What's new in Adaxes 2023.2
- Version
- 3.16.21408
- Release date
- May 8, 2023
- Latest update
- Update 3
In this release of Adaxes, we focused on improving the stability and user experience of several key Adaxes components. Besides polishing the rough edges, we also squeezed in some features that were frequently requested.
Read on to find out what Adaxes 2023.2 has in store for you.
EXOv3 module for Exchange Online
In the new version, Adaxes no longer relies on PowerShell remoting for performing operations in Exchange Online. Following the announced deprecation of PowerShell remoting by Microsoft, we have transitioned to using the latest EXOv3 PowerShell module.
Besides being fully prepared for the deprecation, you can now disable basic authentication in WinRM on the computer where the Adaxes service is installed. This feature was also added to Adaxes 2023, 2021.1, and 2020.1.
The CreateExchangeOnlinePSSession method in Adaxes is now deprecated. After upgrading to the new version, you will need to switch the connection method in your scripts to ConnectExchangeOnline.
Details
Your current scripts that rely on CreateExchangeOnlinePSSession to connect to Exchange Online will continue working as before in the new Adaxes version. However, they will stop working when Microsoft blocks the RPS connection for your tenant – this can happen at any time in June 2023, according to Microsoft. We recommend updating such scripts as soon as possible after upgrading Adaxes.
Here's a sample script from our repository that connects to Exchange Online via the new ConnectExchangeOnline method.
Also, using the Connect-ExchangeOnline and Disconnect-ExchangeOnline cmdlets is now prohibited in scripts executed within Adaxes. If you have any scripts that use these cmdlets, they have to be updated to use ConnectExchangeOnline as well.
Web interface enhancements
If you expect to see Web interface enhancements in every release, you will never be disappointed. This time, we improved how automatic sign out works and added flexibility to several existing features.
Automatic sign out
Now, inactive users will be signed out from the Web interface when the timeout is reached, even if they didn't close the browser tab. Adaxes no longer refreshes the authentication token if the user is not directly interacting with the Web interface page.
As a reminder, here's how to configure authentication session timeout.
Custom click-to-call hyperlinks
You can now customize the click-to-call hyperlinks for phone number properties on object views. It can be helpful to ensure that the links are always opened in the right application when a user clicks them.
Restricting allowed email address types
It is now possible to restrict which email address types are visible in the Exchange properties section in the Web interface. For example, you can allow displaying only SMTP addresses, but hide SIP, X500, and other types.
Adding members only from specific containers
Members and Member Of sections on object views can now be configured to allow adding new members or selecting groups only from a specific Organizational Unit or container.
Criteria enhancements
The first-ever criteria improvements since its introduction in Adaxes 2023 are directed towards its usability for quick everyday searches.
Search history
Your recent search history is now preserved in the Administration console.
If you perform many similar searches throughout the day, you no longer have to dial in complex criteria every time – just pick something from the search history and tweak it a bit.
Simple and advanced search tabs
The simple and advanced search tabs found their way back into the Administration console. They feel the same, except they now work with criteria under the hood. This means you now have the best of both worlds – the familiar UI for everyday search queries, and the ability to search for objects in your Azure AD domains.
Assorted improvements and bug fixes
This release contains a lot, and we mean a lot of improvements and fixes that, sadly, don't deserve their own paragraph. We did our best to group them so that everything makes sense.
Web interface
- Made the behavior of quick search consistent with previous versions when a wildcard character (*) is used in the search query.
- The Managed By (Primary) property is no longer forcefully displayed under the Additional Properties section if the property is required but absent from the creation form.
- Improved Web interface performance when fetching the operations that the signed-in user is allowed to perform.
- Now, when an authentication token for the Web interface configurator expires due to inactivity, Adaxes redirects the user to the sign-in page instead of displaying the The provided authentication token is either expired or invalid error.
- When selecting objects from a list, Adaxes now hides objects that have already been selected. Web interface configurator only.
- The Web interface no longer reconnects to a different Adaxes service when the web page is refreshed.
- Exchange operations specific to on-premises Exchange are no longer shown when selecting multiple users in the Members section if the domain has no on-premises Exchange.
- Fixed the Unable to cast object of type 'System.String' to type 'Softerra.Adaxes.Models.DirectoryObjectKey error that prevented saving changes in the Web interface configurator. The error occurred if any form contained a predefined value for a DN property, but value references were not used in that template.
- Fixed the issue where the GUID of a mailbox was displayed in the Forward to field if the mailbox Exchange properties have never been viewed by any user.
- Fixed the Cannot read properties of undefined (reading 'commonCriteria') error that occurred when resetting the Common Sign In Web interface configuration to default.
- Fixed the issue that made it impossible to use the Group members membership rule in rule-based groups from Azure AD domains.
- Fixed the issue that caused the is empty / is not empty operators to work incorrectly when using the Advanced search.
- Fixed the issue where all managed domains were displayed when selecting where to create a new object, even if the user didn't have the permissions to view some domains.
- Fixed the issue where an Azure AD domain would not be displayed on the home page and would be impossible to browse if it was the only domain registered in Adaxes.
- Fixed the bug that made it impossible to select a domain as a target of a custom command in the Web interface.
- Fixed the issue that caused the report charts to count objects that fit the report criteria but are not allowed to be displayed in the Web interface.
- Fixed the issue where some operations in the Members section in the Web interface were not displayed if more than 20 users were selected.
- Fixed the issue that caused business units to sometimes not be displayed on content panes.
- Fixed the issue where a predefined value of Anytime for logon hours would not be saved when saving changes in the Web interface configurator.
- Fixed the issue where the Create and Create mailbox operations were not displayed if they were the only enabled operations in the Web interface.
- Fixed the issue where the default Web interface selection settings for the Common Sign In page had no effect if the Remember the last selected Web interface option was disabled.
- Fixed a visual bug in the date editor in the Web interface configurator.
- Fixed the issue that made it possible to use an invalid value reference for the Exchange Alias predefined field.
- Fixed a visual bug in the Web interface that occurred when the My Managed objects content pane was grouped by any property.
- Fixed the issue that caused user photos to flash when resizing the user selection dialog.
- Updated the icon for a read-only domain controller to a more suitable one.
PowerShell module
- It is now possible to pass property names to criteria expressions via variables. For example, New-AdmCriteria "user" {$myProperty -eq "value"}.
- Fixed the Can't find an object with identity error that made it impossible to locate computer objects or perform operations on them via the Get-AdmComputer/Set-AdmComputer cmdlets with the AdaxesService parameter in Windows PowerShell.
- Fixed the issue that made it impossible to search for objects from Windows PowerShell using Adaxes criteria expressions with a single element.
- Fixed the The given key was not present in the dictionary error that occurred when executing the Get-AdmPrincipalGroupMembership cmdlet on a synchronized user who is a member of at least one cloud-only group.
- Fixed the Cannot find an overload for "AddValues" and the argument count: "1" error in the AddValues method of SimpleCriteriaItem class.
- Fixed the The criteria is invalid. Syntax error at position bug in the New-AdmCriteria cmdlet that occurred when a criteria expression included line breaks. Now you can span criteria expressions over several lines to improve their readability.
- Fixed the Object reference not set to an instance of an object error that made it impossible to clear the Country value of a user via the Set-AdmUser cmdlet.
- The Get-AdmUser cmdlet now can retrieve the objects' ADS path when executed in Windows PowerShell with the AdaxesService parameter.
- Fixed the issue where searching for objects with specific When Created or When Changed attribute values via Adaxes cmdlets in Windows PowerShell would return no results if the AdaxesService parameter was not specified.
- Now, the Get-AdmUser cmdlet returns the value of the When Created and When Changed attributes in the local time zone of the computer where the cmdlet is executed.
Configuration backup/restore
- Fixed the Failed to import configuration objects to the backend. Directory object not found error that could occur when restoring specific Adaxes configurations from a backup.
- Fixed the An item with the same key has already been added error that prevented Adaxes service from starting after restoring specific configurations from a backup.
- Fixed the The search filter cannot be recognized error that occurred after restoring the configuration from a backup if the Web interface browsing search filter in the backup file was disabled.
- Fixed the issue where the (&(objectCategory=person)(objectClass=contact)) browsing filter was incorrectly restored from the configuration backup.
- Fixed the issue where restoring certain configurations from a backup would lead to Adaxes failing to cache the data of Azure AD managed domains.
- Fixed the Value cannot be null. Parameter name: dn error that could occur in the Web interface after restoring a configuration from a backup if the app used to manage an Azure AD domain had an expired client secret.
- Fixed the Failed to load last known good information of the managed domain error that caused Adaxes service to fail to start after restoring certain configurations from a backup.
Other improvements
- Now, it is possible to bind to custom commands and scheduled tasks using their immutable identifiers – adm-CustomCommandId and adm-ObjectId. This simplifies writing scripts that execute custom commands with parameters.
- Flag property values (e.g. Machine Role) in the criteria editor are now displayed in a human-readable format instead of actual integer values.
- Now, the list of available UPN suffixes is updated immediately after adding/removing a suffix. It is no longer required to restart the Adaxes service.
- Log records for updating the list of unmanaged accounts now have a human-readable operation description.
- If the modification of a binary property is sent for approval, the new value will be sent as an email attachment to the approver.
- New user photos are now embedded into approval request emails.
- The adm-ManagerDisplayName, adm-ManagedByDisplayName, and adm-MemberDisplayName calculated properties now return the object's name if its display name is empty.
- Now, it is possible to view scheduled task activity/management history after restoring the configuration from a backup. In addition, you can now locate scheduled tasks from the general log and in reports via the Locate in tree option after restoring the configuration from a backup.
- Improved the performance of the Reset password operation for users within the scope of a Microsoft 365 tenant that is assigned over many groups.
- Adaxes can now generate a default value for a property if the relevant property pattern references a predefined field absent from a form.
- Now, the list of approvers is periodically saved to a designated attribute of each pending approval request. This greatly speeds up viewing and searching for approval requests, especially if there are many requests with a long list of approvers. The frequency can be configured. For details, see the Approvals.StampApproversPeriod parameter in the Change Configuration Parameters article.
Other bug fixes
- Fixed the issue that caused rule-based group membership updates to trigger business rules.
- Fixed the Object does not exist error that occurred on the user creation form if a Microsoft 365 section was present on the form.
- Fixed the AuthorizationManager check failed error that prevented Adaxes from successfully registering Azure AD domains if the PowerShell script execution policy was set to AllSigned.
- Fixed the ValueFactory attempted to access the Value property of this instance error that occurred when a Microsoft 365 tenant was assigned over a business unit with at least one Query results membership rule.
- Fixed the Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax error that occurred when updating the Azure AD cache if any object in Azure AD had an apostrophe in their name.
- Fixed the An attempt was made to modify an object to include an attribute that is not legal for its class error that made it impossible to use the If <property of the member> <relation> <value> condition in business rules triggering Before adding a member to a group.
- Removed the timeout for AD LDS installation, which fixed the issue with the initial replication of large and complex configurations to a new Adaxes service instance in multi-server environments.
- Fixed the An unknown directory domain object was requested error that occurred when registering a child domain if there was no connection to the parent domain.
- Fixed the issue with the Must be one of the following values only constraint for DN properties. Now, you can select a directory object instead of having to manually enter a DN.
- Fixed the Culture ID 4096 (0x1000) is a neutral culture; a region cannot be created from it. Parameter name: culture error that prevented Adaxes from updating the Azure AD cache if the computer with the Adaxes service used a custom Windows culture.
- Fixed the The account name is invalid. It is expected to be formatted either as 'DOMAIN\user' or 'user@domain' error that occurred after changing the service account for a managed domain and then switching it back to the Adaxes service account.
- Fixed the Cannot process argument transformation on parameter 'EmailAddresses'. Cannot convert value "System.Collections.ArrayList" to type "Microsoft.Exchange.Data.ProxyAddressCollection" error that occurred when changing the primary SMTP address and simultaneously adding another SMTP address to a mailbox.
- Fixed the Access is denied error that prevented users from manually resending approval requests notifications for requests initiated by executing a custom command.
- Fixed the issue where the Password Must Be Changed at Next Logon option would not be set for new users if it was enabled by default but no other account options were modified during user creation.
- Fixed the issue where date/time value references would resolve incorrectly if a one-letter format (e.g. %datetime:format[M]%) was used.
- Now, all approval request properties are correctly displayed in conditions like If <property> <relation> <value>.
- Fixed the bug that made it impossible to view or modify Exchange properties of a synchronized contact or group after they were renamed in Azure AD.
- It is again possible to specify objects of any type in DN properties native to AD (e.g. Secretary).
- Fixed the Failed to get the mailbox usage information. MailboxLocation was not found for id error that sometimes occurred when viewing mailbox usage immediately after the mailbox is created in Exchange Online.
- Fixed the Failed to synchronize group data error that could sometimes lead to an Azure AD group still showing in Adaxes after it was deleted directly in the Azure Portal.
- Fixed the Failed to read a Security Role assignment error that occurred when viewing a security role with a trustee from a domain not currently registered in Adaxes.
- Fixed the The operation couldn't be performed because object couldn't be found error that occurred when moving a user and enabling a remote mailbox for that user via a script in the same business rule.
- Fixed the issue where reports would not display indirect subordinates of a user if that user had a comma in their name.
- Fixed the No Exchange Organizations found in domain example.com that occurred when a Microsoft 365 license without an Exchange Online service was assigned to an Azure AD user via a business rule, and their mailbox properties were modified in the same rule.
- Fixed the Failed to remove the remote mailbox of the user. Domain is not managed by Adaxes error that occurred when enabling/disabling the Yammer Microsoft 365 service for a synchronized user if the on-premises domain of that user was not registered in Adaxes.
- Fixed the Failed to get mailbox rights error that could occur when viewing Exchange properties of a linked mailbox if the language of the Exchange server was not English.
- Fixed the issue with the Microsoft 365 password synchronization mechanism in Adaxes. Now, when you reset a user's password in AD while their Microsoft 365 account has the Must change password at next logon flag, the flag is correctly preserved when passwords are synchronized.
- Fixed the issue where the When Changed attribute would not update when changing a group/OU owner or a user picture via Adaxes.
Update 1
- Version
- 3.16.21515
- Release date
- June 15, 2023
- Improved the mechanism for fetching the last sign-in time of Azure AD users.
- Now, it is possible to register an Azure AD domain even if the Office 365 Exchange Online enterprise application is disabled in Azure.
- You can now select the forest UPN suffix for accounts in child domains.
- Fixed the Helo command rejected: need fully-qualified hostname error that made it impossible to send email via Adaxes when using certain SMTP servers.
- Improved the performance when evaluating the permissions of the signed-in user over group members if the user is a member of many groups.
- Fixed the issue where the values of DN properties (e.g. Manager) were sometimes not restored when restoring a deleted Azure AD object.
- Fixed the Value 'DomainLocal' is not supported error that made it impossible to get Domain Local groups via the Get-AdmGroup cmdlet with the AdaxesService parameter.
- Fixed the issue where no groups would be displayed when attempting to add a user to a group. The issue occurred if the Web interface top level node was set to a domain with uppercase characters in the name.
- Adaxes Administration Console no longer periodically asks the user for credentials when Windows Certificate Storage contains a user certificate with strong key protection enabled and set to High.
- Fixed the issue where the creation of computer accounts could trigger the creation of identically named user accounts in the synchronized Azure AD domain.
- Fixed the issue with the membership rules of rule-based groups, where the Group Type property was sometimes considered an invalid property if a group was converted to rule-based in Adaxes 2021.1 or earlier.
- Fixed the issue where the criteria value was not displayed at all in the Business Units report scopes after restoring certain configurations from a backup.
- Fixed the Unable to cast object of type 'Softerra.Adaxes.Directory.Configuration.AzureADManagedDomain' to type 'Softerra.Adaxes.Directory.Configuration.OnPremiseManagedDomain' error that occurred when executing a Create Exchange mailbox operation on users from an Azure AD domain.
- Fixed the issue where the My Account object type was not available in the Rename operation visibility configuration.
- Fixed the Access denied error that occurred when setting the Protect from accidental deletion option for a user inside a container that is already protected from accidental deletion. The error could be observed when the initiator had the rights to update the user but not the container.
- Fixed the A constraint violation occurred error in the Set-AdmObject cmdlet that could occur when setting the Protect from accidental deletion option for an object if the AdaxesService parameter was not used.
- Fixed the issue where using the Get-AdmObject cmdlet with the LDAPFilter and AdaxesService parameters would return no results.
- Now, the Get-AdmOrganizationalUnit cmdlet fetches the same default set of Organizational Unit properties as the Get-AdOrganizationalUnit cmdlet if the Properties parameter is not specified.
- Fixed the issue where the (Other) telephone number properties were visible on forms and views in the Web interface when only the main property was configured to be visible.
- Fixed the issue where setting an Undetermined default value of a checkbox custom command parameter in the Web interface made it impossible to edit this default value after saving it.
- Now, the Web interface configurator correctly displays a warning message when you configure the Add to Basket operation but the Basket component is disabled.
- Fixed the issue in the Exchange section in the Web interface where it was impossible to add an EUM email address if it was the only allowed address type.
Update 2
- Version
- 3.16.21627
- Release date
- July 27, 2023
- Updated the Exchange Online Management module to version 3.2.0.
- Fixed the issue that would cause memory leaks on the computer where Adaxes service is installed when a Microsoft 365 tenant and a related Azure AD domain were registered using different application credentials.
- Fixed the The server does not support the requested critical extension error that occurred when using a business unit as a report scope.
- Fixed the issue where Adaxes was unable to fetch the Microsoft 365 properties of a synchronized user if the user's domain had no assigned capabilities in Azure AD.
- Fixed the Catastrophic failure and The 'accountExpires' property cannot be found in the cache errors that prevented users from copying configuration objects (e.g. property patterns) between different Adaxes services using the Administration console.
- Delegates of Azure AD room mailboxes are now correctly displayed in mouseover popups.
- Now, orphaned synchronized Azure AD objects in the Adaxes Azure AD cache are correctly deleted in a multi-server environment when there is no connectivity between Adaxes services.
- Fixed the Failed to import configuration objects to the backend. The attribute syntax specified to the directory service is invalid error that could occur when restoring a configuration from a backup that contains objects with naming conflicts.
- Fixed the issue where certain settings for the Managed By field on forms and views were not restored correctly from configuration backups.
- Fixed the issue where using certain text styles in auto-reply messages would make these messages impossible to edit in the Web interface auto-reply message editor on the dark theme.
- Fixed the Object reference not set to an instance of an object error that could occur when attempting to apply the configuration of the Edit Exchange properties operation to other Web interfaces.
- Fixed the Unable to cast object of type 'Softerra.Adaxes.Directory.Configuration.AzureADManagedDomain' to type 'Softerra.Adaxes.Directory.Configuration.OnPremiseManagedDomain' error that occurred when executing the Set-AdmObject cmdlet on Azure AD objects without using the Server parameter.
- Fixed the issue in the Web interface configurator that allowed users to configure certain operations when they were disabled.
Update 3
- Version
- 3.16.21906
- Release date
- October 12, 2023
Improvements
- Now, Adaxes automatically adjusts the calendar processing settings of resource mailboxes according to the recommended default settings by Microsoft when the Booking Delegates - Booking Requests settings are changed.
- You can now select synchronized mail contacts as recipients of forwarded emails when configuring mail forwarding for users with Exchange Online mailboxes.
- Improved the performance when generating the My managed objects content pane on the Web interface home page.
- Now, Adaxes prevents you from selecting a member of the Protected Users group as a service account instead of throwing the following error during the installation: Failed to create application partitions on the backend server. The user name or password is incorrect.
- The AddValues method can now properly handle arrays processed by Select-Object, Sort-Object, Get-Unique, etc. cmdlets, without explicit casting.
Bug fixes
- Fixed the issue where it was impossible to add an Exchange section to forms and views in the Web interface if the Microsoft 365 tenant was assigned over an Organizational Unit instead of the entire domain.
- Fixed the No such object on the server error that made it impossible to register an Azure AD domain from a government cloud.
- Fixed an issue in the Password self-service client for Windows where logging in, logging out, and then using offline password reset in a short time span would lead to Adaxes resetting the password in AD but not updating the credentials cache on the computer.
- Fixed the issue that made it impossible to clear Message Delivery Restrictions - Reject messages from for Azure AD users.
- Fixed the An object specified for property 'ms-Exch-DL-Mem-Submit-Perms' must be located in a domain belonging to forest error that could occur when adding a synchronized group to the list of allowed senders of another synchronized group.
- Fixed the The server does not support the control. The control is critical. error that occurred after restoring a configuration with many extending objects (greater than 100,000).
- Fixed the issue where Adaxes would not link on-premises mail-enabled groups with their cloud counterparts if some group attributes had different values and were excluded from the AAD Connect synchronization scope.
- Fixed a bug in the Web interface configurator where the Save button did not appear after renaming the Members and Member Of sections on object views.
- Fixed the issue where it was possible to paste an object located beyond the Web interface top level node into an object picker (e.g. when editing the Manager property) and save the changes.
- The Audit failure event is no longer generated in the Security event log after resetting the password of a user if that user and the Adaxes service account are in different forests.
- Fixed the Object reference not set to an instance of an object error that could occur in rare cases when adding a member to a group if some of the managed domains had no credentials specified.
- Fixed several bugs in the behavior of the Logon Hours predefined field when the German language was used in the Web interface configurator.
- Fixed the German description of search criteria that includes the Account Expires property.