Manage and Automate Office 365


With the help of Adaxes, you can provision Office 365 accounts for Active Directory users, assign and revoke Office 365 licenses, deactivate Office 365 accounts, etc. If your Office 365 plans include licenses for Exchange Online, Adaxes will also allow you to manage Exchange mailboxes and distribution lists located in Office 365. In addition to that, with Adaxes you can automate routine and repetitive Office 365 and Exchange Online management tasks.

In this tutorial, you will learn how to:

Adaxes and Azure AD Connect

It is possible to use Adaxes in environments where Active Directory is synchronized with Office 365 with the help of Azure AD Connect. In such environments, Adaxes can be used to provision and deprovision Office 365 accounts and manage Office 365 licenses, while Azure AD Connect will take care of the synchronization between your Active Directory and Office 365.

Register Office 365 Tenant

To enable Office 365 management in Adaxes, you need to register an Office 365 tenant. A tenant represents an Office 365 organization in Adaxes and allows you to associate it with your AD environment.

With Adaxes you are not limited to a single Office 365 tenant. If you have two or more Office 365 tenants that you need to manage, Adaxes provides you with a flexible way to configure which part of your Active Directory belongs to which tenant.


  1. Launch Adaxes Administration Console.
    Expand Adaxes service \ Configuration \ Cloud Services and select Office 365.

  2. In the Managed Office 365 Tenants section located to the right, click New.

  3. Provide the credentials of an Office 365 account that has administrative permissions within the Office 365 tenant you want to register.

    The account must be assigned to either the Global Administrator or the User Management Administrator role in Office 365.

    Click Next.
  4. Specify a display name for the tenant.

    The tenant will appear under this name when viewing or editing Office 365 accounts.

  5. Select which Office 365 plans will be available in Adaxes. Unchecked plans will not be visible in Adaxes and users will not be able to assign them.

    Each plan can provide access to one or more Office 365 services. You can configure which services will be enabled by default when an Office 365 plan is assigned to a user. Also, you can change the names under which Office 365 plans and services appear in Adaxes.

    • Click an Office 365 plan.

    • To change the display name of the Office 365 plan, enter a new name in the Display name field.

    • In the in the Office 365 Services section, uncheck the services that you don't want to be enabled by default.

    • To change the display name of an Office 365 service, click the service and enter a new name in the dialog that opens.


    The settings related to Office 365 plans and services can be overridden for specific forms, views and actions in the Web Interface. For example, you can specify which Office 365 plans are available on the user creation form and configure whether users can enable or disable individual Office 365 services for them.

  6. By default, when a user's password is changed in Active Directory, the new password cannot be used in Office 365 right away. Even if user passwords are synchronized by Azure AD Connect, it takes some time before synchronization occurs.

    To automatically set or update a user's password in Office 365 when a new user is created or a user's password is changed with the help of Adaxes, check the Synchronize passwords option.

  7. Click More options to configure settings related to temporary passwords generated by Office 365.

    Temporary Passwords

    Office 365 does not allow creating accounts without a password. When Adaxes is configured to synchronize passwords and an Office 365 account is automatically activated after a user is created in AD, the password will be set both in Active Directory and in Office 365. However, if Adaxes is configured not to synchronize passwords or if a password specified for a new user does not meet password policy requirements, Office 365 will generate a random temporary password.

    In the Temporary Passwords section, you can configure how temporary passwords generated by Office 365 will be communicated to users.

    • Display temporary passwords in the Execution Log

      Select this option to show the temporary password in the Execution Log of the operation during which an Office 365 account is created.

    • Email temporary passwords

      Select this option to have a temporary password sent by e-mail. In the associated edit box, specify a semicolon-separated list of recipients. To select recipients in Active Directory, click the button.

      Passwords are sent in clear text via e-mail.

      You can use value references in the email addresses of recipients. When an Office 365 account is created for a user, value references will be replaced with corresponding property values of the user's account. For example, value reference %mail% will be replaced with the user's e-mail address.

      • %adm-ManagerEmail% - the e-mail address of the user's manager.
      • %adm-InitiatorEmail% - the e-mail address of the user who activates the Office 365 account.
      • %adm-InitiatorManagerEmail% - the e-mail address of the manager of the user who activates the Office 365 account.
  8. On the Associated Active Directory Scope page of the wizard, click Add to associate the Office 365 tenant with objects in Active Directory.

    If you use Azure AD Connect, it is recommended to adjust the AD scope of your tenant in accordance with Azure AD Connect filtering settings.

    In the Tenant Associated Scope dialog, select the following items:

    • All Objects - select if you want the tenant to be associated with all objects in all AD domains managed by Adaxes.

    • Specific Domain - select if you want the tenant to be associated with all objects within an Active Directory domain.

    • OU or Container - select if you want the tenant to be associated with the objects located under an Organizational Unit or container.

    • Group - select if you want the tenant to be associated with a group or members of a group.

    • Business Unit - select if you want the tenant to be associated with members of a Business Unit. To select a Business Unit, open the Look in drop-down list and select the Business Units item.

    You can exclude some parts of your Active Directory from the scope of a tenant. For example, if you've associated a tenant with all objects in a domain, but do not want to associate it with members of a certain group, you can exclude the group from the scope. To exclude an object, select the Exclude option in the Associated Scope Options dialog box.

    • Click the object you want to exclude.

    • In the Associated Options dialog, select the Exclude option.

    • Click OK.

    When done, click OK and then Finish.

  9. In Adaxes you can manage multiple Office 365 tenants. In a multi-tenant environment, if an object falls within the scope of two or more Office 365 tenants, the object is associated with the tenant that is of a higher precedence.

    To change the precedence of a tenant, select it and use the     buttons.

    To find the Office 365 tenant a specific AD object is associated with, click Lookup tenant for object. To view all AD objects associated with a tenant, select the tenant and click Show all associated objects.

Automate Office 365 User Management

Adaxes allows you to automate the management of Office 365 accounts. For example, when a new user is created in Active Directory, Adaxes can automatically assign Office 365 licenses to the user based on their job title, department, location, etc. When a user account is updated, Adaxes can adjust the licenses according to the rules you define.

For information on how to assign Office 365 licenses automatically, see Automatically Assign Office 365 Licenses.

Delegate Office 365 Tasks

Using Security Roles, you can delegate Office 365 management tasks to users. You can allow users to manage Office 365 licenses, activate and deactivate user accounts in Office 365.

For information on how to delegate permissions to perform Office 365 tasks, see Grant Permissions to Perform Office 365 Management Tasks.

You can also delegate management of mailboxes and distribution lists located in Office 365. The permissions to manage Exchange mailboxes are also configured with the help of Security Roles. For more information, see Grant Permissions to Perform Exchange Tasks.

Customize Web Interface for Office 365

Adaxes Web Interface allows users to view Office 365 account properties, activate and deactivate Office 365 accounts, assign and revoke Office 365 licenses.

To allow users to view and manage Office 365 accounts, you need to place the Office 365 properties section on object views and forms for object creation and modification. The section is visible for an Active Directory object only if there is an Office 365 tenant associated with the object. For details, see Customize Forms for User Creation and Editing.

Additionally you can configure the Actions pane to contain a separate operation for editing Office 365 properties.

For more details, see Configure Actions Pane.

Using Adaxes Web Interface, users can manage both on-premises Exchange mailboxes and Exchange mailboxes located in Office 365.

For information on how to configure management of Exchange mailboxes, see Configure Exchange Tasks.

Open tutorial filtering

Got questions?
Support Forum