With the help of Adaxes, you can provision Office 365 accounts for Active Directory users, assign and revoke Office 365 licenses, deactivate Office 365 accounts, etc. If your Office 365 plans include licenses for Exchange Online, Adaxes will also allow you to manage Exchange mailboxes and distribution lists located in Office 365. In addition to that, with Adaxes you can automate routine and repetitive Office 365 and Exchange Online management tasks.
In this tutorial, you will learn how to:
Adaxes and Azure AD Connect
It is possible to use Adaxes in environments where Active Directory is synchronized with Office 365 with the help of Azure AD Connect. In such environments, Adaxes can be used to provision and deprovision Office 365 accounts and manage Office 365 licenses, while Azure AD Connect will take care of the synchronization between your Active Directory and Office 365.
To enable Office 365 management in Adaxes, you need to register an Office 365 tenant. A tenant represents an Office 365 organization in Adaxes and allows you to associate it with your AD environment.
With Adaxes you are not limited to a single Office 365 tenant. If you have two or more Office 365 tenants that you need to manage, Adaxes provides you with a flexible way to configure which part of your Active Directory belongs to which tenant.
Launch Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Cloud Services and select Office 365.
In the Managed Office 365 Tenants section located to the right, click New.
Provide the credentials of an Office 365 account that has administrative permissions within the Office 365 tenant you want to register.
The account must be assigned to either the Global Administrator or the User Management Administrator role in Office 365.
Specify a display name for the tenant.
The tenant will appear under this name when viewing or editing Office 365 accounts.
Select which Office 365 plans will be available in Adaxes. Unchecked plans will not be visible in Adaxes and users will not be able to assign them.
Each plan can provide access to one or more Office 365 services. You can configure which services will be enabled by default when an Office 365 plan is assigned to a user. Also, you can change the names under which Office 365 plans and services appear in Adaxes.
Click an Office 365 plan.
To change the display name of the Office 365 plan, enter a new name in the Display name field.
In the in the Office 365 Services section, uncheck the services that you don't want to be enabled by default.
To change the display name of an Office 365 service, click the service and enter a new name in the dialog that opens.
The settings related to Office 365 plans and services can be overridden for specific forms, views and actions in the Web Interface. For example, you can specify which Office 365 plans are available on the user creation form and configure whether users can enable or disable individual Office 365 services for them.
By default, when a user's password is changed in Active Directory, the new password cannot be used in Office 365 right away. Even if user passwords are synchronized by Azure AD Connect, it takes some time before synchronization occurs.
To automatically set or update a user's password in Office 365 when a new user is created or a user's password is changed with the help of Adaxes, check the Synchronize passwords option.
Click More options to configure settings related to temporary passwords generated by Office 365.
Office 365 does not allow creating accounts without a password. When Adaxes is configured to synchronize passwords and an Office 365 account is automatically activated after a user is created in AD, the password will be set both in Active Directory and in Office 365. However, if Adaxes is configured not to synchronize passwords or if a password specified for a new user does not meet password policy requirements, Office 365 will generate a random temporary password.
In the Temporary Passwords section, you can configure how temporary passwords generated by Office 365 will be communicated to users.
Display temporary passwords in the Execution Log
Select this option to show the temporary password in the Execution Log of the operation during which an Office 365 account is created.
Email temporary passwords
Select this option to have a temporary password sent by e-mail. In the associated edit box, specify a semicolon-separated list of recipients. To select recipients in Active Directory, click the button.
You can use value references in the email addresses of recipients. When an Office 365 account is created for a user, value references will be replaced with corresponding property values of the user's account. For example, value reference %mail% will be replaced with the user's e-mail address.
On the Associated Active Directory Scope page of the wizard, click Add to associate the Office 365 tenant with objects in Active Directory.
In the Tenant Associated Scope dialog, select the following items:
All Objects - select if you want the tenant to be associated with all objects in all AD domains managed by Adaxes.
Specific Domain - select if you want the tenant to be associated with all objects within an Active Directory domain.
OU or Container - select if you want the tenant to be associated with the objects located under an Organizational Unit or container.
Group - select if you want the tenant to be associated with a group or members of a group.
Business Unit - select if you want the tenant to be associated with members of a Business Unit. To select a Business Unit, open the Look in drop-down list and select the Business Units item.
You can exclude some parts of your Active Directory from the scope of a tenant. For example, if you've associated a tenant with all objects in a domain, but do not want to associate it with members of a certain group, you can exclude the group from the scope. To exclude an object, select the Exclude option in the Associated Scope Options dialog box.
Click the object you want to exclude.
In the Associated Options dialog, select the Exclude option.
When done, click OK and then Finish.
In Adaxes you can manage multiple Office 365 tenants. In a multi-tenant environment, if an object falls within the scope of two or more Office 365 tenants, the object is associated with the tenant that is of a higher precedence.
To change the precedence of a tenant, select it and use the buttons.
To find the Office 365 tenant a specific AD object is associated with, click Lookup tenant for object. To view all AD objects associated with a tenant, select the tenant and click Show all associated objects.
Adaxes allows you to automate the management of Office 365 accounts. For example, when a new user is created in Active Directory, Adaxes can automatically assign Office 365 licenses to the user based on their job title, department, location, etc. When a user account is updated, Adaxes can adjust the licenses according to the rules you define.
For information on how to assign Office 365 licenses automatically, see Automatically Assign Office 365 Licenses.
Using Security Roles, you can delegate Office 365 management tasks to users. You can allow users to manage Office 365 licenses, activate and deactivate user accounts in Office 365.
For information on how to delegate permissions to perform Office 365 tasks, see Grant Permissions to Perform Office 365 Management Tasks.
You can also delegate management of mailboxes and distribution lists located in Office 365. The permissions to manage Exchange mailboxes are also configured with the help of Security Roles. For more information, see Grant Permissions to Perform Exchange Tasks.
Adaxes Web Interface allows users to view Office 365 account properties, activate and deactivate Office 365 accounts, assign and revoke Office 365 licenses.
To allow users to view and manage Office 365 accounts, you need to place the Office 365 properties section on object views and forms for object creation and modification. The section is visible for an Active Directory object only if there is an Office 365 tenant associated with the object. For details, see Customize Forms for User Creation and Editing.
Additionally you can configure the Actions pane to contain a separate operation for editing Office 365 properties.
For more details, see Configure Actions Pane.
Using Adaxes Web Interface, users can manage both on-premises Exchange mailboxes and Exchange mailboxes located in Office 365.
For information on how to configure management of Exchange mailboxes, see Configure Exchange Tasks.