With the help of Adaxes, you can provision Microsoft 365 accounts for Active Directory users, assign and revoke Microsoft 365 licenses, deactivate Microsoft 365 accounts, etc. If your Microsoft 365 plans include licenses for Exchange Online, Adaxes will also allow you to manage Exchange mailboxes and distribution lists located in Microsoft 365. In addition to that, with Adaxes you can automate routine and repetitive Microsoft 365 and Exchange Online management tasks.
In this tutorial, you will learn how to:
Adaxes and Azure AD Connect
It is possible to use Adaxes in environments where Active Directory is synchronized with Microsoft 365 with the help of Azure AD Connect. In such environments, Adaxes can be used to provision and deprovision Microsoft 365 accounts and manage Microsoft 365 licenses, while Azure AD Connect will take care of the synchronization between your Active Directory and Microsoft 365.
To enable Microsoft 365 management in Adaxes, you need to register a Microsoft 365 tenant. A tenant represents a Microsoft 365 organization in Adaxes and allows you to associate it with your AD environment.
With Adaxes you are not limited to a single Microsoft 365 tenant. If you have two or more Microsoft 365 tenants that you need to manage, Adaxes provides you with a flexible way to configure which part of your Active Directory belongs to which tenant.
Launch Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Cloud Services and select Microsoft 365.
In the Managed Microsoft 365 Tenants section located to the right, click New.
Provide the credentials of a Microsoft 365 account that has administrative permissions within the Microsoft 365 tenant you want to register.
The account must be assigned to either of the following roles in Microsoft 365:
Specify a display name for the tenant.
The tenant will appear under this name when viewing or editing Microsoft 365 accounts.
Select which Microsoft 365 plans will be available in Adaxes. Unchecked plans will not be visible in Adaxes and users will not be able to assign them.
Each plan can provide access to one or more Microsoft 365 services. You can configure which services will be enabled by default when a Microsoft 365 plan is assigned to a user. Also, you can change the names under which Microsoft 365 plans and services appear in Adaxes.
Click a Microsoft 365 plan.
To change the display name of the Microsoft 365 plan, enter a new name in the Display name field.
In the Microsoft 365 Services section, uncheck the services that you don't want to be enabled by default.
To change the display name of a Microsoft 365 service, click the service and enter a new name in the dialog that opens.
The settings related to Microsoft 365 plans and services can be overridden for specific forms, views and actions in the Web Interface. For example, you can specify which Microsoft 365 plans are available on the user creation form and configure whether users can enable or disable individual Microsoft 365 services for them.
By default, when a user's password is changed in Active Directory, the new password cannot be used in Microsoft 365 right away. Even if user passwords are synchronized by Azure AD Connect, it takes some time before synchronization occurs.
To automatically set or update a user's password in Microsoft 365 when a new user is created or a user's password is changed with the help of Adaxes, check the Synchronize passwords option.
Click More options to configure settings related to temporary passwords generated by Microsoft 365.
Microsoft 365 does not allow creating accounts without a password. When Adaxes is configured to synchronize passwords and a Microsoft 365 account is automatically activated after a user is created in AD, the password will be set both in Active Directory and in Microsoft 365. However, if Adaxes is configured not to synchronize passwords or if a password specified for a new user does not meet password policy requirements, Microsoft 365 will generate a random temporary password.
In the Temporary Passwords section, you can configure how temporary passwords generated by Microsoft 365 will be communicated to users.
Display temporary passwords in the Execution Log
Select this option to show the temporary password in the Execution Log of the operation during which a Microsoft 365 account is created.
Email temporary passwords
Select this option to have a temporary password sent by e-mail. In the associated edit box, specify a semicolon-separated list of recipients. To select recipients in Active Directory, click the button.
You can use value references in the email addresses of recipients. When a Microsoft 365 account is created for a user, value references will be replaced with corresponding property values of the user's account. For example, value reference %mail% will be replaced with the user's e-mail address.
On the Associated Active Directory Scope page of the wizard, click Add to associate the Microsoft 365 tenant with objects in Active Directory.
In the Tenant Associated Scope dialog, select the following items:
All Objects - select if you want the tenant to be associated with all objects in all AD domains managed by Adaxes.
Specific Domain - select if you want the tenant to be associated with all objects within an Active Directory domain.
OU or Container - select if you want the tenant to be associated with the objects located under an Organizational Unit or container.
Group - select if you want the tenant to be associated with a group or members of a group.
Business Unit - select if you want the tenant to be associated with members of a Business Unit. To select a Business Unit, open the Look in drop-down list and select the Business Units item.
You can exclude some parts of your Active Directory from the scope of a tenant. For example, if you've associated a tenant with all objects in a domain, but do not want to associate it with members of a certain group, you can exclude the group from the scope. To exclude an object, select the Exclude option in the Associated Scope Options dialog box.
Click the object you want to exclude.
In the Associated Options dialog, select the Exclude option.
When done, click OK and then Finish.
In Adaxes you can manage multiple Microsoft 365 tenants. In a multi-tenant environment, if an object falls within the scope of two or more Microsoft 365 tenants, the object is associated with the tenant that is of a higher precedence.
To change the precedence of a tenant, select it and use the buttons.
To find the Microsoft 365 tenant a specific AD object is associated with, click Lookup tenant for object. To view all AD objects associated with a tenant, select the tenant and click Show all associated objects.
Adaxes allows you to automate the management of Microsoft 365 accounts. For example, when a new user is created in Active Directory, Adaxes can automatically assign Microsoft 365 licenses to the user based on their job title, department, location, etc. When a user account is updated, Adaxes can adjust the licenses according to the rules you define.
For information on how to assign Microsoft 365 licenses automatically, see Automatically Assign Microsoft 365 Licenses.
Using Security Roles, you can delegate Microsoft 365 management tasks to users. You can allow users to manage Microsoft 365 licenses, activate and deactivate user accounts in Microsoft 365.
For information on how to delegate permissions to perform Microsoft 365 tasks, see Grant Permissions to Perform Microsoft 365 Management Tasks.
You can also delegate management of mailboxes and distribution lists located in Microsoft 365. The permissions to manage Exchange mailboxes are also configured with the help of Security Roles. For more information, see Grant Permissions to Perform Exchange Tasks.
Adaxes Web Interface allows users to view Microsoft 365 account properties, activate and deactivate Microsoft 365 accounts, assign and revoke Microsoft 365 licenses.
To allow users to view and manage Microsoft 365 accounts, you need to place the Microsoft 365 properties section on object views and forms for object creation and modification. The section is visible for an Active Directory object only if there is a Microsoft 365 tenant associated with the object. For details, see Customize Forms for User Creation and Editing.
Additionally you can configure the Actions pane to contain a separate operation for editing Microsoft 365 properties.
For more details, see Configure Actions Pane.
Using Adaxes Web Interface, users can manage both on-premises Exchange mailboxes and Exchange mailboxes located in Microsoft 365.
For information on how to configure management of Exchange mailboxes, see Configure Exchange Tasks.