0 votes

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)?

Since this user can change user's password, attribute, etc it become critical. We would like to manage this user so that PAM can change/rotate the password periodically

by (90 points)

1 Answer

0 votes
by (211k points)

Hello,

All operations in a domain managed by Adaxes are performed using the account specified for the domain. You can configure PAM to automatically change/rotate the password of the account, however, it will require updating the password in Adaxes as well. For information on how to do that, have a look at the following help article: https://www.adaxes.com/help/ChangeManagedDomainServiceAccount.

0

Hello,

So I will need to update the password periodically in Adaxes as well?

Is there any way to call REST API to PAM from Adaxes?

0

Hello,

So I will need to update the password periodically in Adaxes as well?

Yes, that is correct.

Is there any way to call REST API to PAM from Adaxes?

It should be possible using a PowerShell script. The following Microsoft article might be helpful: https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/privileged-access-management-rest-api-reference.

0

the question the, can we change ChangeManagedDomainServiceAccount through API?

So Adaxes will call the API from PAM. Can powershell inject credentials to Adaxes?

0

Hello,

Sorry for the confusion, but we are not sure of the workflow you want to have. Please, describe it in all the possible details with step-by-step live examples.

For your information, it is possible to use a script to update credentials of a managed domain in Adaxes: https://adaxes.com/sdk/SampleScripts.ChangingCredentialsForManagedDomain.

0

here is the live example.

to connect to AD from Adaxes we user some credentials let say AdaxesAdmin.

There's a policy that every username that has admininistrator capability has to managed by PAM, so PAM will rotate the password periodically for example every one month. Once this password managed by PAM, we need to request the current password to PAM.

So, if AdaxesAdmin is managed by PAM, is there anyway to re-inject this new password to Adaxes automatically?

0

Hello,

You can use the following script to update credentials of a domain managed by Adaxes: https://adaxes.com/sdk/SampleScripts.ChangingCredentialsForManagedDomain. Unfortunately, we were not able to find any information on PAM being able to make API requests automatically when rotating a user password. We recommend you to check that with Microsoft support. If there is no such possibility, then you can execute the script manually when required.

Related questions

0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6, 2020 by DaralenManta (20 points)
0 votes
1 answer

It's possible to integrate ADAXES with HR Solution to create user in active directory ?

asked Feb 14, 2020 by babid (20 points)
0 votes
0 answers

You do not need to create a trust between AD domains to manage them with an Adaxes service. When registering an AD domain, an account with administrative permissions ... control the user access to the managed resources, the Adaxes service uses Security Roles.

asked Apr 29, 2009 by Adaxes (370 points)
0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3 by jayden.ang (20 points)
0 votes
1 answer

Our adaxes service account is able to create the mailbox when running our create user business rule, but cannot change any settings like disable OWA. What level of security will it need?

asked Apr 6 by bstone (50 points)
2,609 questions
2,347 answers
6,236 comments
869,268 users