We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

What's New in Adaxes 2023.2

Release date
May 8, 2023

In this release of Adaxes, we focused on improving the stability and user experience of several key Adaxes components. Besides polishing the rough edges, we also squeezed in some features that were frequently requested.

Read on to find out what Adaxes 2023.2 has in store for you.

EXOv3 module for Exchange Online

In the new version, Adaxes no longer relies on PowerShell remoting for performing operations in Exchange Online. Following the announced deprecation of PowerShell remoting by Microsoft, we have transitioned to using the latest EXOv3 PowerShell module.

Besides being fully prepared for the deprecation, you can now disable basic authentication in WinRM on the computer where the Adaxes service is installed. This feature was also added to Adaxes 2023, 2021.1, and 2020.1.

The CreateExchangeOnlinePSSession method in Adaxes is now deprecated. After upgrading to the new version, you will need to switch the connection method in your scripts to ConnectExchangeOnline.


Your current scripts that rely on CreateExchangeOnlinePSSession to connect to Exchange Online will continue working as before in the new Adaxes version. However, they will stop working when Microsoft blocks the RPS connection for your tenant – this can happen at any time in June 2023, according to Microsoft. We recommend updating such scripts as soon as possible after upgrading Adaxes.

Here's a sample script from our repository that connects to Exchange Online via the new ConnectExchangeOnline method.

Also, using the Connect-ExchangeOnline and Disconnect-ExchangeOnline cmdlets is now prohibited in scripts executed within Adaxes. If you have any scripts that use these cmdlets, they have to be updated to use ConnectExchangeOnline as well.

Web interface enhancements

If you expect to see Web interface enhancements in every release, you will never be disappointed. This time, we improved how automatic sign out works and added flexibility to several existing features.

Automatic sign out

Now, inactive users will be signed out from the Web interface when the timeout is reached, even if they didn't close the browser tab. Adaxes no longer refreshes the authentication token if the user is not directly interacting with the Web interface page.

As a reminder, here's how to configure authentication session timeout.

You can now customize the click-to-call hyperlinks for phone number properties on object views. It can be helpful to ensure that the links are always opened in the right application when a user clicks them.

Restricting allowed email address types

It is now possible to restrict which email address types are visible in the Exchange properties section in the Web interface. For example, you can allow displaying only SMTP addresses, but hide SIP, X500, and other types.

Adding members only from specific containers

Members and Member Of sections on object views can now be configured to allow adding new members or selecting groups only from a specific Organizational Unit or container.

Criteria enhancements

The first-ever criteria improvements since its introduction in Adaxes 2023 are directed towards its usability for quick everyday searches.

Search history

Your recent search history is now preserved in the Administration console.

If you perform many similar searches throughout the day, you no longer have to dial in complex criteria every time – just pick something from the search history and tweak it a bit.

Simple and advanced search tabs

The simple and advanced search tabs found their way back into the Administration console. They feel the same, except they now work with criteria under the hood. This means you now have the best of both worlds – the familiar UI for everyday search queries, and the ability to search for objects in your Azure AD domains.

Assorted improvements and bug fixes

This release contains a lot, and we mean a lot of improvements and fixes that, sadly, don't deserve their own paragraph. We did our best to group them so that everything makes sense.

Web interface

  • Made the behavior of quick search consistent with previous versions when a wildcard character (*) is used in the search query.
  • The Managed By (Primary) property is no longer forcefully displayed under the Additional Properties section if the property is required but absent from the creation form.
  • Improved Web interface performance when fetching the operations that the signed-in user is allowed to perform.
  • Now, when an authentication token for the Web interface configurator expires due to inactivity, Adaxes redirects the user to the sign-in page instead of displaying the The provided authentication token is either expired or invalid error.
  • When selecting objects from a list, Adaxes now hides objects that have already been selected. Web interface configurator only.
  • The Web interface no longer reconnects to a different Adaxes service when the web page is refreshed.
  • Exchange operations specific to on-premises Exchange are no longer shown when selecting multiple users in the Members section if the domain has no on-premises Exchange.
  • Fixed the Unable to cast object of type 'System.String' to type 'Softerra.Adaxes.Models.DirectoryObjectKey error that prevented saving changes in the Web interface configurator. The error occurred if any form contained a predefined value for a DN property, but value references were not used in that template.
  • Fixed the issue where the GUID of a mailbox was displayed in the Forward to field if the mailbox Exchange properties have never been viewed by any user.
  • Fixed the Cannot read properties of undefined (reading 'commonCriteria') error that occurred when resetting the Common Sign In Web interface configuration to default.
  • Fixed the issue that made it impossible to use the Group members membership rule in rule-based groups from Azure AD domains.
  • Fixed the issue that caused the is empty / is not empty operators to work incorrectly when using the Advanced search.
  • Fixed the issue where all managed domains were displayed when selecting where to create a new object, even if the user didn't have the permissions to view some domains.
  • Fixed the issue where an Azure AD domain would not be displayed on the home page and would be impossible to browse if it was the only domain registered in Adaxes.
  • Fixed the bug that made it impossible to select a domain as a target of a custom command in the Web interface.
  • Fixed the issue that caused the report charts to count objects that fit the report criteria but are not allowed to be displayed in the Web interface.
  • Fixed the issue where some operations in the Members section in the Web interface were not displayed if more than 20 users were selected.
  • Fixed the issue that caused business units to sometimes not be displayed on content panes.
  • Fixed the issue where a predefined value of Anytime for logon hours would not be saved when saving changes in the Web interface configurator.
  • Fixed the issue where the Create and Create mailbox operations were not displayed if they were the only enabled operations in the Web interface.
  • Fixed the issue where the default Web interface selection settings for the Common Sign In page had no effect if the Remember the last selected Web interface option was disabled.
  • Fixed a visual bug in the date editor in the Web interface configurator.
  • Fixed the issue that made it possible to use an invalid value reference for the Exchange Alias predefined field.
  • Fixed a visual bug in the Web interface that occurred when the My Managed objects content pane was grouped by any property.
  • Fixed the issue that caused user photos to flash when resizing the user selection dialog.
  • Updated the icon for a read-only domain controller to a more suitable one.

PowerShell module

  • It is now possible to pass property names to criteria expressions via variables. For example, New-AdmCriteria "user" {$myProperty -eq "value"}.
  • Fixed the Can't find an object with identity error that made it impossible to locate computer objects or perform operations on them via the Get-AdmComputer/Set-AdmComputer cmdlets with the AdaxesService parameter in Windows PowerShell.
  • Fixed the issue that made it impossible to search for objects from Windows PowerShell using Adaxes criteria expressions with a single element.
  • Fixed the The given key was not present in the dictionary error that occurred when executing the Get-AdmPrincipalGroupMembership cmdlet on a synchronized user who is a member of at least one cloud-only group.
  • Fixed the Cannot find an overload for "AddValues" and the argument count: "1" error in the AddValues method of the New-AdmCriteria cmdlet.
  • Fixed the The criteria is invalid. Syntax error at position bug in the New-AdmCriteria cmdlet that occurred when a criteria expression included line breaks. Now you can span criteria expressions over several lines to improve their readability.
  • Fixed the Object reference not set to an instance of an object error that made it impossible to clear the Country value of a user via the Set-AdmUser cmdlet.
  • The Get-AdmUser cmdlet now can retrieve the objects' ADS path when executed in Windows PowerShell with the AdaxesService parameter.
  • Fixed the issue where searching for objects with specific When Created or When Changed attribute values via Adaxes cmdlets in Windows PowerShell would return no results if the AdaxesService parameter was not specified.
  • Now, the Get-AdmUser cmdlet returns the value of the When Created and When Changed attributes in the local time zone of the computer where the cmdlet is executed.

Configuration backup/restore

  • Fixed the Failed to import configuration objects to the backend. Directory object not found that could occur when restoring specific Adaxes configurations from a backup.
  • Fixed the An item with the same key has already been added error that prevented Adaxes service from starting after restoring specific configurations from a backup.
  • Fixed the The search filter cannot be recognized error that occurred after restoring the configuration from a backup if the Web interface browsing search filter in the backup file was disabled.
  • Fixed the issue where the (&(objectCategory=person)(objectClass=contact)) browsing filter was incorrectly restored from the configuration backup.
  • Fixed the issue where restoring certain configurations from a backup would lead to Adaxes failing to cache the data of Azure AD managed domains.
  • Fixed the Value cannot be null. Parameter name: dn error that could occur in the Web interface after restoring a configuration from a backup if the app used to manage an Azure AD domain had an expired client secret.
  • Fixed the Failed to load last known good information of the managed domain error that caused Adaxes service to fail to start after restoring certain configurations from a backup.

Other improvements

  • Now, it is possible to bind to custom commands and scheduled tasks using their immutable identifiers – adm-CustomCommandId and adm-ObjectId. This simplifies writing scripts that execute custom commands with parameters.
  • Flag property values (e.g. Machine Role) in the criteria editor are now displayed in a human-readable format instead of actual integer values.
  • Now, the list of available UPN suffixes is updated immediately after adding/removing a suffix. It is no longer required to restart the Adaxes service.
  • Log records for updating the list of unmanaged accounts now have a human-readable operation description.
  • If the modification of a binary property is sent for approval, the new value will be sent as an email attachment to the approver.
  • New user photos are now embedded into approval request emails.
  • The adm-ManagerDisplayName, adm-ManagedByDisplayName, and adm-MemberDisplayName calculated properties now return the object's name if its display name is empty.
  • Now, it is possible to view scheduled task activity/management history after restoring the configuration from a backup. In addition, you can now locate scheduled tasks from the general log and in reports via the Locate in tree option after restoring the configuration from a backup.
  • Improved the performance of the Reset password operation for users within the scope of a Microsoft 365 tenant that is assigned over many groups.
  • Adaxes can now generate a default value for a property if the relevant property pattern references a predefined field absent from a form.
  • Now, the list of approvers is periodically saved to a designated attribute of each pending approval request. This greatly speeds up viewing and searching for approval requests, especially if there are many requests with a long list of approvers. The frequency can be configured. For details, see the Approvals.StampApproversPeriod parameter in the Change Configuration Parameters article.

Other bug fixes

  • Fixed the issue that caused rule-based group membership updates to trigger business rules.
  • Fixed the Object does not exist error that occurred on the user creation form if a Microsoft 365 section was present on the form.
  • Fixed the AuthorizationManager check failed error that prevented Adaxes from successfully registering Azure AD domains if the PowerShell script execution policy was set to AllSigned.
  • Fixed the ValueFactory attempted to access the Value property of this instance error that occurred when a Microsoft 365 tenant was assigned over a business unit with at least one Query results membership rule.
  • Fixed the Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax error that occurred when updating the Azure AD cache if any object in Azure AD had an apostrophe in their name.
  • Fixed the An attempt was made to modify an object to include an attribute that is not legal for its class error that made it impossible to use the If <property of the member> <relation> <value> condition in business rules triggering Before adding a member to a group.
  • Removed the timeout for AD LDS installation, which fixed the issue with the initial replication of large and complex configurations to a new Adaxes service instance in multi-server environments.
  • Fixed the An unknown directory domain object was requested error that occurred when registering a child domain if there was no connection to the parent domain.
  • Fixed the issue with the Must be one of the following values only constraint for DN properties. Now, you can select a directory object instead of having to manually enter a DN.
  • Fixed the Culture ID 4096 (0x1000) is a neutral culture; a region cannot be created from it. Parameter name: culture error that prevented Adaxes from updating the Azure AD cache if the computer with the Adaxes service used a custom Windows culture.
  • Fixed the The account name is invalid. It is expected to be formatted either as 'DOMAIN\user' or 'user@domain' error that occurred after changing the service account for a managed domain and then switching it back to the Adaxes service account.
  • Fixed the Cannot process argument transformation on parameter 'EmailAddresses'. Cannot convert value "System.Collections.ArrayList" to type "Microsoft.Exchange.Data.ProxyAddressCollection" error that occurred when changing the primary SMTP address and simultaneously adding another SMTP address to a mailbox.
  • Fixed the Access is denied error that prevented users from manually resending approval requests notifications for requests initiated by executing a custom command.
  • Fixed the issue where the Password Must Be Changed at Next Logon option would not be set for new users if it was enabled by default but no other account options were modified during user creation.
  • Fixed the issue where date/time value references would resolve incorrectly if a one-letter format (e.g. %datetime:format[M]%) was used.
  • Now, all approval request properties are correctly displayed in conditions like If <property> <relation> <value>.
  • Fixed the bug that made it impossible to view or modify Exchange properties of a synchronized contact or group after they were renamed in Azure AD.
  • It is again possible to specify objects of any type in DN properties native to AD (e.g. Secretary).
  • Fixed the Failed to get the mailbox usage information. MailboxLocation was not found for id error that sometimes occurred when viewing mailbox usage immediately after the mailbox is created in Exchange Online.
  • Fixed the Failed to synchronize group data error that could sometimes lead to an Azure AD group still showing in Adaxes after it was deleted directly in the Azure Portal.
  • Fixed the Failed to read a Security Role assignment error that occurred when viewing a security role with a trustee from a domain not currently registered in Adaxes.
  • Fixed the The operation couldn't be performed because object couldn't be found error that occurred when moving a user and enabling a remote mailbox for that user via a script in the same business rule.
  • Fixed the issue where reports would not display indirect subordinates of a user if that user had a comma in their name.
  • Fixed the No Exchange Organizations found in domain example.com that occurred when a Microsoft 365 license without an Exchange Online service was assigned to an Azure AD user via a business rule, and their mailbox properties were modified in the same rule.
  • Fixed the Failed to remove the remote mailbox of the user. Domain is not managed by Adaxes error that occurred when enabling/disabling the Yammer Microsoft 365 service for a synchronized user if the on-premises domain of that user was not registered in Adaxes.
  • Fixed the Failed to get mailbox rights error that could occur when viewing Exchange properties of a linked mailbox if the language of the Exchange server was not English.
  • Fixed the issue with the Microsoft 365 password synchronization mechanism in Adaxes. Now, when you reset a user's password in AD while their Microsoft 365 account has the Must change password at next logon flag, the flag is correctly preserved when passwords are synchronized.
  • Fixed the issue where the When Changed attribute would not update when changing a group/OU owner or a user picture via Adaxes.

Try Adaxes right now!