0 votes

Hi all,

Just wondering when Adaxes actually determines the current unmanaged/managed user counts - is it random, scheduled, or a manual thing? Also, does it randomly re-determine the list of managed users by itself?

I ask as we have adaxes running the 'add user to unmanaged accounts list' script every 2 am, however we just got an email that the license count had been exeeded at around 7 am this morning.

Our actual license count should be around 200, and after I manually ran the script it dropped from 490 back to the expected 220. I am wondering if Adaxes is automatically re-adding users to the managed list at random, or if the script is occasionally failing to run due to the connection from Azure (where the Adaxes box is) to our on-prem environment dropping. The execution logs show the script ran successfully every night, so I am not sure here.

Cheers all.

by (180 points)

1 Answer

0 votes
by (233k points)

Hello,

There are no default background tasks that automatically add or remove users from the unmanaged list. It can only be done manually or by a script. License validation is performed at random periods not less than once per 10 hours. During the validation, Adaxes only checks the number of managed enabled and not expired user accounts. If the number exceeds the one allowed by the license an email notification is sent. Most probably, you have two scripts for updating the list of unmanaged accounts and executing the second one results in exceeding the license. To check that, you can use the following script from our repository: https://www.adaxes.com/script-repository/search-and-replace-text-in-adaxes-scripts-s224.htm. To perform the required search via the script, you can use a command like the following:

.\MyScript.ps1 -textToSearch "SetUnmanagedAccounts"
0

Hi there,

It seems this may not be the case - I ran the script, and it returned a single instance of the phrase "Unmanaged Accounts" and 1 instance of "SetUnmanagedAccounts" - both within the script that reduces this number. This is the script, which is the one that runs at 2 am every day. (we do have the managedOUDN's defined, but I've redacted them for obvious reasons)

function GetUserSids($managedOuDNs, $allUnmanagedSids)
{
    $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
    $searcher.SearchParameters.Filter = "(sAMAccountType=805306368)"
    $searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SearchParameters.PageSize = 500
    $searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    $searcher.SearchParameters.VirtualRoot = $True
    $searcher.SetPropertiesToLoad(@("objectSid","distinguishedName"))

    try
    {
        $searcherResult = $searcher.ExecuteSearch()
        foreach ($user in $searcherResult.FetchAll())
        {
            $userDN = New-Object "Softerra.Adaxes.LDAP.DN" $user.Properties["distinguishedName"].Value
            $addToUnmanagedAccounts = $True
            foreach ($ouDN in $managedOuDNs)
            {
                if($userDN.IsDescendantOf($ouDN))
                {
                    $addToUnmanagedAccounts = $False
                    break
                }
            }

            if (!($addToUnmanagedAccounts))
            {
                continue
            }

            $sidBytes = $user.Properties["objectSid"].Value
            $sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)

            $allUnmanagedSids.Add($sid.Value) | Out-Null
        }
    }
    finally
    {
        $searcherResult.Dispose()
    }
}

# Create an empty hash set for SIDs of Unmanaged Accounts
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"

# Get SIDs of all users who are not located under the managed OUs
GetUserSids $managedOuDNs $allUnmanagedSids

# Bind to the 'Configuration Set Settings' object
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)

# Update Unmanaged Accounts
$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))

If adaxes does not reset the unmanaged accounts number on occasion, there may be some other issue (perhaps some sort of corruption or an update) that has caused the number to revert to 497, and then the script failed to change the number?

It may be easier to mark this down as a one-off failure.

Related questions

0 votes
1 answer

What is the easiest way to reset the license calculation for ADAXES back to say a new installation? We've unmanaged (manually) a number of accounts and we'd like to add ... that would allow us to simply "start over" in terms of licensing. Thanks in advance.

asked Oct 19, 2016 by VTPatsFan (610 points)
0 votes
1 answer

I used the script below to try and accomplish this but I get an error. I did try to leave a comment but it would not let me. I tried running ... .adaxes.com/script-repository/add-users-located-in-particular-organizational-units-to-unmanaged-accounts-s178.htm

asked Nov 14 by raul.ramirez (150 points)
0 votes
1 answer

We've requested a quote for 2500 licenses and plan on downloading a trial. However, I want to be certain of when the 30-day trial starts ticking...upon the initial download of the software, or only after the downloaded software is installed in our environment?

asked Apr 22, 2021 by MRBruce (110 points)
0 votes
1 answer

In order to add a managed domain does it have to be trusted by the primary domain adaxes is installed an running in? I have set up a domain for testing adaxes and it ... I have set my host file to point the untrusted domain to it's primary Domain Controller.

asked Oct 5 by mightycabal (220 points)
0 votes
1 answer

I have a few questions on licensing. Which accounts are excluded from the license count? I understand you can exclude users, by OU possibly. I'm more interested ... . What happens during license validation? What happens if you go over license count?

asked Jul 2, 2020 by ComputerHabit (790 points)
2,880 questions
2,600 answers
6,751 comments
117,206 users