Softerra Adaxes 2010.1 is a major release that introduces many helpful features and improvements since the previous version. One of the most essential features is SPML Support that ensures a quick and easy integration of Softerra Adaxes into heterogeneous environments. Below are the highlights of the new major features and important changes in Softerra Adaxes 2010.1.
SPML protocol is emerging as a de-facto standard in the provisioning industry. The support of this modern standard provides an easier integration of Softerra Adaxes in organizations and streamlines the automation of provisioning processes. Softerra Adaxes includes Adaxes SPML Provider that allows SPML-enabled services to access Active Directory resources. The application can be also configured to send SPML requests to the registered SPML services when certain operations are performed in Active Directory.
Adaxes SPML Provider is a Web service running by IIS that enables applications to exchange data with Active Directory via the SPML v2.0 protocol. As an example, when a new employee is hired, there is a need to create multiple user accounts in various applications and services, including Active Directory. During the creation of an account, an SPML-enabled application can automatically send an SPML request to the Adaxes SPML Provider to create an account in Active Directory. When the account is updated, disabled or deleted, the corresponding SPML requests can also be sent to the Adaxes SPML Provider to synchronize the changes with Active Directory.
Adaxes SPML Provider can access Active Directory directly or via an Adaxes service. The use of the Adaxes service allows managing several AD domains and benefit from Security Roles, Business Rules, Property Patterns, Logging and other features provided by Softerra Adaxes.
Softerra Adaxes can be configured to send SPML requests to the registered SPML services when certain operations are performed in Active Directory. To specify SPML services, to which SPML requests should be sent, and configure parameters of the SPML request generation, SPML Connectors are used. As an example, you can use SPML Connectors to automatically create user accounts in third-party provisioning applications when a user account is created in Active Directory. SPML Connectors can also send SPML requests to synchronize all changes made in Active Directory with the provisioning applications.
Now Adaxes Administration Console lets you copy AD objects using the clipboard and Drag-and-Drop. When objects are copied, the application offers you to enter a new name for these objects, modify account-related options, specify whether to copy the group membership, etc.
When copying several objects at once, you can specify unique names for all of them using value references. For example, if you specify users' name as '%cn%-copy', this pattern will be replaced with the value of the Full Name property of each user, plus '-copy'.
Adaxes Administration Console also allows copying the Adaxes service configuration objects like Security Roles, Business Rules, Property Patterns, Business Units, etc.
User scripts that employ the Adaxes ADSI Provider, now can use the IADsContaiter::CopyHere method to copy Active Directory objects.
Sometimes there is a need to view who performed what operations on a specific Active Directory object. Or, you may want to view what operations a specific user has performed in Active Directory. Management History and Management Activity features provide administrators, auditors or any other users with a quick way to analyze this type of information. Log records can be filtered and grouped by a certain field allowing you to focus on smaller pieces of information. For example, you can view operations performed on a specific object from a specific host within a specific period of time.
Bulk Password Reset gives you an ability to reset passwords for several AD users in one operation. Not only does this feature allow setting the same password for all the selected users, but it also enables you to generate a unique password for each user using value references. For example, if you specify the password template as '%username%-secret', it will be replaced with the value of the Logon Name (pre-Windows 2000) property of each user, plus '-secret'.
Sometimes when creating objects in Active Directory, you may need to specify some additional properties that cannot be specified with the object creation wizard. For example, using Property Patterns it is possible to specify any property as required. If a required property is not specified during an object creation, the operation fails. From now on, all wizards used for creating Active Directory objects have a special page that allows specifying any properties for the object being created.
Also, during copying of an Active Directory object, Adaxes Administration Console will prompt you to specify the required properties for the copied object if they are not specified yet.
Softerra Adaxes includes built-in Security Roles, Business Rules, and Property Patterns that are provided for typical use cases. These built-in objects can be customized for your own needs or even deleted. Now, Softerra Adaxes enables you to restore built-in objects that you've modified or deleted by mistake. With the help of the Adaxes Administration Console, you can restore either a specific built-in object, or all built-in objects of a kind, for example, all Business Rules or Security Roles.
Sometimes you may want not to expose all the functionality of the Adaxes Web Interface to its users. For example, you may want to use it as a self-service portal, or as a help-desk solution. Starting from this version, it is possible to specify what components of the Adaxes Web Interface will be available for users. The visibility of the components is specified during the installation of the Web Interface. However, after the Web Interface is installed, you can modify the visibility of each component by changing the enabled attribute of a component's element in the Web.config file.
When managing Active Directory using the Adaxes Administration Console, sometimes you may need to edit native Active Directory permissions assigned to a directory object. From now on, you don't need to launch native tools such as Active Directory User and Computers to edit these permissions, because this functionality is now embedded in the Adaxes Administration Console.
To edit native AD permissions of an object, you must have the Modify Permissions and Modify Owner rights on this object.
If you have both User and InetOrgPerson objects in your directory environment, previously you had to create separate Business Rules and Property Patterns for each of the types. Despite the fact that this gives you flexibility to create specific configuration objects for each of the types, sometimes you had to create two identical Business Rules or Property Patterns. Starting from this version, you are enabled to create a Business Rule or a Property Pattern that will work for both User and InetOrgPerson types.
Features of Adaxes Web Interface have undergone significant improvements and enhancements that you will notice once you start using it. However, some of the changes are not visible to the user, but still they make the quality of the Web Interface even better. The most significant changes are listed below.
Sometimes Active Directory objects displayed in the Web Interface cannot fit into one view. In this case, Web Interface displays these objects in multiple pages. This may be inconvenient, if, for example, you want to perform an operation on several Active Directory objects located on different pages. The new version introduces the More Results button that lets you display several pages of Active Directory objects in one view.
The Web Interface doesn't reload the whole page when you click this button, only the necessary data is fetched.
Sometimes you may need to perform an operation on, for example, all directory objects returned by a search, or on all objects residing in an Organizational Unit. If the number of objects is large, they are displayed in multiple pages. Using the new version, you are enabled to select all objects on all pages, even those you can't see. After this, you will be able to perform operations on all these objects in bulk. This significantly saves your time, because you don't have to fetch huge amounts of objects from the server.
When you work with Active Directory via the Adaxes Web Interface, all operations are performed in an asynchronous way using the Ajax technology. From now, the Web Interface lets you cancel any operation in progress that you've started.
Some operations are cancelled automatically when you leave a page. For example, if you started a search and navigated to another page, the search will be stopped automatically. This reduces the load on Active Directory and the Adaxes service.
The Web Interface allows you to browse large amounts of Active Directory objects through pages with navigation buttons. To cope with really huge amounts of Active Directory objects, the new version of the Adaxes Web Interface introduces an improved page navigation bar. It simplifies jumping to specific pages when browsing thousands of Active Directory objects.
Among other features described above, the user interface of the Adaxes Administration Console has gained some other minor, but pleasant improvements that increase the usability of the application.
The new version of the Administration Console has an option to highlight the instantiated object class of Active Directory objects. If you need to know what object class was used to create an Active Directory object, setting this option to ON will make it easier to identify the object class, because it will be highlighted bold in the List View.
Similar to the object type, you can configure the Administration Console to highlight the type of Active Directory groups. Thanks to this option, you can easily find the Group Type property among other properties displayed in the List View, since it will be highlighted bold.
Extensive use of Softerra Adaxes can produce lots of records in the Service Log. To cope with large amounts of information, the code of the Logging View has undergone significant refactoring. Now it works much faster and the number of records in the log almost doesn't affect the performance.
The status bar in the Administration Console has become more informative. Now, along with other helpful information, it also displays the information about currently selected objects. It shows the number of the selected objects and the number of child objects for the object selected in the Scope Pane. This information is displayed for the window you are currently working with (Scope Pane, List View Pane, Basket or Directory Search).
Enriching the Administration Console with new features inevitably leads to certain complication of the user interface. Since one of our main goals is to make Adaxes a handy and user-friendly solution, we constantly do our best to improve its usability. In the new version of the Administration Console, we have re-organized context menus to make them more user-friendly. Now, all operations on Active Directory objects are grouped in the All Tasks submenu. The frequently used operations remained on the top level of the context menus.
Softerra Adaxes has been successfully tested on the recently released operating systems - Windows 7 and Windows 2008 R2. Now Softerra Adaxes is ready for use in production environments running under these operating systems. Now we are looking forward to the release of AD LDS for Windows 7 and Windows Vista. This will allow us to install the Service component of Softerra Adaxes to these Windows workstation editions.