes REST API in a web browser will lead you directly to REST API documentation on our website.
- Password self-service client now uses operating system colors.
- Calculated properties adm-ManagerDisplayName, adm-ManagedByDisplayName, and adm-MemberDisplayName now return the object's name if the requested display name is empty.
- Added more custom text properties, adm-CustomAttributeText41..50.
Changes to how Adaxes handles usernames
In this release, we are introducing changes to how Adaxes handles usernames. It is highly unlikely that you will need to update anything in your configuration to accommodate for these changes. Just keep them in mind for any workflows you create in the future. We did our best to make the transition completely painless.
Adaxes now considers User Principal Name and not sAMAccountName the main property for usernames. This means several things.
- By default, property patterns now generate sAMAccountName from User Principal Name, not the other way around like before.
- Default forms and views now have User Principal Name listed above sAMAccountName.
- The %username% value reference alias now refers to the User Principal Name property instead of sAMAccountName. This value reference resolves without the domain part by default, e.g. j.smith. Essentially, it will resolve into the same value but obtained from another property.
- Now, when the User Principal Name property is built from value references, Adaxes automatically removes invalid characters from it.
There are some known issues in this release. Some of them are beyond our power to fix, and others will be fixed in the next release. The detailed list can be found in our Q&A, and here is the summary.
- Currently, users from Azure AD domains cannot log in to Adaxes Web interface and Administration console.
- Password self-service is not available for users from Azure AD domains.
- Management of password policies is not supported for Azure AD.
- Adaxes clients (i.e. Web interface, Administration console) of previous versions do not work with Adaxes service version 2023.
- SMTP aliases and email addresses of unified groups in Azure AD can't be updated via Adaxes.
- Some reports related to Exchange do not support Exchange Online.
- Microsoft 365 group properties allowExternalSenders and autoSubscribeNewMembers cannot be updated using Adaxes.
- User photos in Azure AD cannot be deleted via Adaxes.