We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

What's new in Adaxes 2020.1

Version
3.13.17918
Release date
June 18, 2020
Latest update
Update 8

In this release, we focused on extending the automation capabilities of Adaxes and improving end user experience. It comes with rule-based groups, the ability to approve requests from emails, a new editor for binary fields, the dark theme, and a long list of convenience features for the Web Interface.

Here's more about what's new in Adaxes 2020.1.

Rule-based groups

Groups in your Active Directory can now have rule-based membership. The idea is simple — you define the membership rules for a group and Adaxes manages its list of members for you.

Membership rules are very flexible and offer many criteria for including objects in a group. As an example, you can include all users located in a certain OU, but only if their department is Sales and their account is enabled. Also, you are free to mix and match different object types within the same rule-based group.

You can configure the membership rules yourself or delegate it to other users, for example, group owners. And, of course, you can hide all the inner workings of rule-based groups from ordinary users and let them only view the current members.

Learn more about rule-based groups

To top it up, we included two new reports to simplify auditing rule-based groups:

  • Rule-based groups - displays all existing rule-based groups and their properties.
  • Empty rule-based groups - shows all rule-based groups which currently have no members.

After you upgrade to the new version, you will need to enable the Membership Type section in the Web Interface Configurator to start using rule-based groups. For more details, see Automate group membership management.

Improvements to approval requests

Approval-based workflow is one of the core features of Adaxes, so we decided to streamline the approval process as much as possible. Here is a list of improvements which will make your user experience more complete.

Approve requests from email notifications

It is now possible to approve or deny requests without logging in to the Web Interface. The approver only needs to click a button in the notification email.

Operation descriptions in the notification emails are now more clear and concise, without any unnecessary technical details. Also, the layout now looks more consistent in different email clients.

After you upgrade to the new version, the ability to approve/deny requests from email notifications will be disabled. For details on how to enable it, see Enable Approve/Deny Buttons in Email Notifications.

Pictures in approval requests

It is now possible to review picture changes that are sent for approval. Updated pictures are displayed in the Web Interface and in the approval notification emails.

For example, you can now delegate updating pictures to your users and let their managers approve the new picture.

Pending requests indicator

You can now view both your pending requests and approvals on any page of the Web Interface thanks to the new indicator in the navigation bar.

Reason for approval

It is now possible to specify the reason for approval. This will make approved requests more informative.

Approval request processing date

Now Adaxes remembers the date when a request was approved, denied, or cancelled. It will help you with monitoring and auditing processed approval requests.

We have also updated the built-in Approved requests, Cancelled requests, and Denied requests reports. Now the requests in these reports are sorted and grouped by processing date by default.

These built-in reports will not be updated automatically after you upgrade to the new version. To replace the existing reports with the updated versions, you will need to restore them to the initial state.

Binary fields in Web Interface

It is now possible to upload files into binary properties of AD objects from the Web Interface. For example, your HR staff can now attach staff contracts, CVs, or any other relevant documents directly to user accounts. Adaxes recognizes the most popular file types like PDF, DOC, or XLS and displays the corresponding icon, but it is possible to attach any files.

You can download the attached files from various Web Interface views and from the report documents.

For more details, see How to attach files to directory objects.

Web Interface improvements

We continue extending the functionality of the Web Interface and making improvements to its visual appearance. Here's a list of improvements we have made this time.

Dark theme

The dark theme is now available for the Web Interface. Users can switch between dark and light themes according to their personal preferences.

It is also possible to use the dark theme in the Web Interface Configurator.

SVG logo support

The new version fully supports using SVG files for your custom logo. Your logos will now look great on any resolution.

You can even make your SVG logos dynamically change colors so they stand out on both, dark and light themes. For more details, see how to Set Custom Logo and Colors.

Enhanced auto-reply message editor

We have improved the user interface and have added new features to the HTML editor for automatic replies. You can now add tables to the messages and there are more formatting options available.

Bulk reset computers

It is now possible to bulk reset computer accounts in one click.

Filter operations

You can now filter long lists of operations. It is helpful if you have many Custom Commands and need to find one quickly.

Filter drop-down lists

Drop-down lists that have more than 10 items can also be filtered. You can easily find the right value in lists of any length.

New search criteria and filter

It is now possible to search for AD objects using a bunch of new search criteria. We have also added a filter to the criteria list, so you can find what you need quicker.

Here is the full list of new criteria:

  • Reversible Password Encryption
  • Cannot Change Own Password
  • Change Password at Logon
  • Password Never Expires
  • Password Not Required
  • Account Disabled
  • Smart Card Logon Required

Mobile Web Interface

We have improved the user interface of the sign in page and the Self-Service Password Reset wizard on small screens.

Other improvements

We have completely reworked all icons so they look crisp and clear on all resolutions, including 4K.

We have added a button to the Web Interface Configurator that lets you cancel all changes with one click.

We have increased the maximum number of fields in object mouseover popups from 5 to 10.

Email notifications sent by Adaxes can now have a friendly display name in the FROM field.

From now on, clicking on the My account card opens your account in view mode instead of edit mode.

And more

New condition

A new condition is now available — If <property of the member> <relation> <value>. You can use it in Business Rules that trigger before/after adding or removing a member from a group. It allows you to check the property values of the member who is being added or removed, and execute different actions depending on those values.

For example, you can request approval for adding a user to a group if they are not from a specific department.

New virtual properties

We have added a number of new virtual properties to simplify extracting information about AD object owners and group members. For example, you can now check whether a group owner has a mobile number, and send them an SMS if they do.

Here is the full list:

Available in Business Rules, Scheduled Tasks, and Custom Commands configured for an object type that has a Managed By property e.g. computer or group. Will retrieve information about the object owner.

  • adm-ManagedByFullName
  • adm-ManagedByFirstName
  • adm-ManagedByLastName
  • adm-ManagedByDisplayName
  • adm-ManagedByUserName
  • adm-ManagedByEmail
  • adm-ManagedByMobile
  • adm-ManagedByPhone

Only available in Business Rules that trigger before/after adding or removing a member from a group. Will retrieve information about the group member who is being added or removed.

  • adm-MemberFullName
  • adm-MemberFirstName
  • adm-MemberLastName
  • adm-MemberDisplayName
  • adm-MemberUserName
  • adm-MemberEmail
  • adm-MemberMobile
  • adm-MemberPhone
  • adm-MemberObjectType

As another example, you can now send email notifications to new group members without using scripts.

Merging property patterns

We have improved how Adaxes handles situations when several Property Patterns for the same property overlap in their activity scope. Now, Adaxes will combine and apply all effective patterns, providing they are not conflicting. For example, you can now set a default value for a specific property in one pattern and define constraints in another pattern.

Even more improvements

  • Now the permissions for specific object types are taken into account when determining the visibility of Web Interface actions for the signed-in user. For example, if a user has the permission to create only User objects, the Create computer action will not be displayed.
  • The number of custom attributes provided by Adaxes is extended, as CustomAttributeBinary6...CustomAttributeBinary15, CustomAttributeDate6...CustomAttributeDate15, and CustomAttributeTimestamp6...CustomAttributeTimestamp15 are now available.
  • You can now set maximum sending message size and receiving message size for Exchange Online mailboxes.
  • A Reset room mailbox password and Modify account options actions are now available in Business Rules, Scheduled Tasks, and Custom Commands configured for the Room mailbox object type.
  • The recipient type of an Edit Exchange properties action is now displayed when you edit the action in the Web Interface Configurator.
  • Unnecessary technical details were removed from the operation descriptions.
  • It is now possible to modify the Automatically update e-mail addresses based on e-mail address policy option of remote mailboxes.
  • You can now retrieve the DN of the new group member via %member% value reference in the Modify Exchange properties action in Business Rules that trigger After adding a member to a group.
  • The EnableRemoteMailboxEx2 method was added to the IAdmExchangeRemoteMailboxOps3 interface to simplify the creation of shared remote mailboxes in PowerShell scripts executed by Adaxes.

Update 1


Version:
3.13.18001
Release date:
July 01, 2020

Enhancements

  • Improved how Adaxes determines the validity of time-based one-time passwords generated by authenticator apps. This in turn resolved the issue where codes generated by Duo Mobile app were sometimes considered invalid.
  • Now it is possible to disable logging of the rule-based group updating summary operation.
  • Now it is possible to use the values of the following properties as thumbnail user images: JPEG Photo, Photo, and Logo.
  • Chrome and Firefox browsers no longer suggest a browser-generated password on the Sign In page of the Web Interface.
  • The adm-MemberXXXX value references can now be inserted in the Visual HTML Editor in Adaxes Administration Console using the Insert Value Reference button.
  • Improved the clarity of Web Interface elements in the dark theme and made the transitions between dark and light themes smoother.

Bug fixes

  • Fixed the issue where the default value of the Can be joined to domain by property (set by a Property Pattern) would be displayed incorrectly on the computer creation form in the Web Interface.
  • Fixed the Could not acquire a connection for 'domain.com'. Connection pool is full. error which appeared when many manual rule-based group membership updates were started simultaneously.
  • Fixed the No HTTP resource was found that matches the request error which could occur when selecting a property in a property name picker parameter of a Custom Command.
  • Fixed the Unable to cast object of type 'System.Byte[]' to type 'System.String' error which could occur when selecting a group in a Remove from group Web Interface action.
  • Fixed the issue where querying the value of PasswordExpirationDate property in Adaxes scripts (e.g. using $Context.TargetObject.PasswordExpirationDate) would return an empty value.
  • Fixed the issue where an XLS file uploaded into a binary property would be sometimes identified as CSV.
  • Resolved several issues where the displayed value of Membership Update Schedule of rule-based groups would not take into account the timezone of the user who is viewing it.
  • Fixed the issue where a Business Unit that has an Objects located in OU or container rule would include the base OU itself if the Sub-tree level scope is selected in rule parameters.

Update 2


Version:
3.13.18106
Release date:
August 06, 2020
  • Adaxes self-service client has been updated. It is now more secure, as it now registers itself in the system using absolute DLL paths.
  • Fixed the issue where user accounts created via Web Interface were created in a disabled state if no checkboxes were selected in the Account Options section.
  • Fixed the dark theme colors and alignment of the Members and Member Of sections in the Web Interface.
  • Improved overall stability and performance.

Update 3


Version:
3.13.18524
Release date:
December 24, 2020

Fixed the vulnerability that resulted from special characters not being escaped when value references are resolved. For example, the vulnerability made it possible to inject PowerShell scripts in custom command parameter input fields if value references were used to get the parameter values.

Update 4


Version:
3.13.18625
Release date:
January 25, 2021

This update extends the previous security update and addresses the same vulnerability. The previous fix can be bypassed, which was discovered recently. As a result, we've reinforced the fix by escaping all possible double quote characters ("„“”) when value references are resolved.

Update 5


Version:
3.13.18802
Release date:
March 02, 2021
  • Fixed the Object reference not set to an instance of an object error that sometimes occurred during the interaction between Adaxes and Microsoft 365.
  • Updated the fix for the An Azure Active Directory call was made to keep object in sync error which sometimes occurred during the modification of Exchange Online mailboxes if Microsoft has rolled out the dual-write feature to your tenant.

Update 6


Version:
3.13.19312
Release date:
August 12, 2021

In this update, we have mainly focused on improving the security of Adaxes and fixing recently discovered vulnerabilities.

  • Fixed the vulnerability that made it possible to force the computer where the Adaxes service is installed to send an SMB request to an arbitrary IP address, obtaining the password hash of the said computer (server-side request forgery). The attack required the malicious actor to possess valid credentials of a user account that can sign in to the Adaxes Web interface or send requests to the REST API.
  • Fixed the vulnerability that made it possible to execute arbitrary JavaScript code on the client-side of Adaxes Web interface if a Web interface page was visited using a specifically crafted link (cross-site scripting). The vulnerability allowed the malicious actor to obtain the information from the visited page. The attack required a legitimately signed-in user to actually visit the malicious link.
  • Now, Adaxes sanitizes all HTML code encountered in directory object names. This fixed the issue where the Web interface would process HTML code in object names and apply formatting when displaying information about those objects.
  • Now, Adaxes correctly creates a remote mailbox for a user when a Microsoft 365 license with the Exchange Online service is assigned, but the Exchange Online Archiving for Exchange Online service is disabled.

Update 7


Version
3.13.20819
Release date
November 22, 2022

Fixed the Stack overflow at line: 1 error that prevented users from self-resetting their password from the login screen on Windows 11 Update 22H2.

Update 8


Version
3.13.21404
Release date
May 8, 2023
  • Adaxes no longer relies on PowerShell remoting for performing operations in Exchange Online. Following the announced deprecation of PowerShell remoting by Microsoft, we have transitioned to using the latest EXOv3 PowerShell module.

    Besides being fully prepared for the deprecation, you can now disable basic authentication in WinRM on the computer where the Adaxes service is installed.

    The CreateExchangeOnlinePSSession method in Adaxes is now deprecated. After installing this update, you will need to switch the connection method in your scripts to ConnectExchangeOnline.

    Details

    Your current scripts that rely on CreateExchangeOnlinePSSession to connect to Exchange Online will continue working as before in the new Adaxes version. However, they will stop working when Microsoft blocks the RPS connection for your tenant – this can happen at any time in June 2023, according to Microsoft. We recommend to update such scripts as soon as possible after updating Adaxes.

    Here's a sample script from our repository that connects to Exchange Online via the new ConnectExchangeOnline method.

    Also, using the Connect-ExchangeOnline and Disconnect-ExchangeOnline cmdlets is now prohibited in scripts executed within Adaxes. If you have any scripts that use these cmdlets, they have to be updated to use ConnectExchangeOnline as well.

  • Fixed the bug that made it impossible to view or modify Exchange properties of a synchronized contact or group after they were renamed in Azure AD.

Try Adaxes right now!

Download