What's new in Softerra Adaxes 2012.1
- Version
- 3.3.8906.0
- Release date
- December 06, 2012
Adaxes 2012.1 comes with many long-awaited features aimed at making the process of Active Directory management even more agile and efficient. Below are the highlights of the new major features and important changes since the previous version.
Web Interface Enhancements
Web Interface Sign In
The latest release includes a few enhancements of the Sign In process in the Web Interface.
Domainless Logon
Now users can specify only their username without the domain part (e.g. JSmith, not EXAMPLE\JSmith or jsmith@example.com) when logging in via the Web Interface.
This option is enabled by default in case Adaxes manages only one AD domain. In case Adaxes manages multiple AD domains, you will need to specify the domain that will be used by default for the username authentication.
Custom Property for Username
Now, the Web Interface can be configured to allow using any property of user accounts as the logon name. For example, users can specify their e-mail or Employee ID as the logon name.
Username Example
You can also customize the text for the example that is displayed below the Username field in the Sign In form.
Sign In Page Customization
It's now possible to customize the HTML code of the top part of the Sigh In page. For example, you can add any link, place any text or even add an image to this area.
Copying Objects
We have equipped the Web Interface with a long-awaited feature that allows copying any type of Active Directory objects.
If the Copy operation is performed frequently, you can configure the Home page to display the operation in the Actions pane. Like for any other Home page action, you can customize execution parameters for the Copy action. For example, you can configure the action to always use a specific Active Directory object as the source object for copying.
List View or Tree View for Object Selection
Now, when selecting the target container for creating, moving or copying AD objects, you can choose between the Tree View and List View.
Tree View is more convenient when the target container is located at the first or second level of the Active Directory tree.
List View allows searching a container by its name which is more convenient if the needed container is located at deeper levels of the Active Directory structure.
If a user has no permissions to view the AD structure, only the List View option is available.
Operations Available in Object Lists
In the Web Interface, if a user doesn't have any permission to perform an operation, the operation is not displayed. However, previously, in the views where Active Directory objects were displayed in lists, all operations were always available, even if a user didn't have the rights to perform an operation.
Now, when working with AD object lists, an operation is visible only if the user is assigned to a Security Role that allows him/her to perform that operation. Also if an object list cannot contain objects of a certain type, operations specific only to that object type are not displayed.
'Click to Display Objects' Link
Now, each Home page action can be configured not to display the list of available objects by default. In this case, available objects are displayed only after the user clicks the 'Click to display objects' link or types a search filter and clicks the 
button. This option reduces time required to load pages and minimizes unnecessary requests to Active Directory.
Customization of the Help and Support Links
It's now possible to customize the Help and Support links that are displayed at the top of each page in the Web Interface. You can change the links to refer to any resource you need (for example, to your local Help and Support).
Command Line for Web Interface Backup/Restore
The new version enables you to back up and restore the configuration of the Web User Interface from the command line.
Description for Sections in Forms and Views
From now on, you can provide a description for each section in forms and views displayed in the Web Interface.
'View Object' Action for Home Page
A new action can now be placed on the Home page of the Web Interface. The action enables users to view Active Directory objects in customized views. If necessary, the action can be configured to allow viewing only AD objects that correspond to certain search criteria, are located under a specific OU, etc.
Parlez-vous français?
Our French-speaking customers can now enjoy a fully localized version of the Web-Interface. If the user's Regional Settings are set to French, the Web Interface automatically switches to French. It is also possible to switch the user interface language using the My Settings section.
Custom Help and Hints for Object Properties
Now, with the help of Property Patterns it is possible to provide custom help and hints for Active Directory object properties.
The hint text is displayed in a tooltip when moving the mouse over the property input field. When possible, the hint text is also displayed inside the input field (as long as the field is empty).
Protection from Accidental Deletion
Adaxes 2012.1 includes an option for protecting objects from accidental deletion. An object protected from deletion cannot be deleted even if a user is granted full control over the object.
The Protect from accidental deletion option is set at the level of native AD permissions. This means that it is impossible to delete a protected object using Adaxes, native Active Directory tools, or any other 3rd party tools until the protection is disabled.
The option can be applied to various object types: Organizational Units, users, groups, contacts and Adaxes configuration objects (Business Rules, Custom Commands, and Business Units, etc.).
Adaxes can be configured to apply the protection automatically via Business Rules, Custom Commands or Scheduled Tasks. For example, a user account can be automatically protected from deletion after it is moved to a specific Organizational Unit.
You can also specify the default value for the Protect from Accidental Deletion option using Property Patterns. For example, you can create a Property Pattern for the Organizational Unit object type and specify the default value True for the Protect from Accidental Deletion property. This means that all new Organizational Units will be protected from accidental deletion by default upon creation.
Active Directory objects can be also protected from accidental deletion in bulk with the help of the Add/Modify Property wizard.
When importing objects from a CSV file, you can also protect them from accidental deletion by adding the ProtectedFromAccidentalDeletion column to the CSV file.
In order to allow a user to protect/unprotect objects from accidental deletion, they must be granted appropriate permissions via Security Roles.
New Actions and Conditions
Account Options Condition
Now, if your Business Rule, Scheduled Task or Custom Command needs to check whether specific options of a user account are enabled or disabled, you can use a new condition - If certain Account Options are enabled/disabled.
PowerShell Script Condition
This condition type lets you check whether a condition is met with the help of a PowerShell script. It is useful for advanced scenarios when regular conditions cannot be used. For example, you can use the Script Condition during user creation to check whether an account with a specified Employee ID exists in an HR database.
Modify Account Options Action
With the help of the Modify Account Options action your Business Rules, Custom Commands, and Scheduled Tasks can now modify specific options of user accounts.
Clipboard Operations in Administration Console
Clipboard Operations for Business Rules, Custom Commands and Scheduled Tasks
One of the most awaited features in Adaxes 2012.1 is the possibility to copy/paste contents of Business Rules, Scheduled Tasks and Custom Commands using the clipboard. Now users can copy/paste actions and conditions inside a single object or between two different objects. For example, you can copy a condition from a Business Rule and paste it into a Custom Command.
Copying Configuration Objects between Adaxes Services
Another new feature allows copying Adaxes configuration objects (Business Rules, Property Patterns, Security Roles, etc.) between different Adaxes services using the clipboard or drag and drop. The option makes the deployment of Business Rules, Security Roles, Property Patterns etc. from your testing environment to the production service easier and serves as an alternative to configuration backup/restore.
Data Import and Export
Import Account Options from CSV
Previously, when importing user accounts from a CSV file, one had to specify Account Options for imported users in a single column called userAccountControl. Each account option was represented as a flag of the integer value specified in the column.
Now, each account option can be specified in a separate column. For example, if you want a user to change his/her password at the first logon, just specify True in the ChangePasswordAtLogon column.
Along with the columns related to Account Options, two more columns are now available: AccountPassword and ProtectedFromAccidentalDeletion.
The table below provides the full list of properties available:
| Column Name | Description | Example |
|---|---|---|
| AccountPassword | The password of a user. | secret |
| CannotChangePassword | Specifies whether the account password can be changed. | true or 1, false or 0 |
| ProtectedFromAccidentalDeletion | Specifies whether an object is protected from accidental deletion. | true or 1, false or 0 |
| ChangePasswordAtLogon | Specifies whether the password must be changed during the first logon. | true or 1, false or 0 |
| PasswordNeverExpires | Specifies whether the password of the account can expire. | true or 1, false or 0 |
| Enabled | Specifies whether the user account is enabled. | true or 1, false or 0 |
| AccountNotDelegated | Specifies whether the security context of the user is delegated to a service. | true or 1, false or 0 |
| TrustedForDelegation | Specifies whether an account is trusted for Kerberos delegation. | true or 1, false or 0 |
| AllowReversiblePasswordEncryption | Specifies whether reversible password encryption is allowed for the account. | true or 1, false or 0 |
| SmartcardLogonRequired | Specifies whether a smart card is required to logon. | true or 1, false or 0 |
| PasswordNotRequired | Specifies whether the account requires a password. | true or 1, false or 0 |
| UseDesEncryptionTypes | Specifies whether Data Encryption Standard (DES) is supported for the account. | true or 1, false or 0 |
| DontRequireKerberosPreAuth | Specified whether Kerberos pre-authentication is required. | true or 1, false or 0 |
Updating Existing Objects during Data Import
With the help of the Update existing objects option, now it is possible to update objects during data import. If this option is selected, Adaxes will update the existing objects using the data from the file instead of throwing the 'Object already exists' error.
Selecting Properties to Export
The Select Properties dialog in the Export Data wizard has become much more user-friendly.
Replacing DN Suffixes in Properties
Now, if the Replace DN suffix option is enabled during data import, DN suffixes are also replaced in all DN syntax properties (properties that contain DNs of AD objects).
Commit DN Syntax Properties at the End of Data Import
A new option for data import is now available - Commit DN syntax properties after all objects are imported. If the option is enabled, all DN syntax properties of all objects being imported are saved to the directory only after all objects are imported. With the help of this option it's now possible to import files that contain objects that refer to each other (e.g. two groups that are members of each other).
Correcting the Import Order
If the file being imported contains records in an incorrect order (child objects precede their parent objects), now Adaxes will automatically fix the order and will always import parent objects before their child objects.
Delegating Rights to Move Objects
Previously, in order to move an object, users had to be granted permissions to delete objects from the source OU and create objects in the destination OU. Now Security Roles have become more granular and include two new permissions:
- Move Objects from - allows users to move AD objects from a given OU.
- Move Objects to - allows users to move AD objects to a given OU.
With the help of the new permissions, you can allow users to perform the Move operation without giving them rights to delete and create objects. It makes delegating permissions more efficient and granular.
Miscellaneous
Improved Performance of Security Roles
We've improved the performance of access control checks made by Adaxes. This has significantly improved the overall performance of Adaxes Web Interface and Administration Console.
PowerShell Script Editor
Now, when editing scripts for Run PowerShell Script Action and PowerShell Script Condition, you can use an embedded PowerShell script editor. The editor includes all features one would expect from a modern day text editor, like syntax coloring, context IntelliSense, outlining, and much more.
Unlock Account on Password Reset
Now a user account can be unlocked during password reset in just one action. The Unlock Account option is available in the Reset Password dialog both in Administration Console and the Web Interface.
Filtering Items Available for Selection
Using the latest version of Administration Console, the selection of items from lists has become easier. The filtering option has been added to the most often used dialogs (e.g. Members/Member of, Role Permissions, Actions/Conditions). Now users can save time when searching usernames, properties, permissions, etc.
User Account Image Modification
The new version of Administration Console allows changing user account images using the Properties dialog for user objects.
Add/Remove in the Direct Reports List
Now, the Organization tab of the Properties dialog for user accounts includes Add and Remove buttons for the Direct Reports list. This feature facilitates assigning many subordinates to the same manager.
Copying of Account Options
Now, when copying users, all Account Options are copied as well, and you don't have to modify Account Options every time you copy a user.
Enhanced Group Membership Management
Two new operations are now available for group objects in Administration Console: Add Members and Add to Group. You can use these operations instead of using the Members of and Member Of tabs of the Properties dialog.
Delete Items in Auto-Completes
The Auto-Complete feature remembers what you type and automatically makes suggestions to help you populate fields. Sometimes the auto-complete suggestions are no longer appropriate. Now you can easily delete unnecessary items from auto-complete drop-downs.
