We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

What's new in Adaxes 2023

Version
3.15.20916
Release date
November 17, 2022
Latest update
Update 1

This release marks a new step in the evolution of Adaxes. The most requested feature on our roadmap, Azure AD management, has arrived. Offline / out-of-office password reset for Mac and a new Web interface configurator are also among the highlights.

The new version can already be considered massive as it is, but we added plenty of other features along the way. Everything comes with a cherry on top – hefty performance improvements.

Here's more about what's new in Adaxes 2023.

Azure AD management

You can now manage Azure AD domains in Adaxes, plain and simple.

On-premises AD and Azure AD are fundamentally different, but we did our best to level that difference.

For instance, all automation features like business rules and scheduled tasks work exactly the same for on-premises and Azure AD domains. All cloud and on-premises group memberships of a hybrid user can be viewed next to each other in the same interface. You can finally experience on-premises AD and Azure AD as a single ecosystem.

How Adaxes interacts with Azure AD

When you register an Azure AD domain, Adaxes caches the data from that domain. Afterwards, Adaxes synchronizes just the changes, without performing a full read of your directory every time.

Such an approach avoids throttling from Microsoft APIs, minimizes network traffic, yet allows Adaxes to instantly perform operations and always have relevant information about objects in your Azure AD.

After you upgrade to the new version, built-in reports and overviews will not work with Azure AD domains right away. To replace the existing reports with the updated versions, you will need to restore them to the initial state.

Organizational Units for Azure AD

Some say the absence of Organizational Units in Azure AD is an oversight. So we decided to fix it. Adaxes enables you to organize Azure AD objects into OUs, literally creating a directory structure out of nowhere.

This structure will exist only inside Adaxes and will not affect your Azure AD whatsoever. You can use it to make Adaxes automation more granular, simplify permission assignment, or browse a convenient directory tree in the Web interface with no strings attached.

Offline and out-of-office password reset for Mac

In the previous release, we added a password self-service capability for macOS users. It is time to expand on it and enable those users to reset their passwords when they are offline or out of the office. Mac users who are always on the move will be happy.

New Web interface configurator

The first thing you'll notice about the new configurator is the new design. It's not just a reskin. The configurator remains familiar, but under the hood, it's a new piece of software.

Not only it looks prettier and has new features, but it also works faster. Much faster. We have changed how the Web interface configuration is stored and loaded, which improved the performance tenfold.

Multiple object owners

Active Directory objects can now have multiple owners. These secondary owners can be from anywhere in your environment, even from unrelated domains, even if they are cloud-only objects from Azure AD.

There are some differences between how multiple owners work on-premises and in Azure, and you are encouraged to read about it here.

However, the main principle is the same – within Adaxes, the power of all owners is equal. For example, approval requests sent to Owners of the object can be processed by any owner. Permissions granted to the Owner security principal are granted to all owners equally. You get the idea.

Criteria for object queries

Behold, criteria – a universal and user-friendly mechanism for searching and filtering objects. Criteria replaces LDAP filters for all object queries everywhere within Adaxes.

It is trivial to use compared to LDAP filters. It allows for more elaborate queries. Besides, using criteria in scripts is straightforward. For more details on criteria in scripts, have a look at this article in our SDK.

Don't worry though, we didn't completely get rid of good old LDAP filters. You can still use them inside criteria, but we hope you won't need to. Criteria can do more and can do it better.

Dropped LDAP filter parameter support

The LDAP filter editor parameter in custom commands and reports is gone for good. If anyone was using it, it will be replaced by the Text editor parameter in your existing custom commands and reports.

Web interface enhancements

As usual, an Adaxes update can't be complete without improvements to the Web interface.

Multi-valued columns

Now, all values of multi-valued properties can be displayed in columns in the Web interface.

Values can be expanded into a list with a handy filter. If a value is a distinguished name of an object, you can click on it to navigate directly to that object.

Expanded object visibility settings

You can now specify different visibility rules for different object types (e.g. users, room mailboxes, etc.) without fiddling with LDAP filters several hundred symbols long. Everything is easily done with the help of criteria.

If you can't quite remember where object visibility is configured, here's a tutorial to refresh your memory.

Performance

We usually don't make emphasis on performance tweaks, but this improvement deserves its own paragraph. We significantly improved Web interface loading time, especially for distributed setups where Adaxes components are split between different servers.

We also addressed the issues when the initial loading of the Web interface with a complicated configuration took longer than a minute.

Domain part selection for usernames

In the new version, the domain part (UPN suffix) for usernames can be selected from a handy drop-down list.

This was kind of possible in the previous versions with custom attributes and some hacks, but now it's much simpler.

Now, Adaxes automatically identifies all available domain names in your domain. You can then restrict which of those can be used in usernames and which cannot. You can even restrict which domain part a username can have based on the OU where you are creating a new user.

To see for yourself how simple it is – check out this tutorial.

Approval requests

We will never run out of feature requests for the approvals system. So here's what we have in store this time.

Maintenance

Approval requests used to pile up in some environments and considerably slow down Adaxes because of the sheer volume of unprocessed data. We have added a mechanism that will ensure your environment will maintain a healthy number of approval requests in the backlog.

Now, Adaxes issues a warning when the number of pending approval requests exceeds an unhealthy number, 1000 by default, configurable here.

Also, Adaxes automatically deletes pending requests that were created long ago. If your approvers keep forgetting or ignoring requests, you'll know how useful this is. A backlog of thousands of those is never happening again.

After you upgrade to the new version, all pending approval requests older than 365 days will be deleted at 1:00 AM (in the time zone of the computer where the Adaxes service is installed). If you need to keep dated approval requests, you can extend the retention period or disable the feature.

Disable approval notifications

You can now completely disable email notifications for approval requests. Can be helpful if you configured custom notifications (e.g. using the Send email notification action), and would like to prevent Adaxes from sending the default template as well.

Windows 11 support for Administration console

Adaxes Administration console now feels at home on Windows 11. All menu items and other visual elements are now aligned with Windows 11 style, but it's not just about the UI. The console has been thoroughly tested on the latest Windows release, so you can be sure unexpected issues don't pop up.

New custom properties

This time, we not only increased the number of custom properties but also added a new custom property type.

Properties for storing directory objects

Adaxes now has custom properties for storing directory objects, CustomAttributeObject1..15 and CustomAttributeObjectMultiValue1..5. The standard set of such DN properties in Active Directory was never enough, and we figured out it's time to expand it.

Besides simply referencing related objects, you can use these properties to implement sophisticated workflows. For example, you can allow selecting several groups on the user creation form, and the new user will automatically receive Send As permissions for those groups.

Many more calculated properties

We have also added a bunch of new calculated properties that simplify obtaining property values of certain objects. For instance, sending automated emails to the user's secretary or assistant can now be done without scripts.

You can find a detailed list of all calculated properties in this article. For those wondering which ones are new, here's a short version.

New calculated properties
  • adm-SecretaryEmail
  • adm-SecretaryFirstName
  • adm-SecretaryFullName
  • adm-SecretaryLastName
  • adm-SecretaryUserName
  • adm-SecretaryDisplayName
  • adm-SecretaryMobile
  • adm-SecretaryPhone
  • adm-SecretaryParentDN
  • adm-AssistantEmail
  • adm-AssistantFirstName
  • adm-AssistantFullName
  • adm-AssistantLastName
  • adm-AssistantUserName
  • adm-AssistantDisplayName
  • adm-AssistantMobile
  • adm-AssistantPhone
  • adm-AssistantParentDN
  • adm-InitiatorSecretaryDN
  • adm-InitiatorSecretaryEmail
  • adm-InitiatorSecretaryFirstName
  • adm-InitiatorSecretaryFullName
  • adm-InitiatorSecretaryLastName
  • adm-InitiatorSecretaryUserName
  • adm-InitiatorSecretaryDisplayName
  • adm-InitiatorSecretaryMobile
  • adm-InitiatorSecretaryPhone
  • adm-InitiatorSecretaryParentDN
  • adm-InitiatorAssistantDN
  • adm-InitiatorAssistantEmail
  • adm-InitiatorAssistantFirstName
  • adm-InitiatorAssistantFullName
  • adm-InitiatorAssistantLastName
  • adm-InitiatorAssistantUserName
  • adm-InitiatorAssistantDisplayName
  • adm-InitiatorAssistantMobile
  • adm-InitiatorAssistantPhone
  • adm-InitiatorAssistantParentDN
  • adm-InitiatorManagerDisplayName
  • adm-InitiatorManagerParentDN
  • adm-ManagerParentDN
  • adm-ManagedByParentDN
  • adm-ParentDisplayName

Display names for managed domains

Now, domains managed in Adaxes can have user-friendly display names.

If you manage many domains with similar names, you can make it easier to differentiate between them. Your users will appreciate the change when they browse the directory in the Web interface.

Converting Exchange Online mailboxes that are being created

Adaxes has a mechanism where it waits until a mailbox is created in Exchange Online before applying any modifications, sending emails to it, etc. In this release, we have implemented the same mechanism for converting mailboxes.

For example, you can now assign an Exchange Online license to a user, convert the mailbox to shared, and then revoke the license in the same business rule.

New formatting options for value references

Value references for email-format properties and DN properties now have additional formatting options. For example, you can grab only the domain part from the username like so: %username:format[domain]%. For more details, have a look at the updated Value references article.

Other changes

  • It is now possible to reset room mailbox passwords in the Web interface using a dedicated Reset password operation.
  • Default column settings of Members and Member Of sections on object views can now be individually configured for each section.
  • Language and date format for new entries in the general log can now be manually set.
  • The tree view in the Web interface configurator now has a filter field that helps locate objects quickly.
  • You can now specify unique criteria for different object types in the membership rules of rule-based groups. Also, the criteria can be copied between membership rules.
  • Password spell out settings and password generation settings are now shared between all Adaxes services in a multi-server environment. Also, these settings are now included in the configuration backup.
  • Now, any character can be used in mobile numbers when sending SMS messages.
  • All Adaxes assemblies are now cryptographically signed for security purposes.
  • Room mailboxes now have the Manager field on the Organization tab in Adaxes Administration console, just like user accounts do.
  • When Country is updated via cmdlets from Adaxes PowerShell module, related properties like Country Code and Country Name are automatically updated as well.
  • Opening the base URL of Adaxes REST API in a web browser will lead you directly to REST API documentation on our website.
  • Password self-service client now uses operating system colors.
  • Calculated properties adm-ManagerDisplayName, adm-ManagedByDisplayName, and adm-MemberDisplayName now return the object's name if the requested display name is empty.
  • Added more custom text properties, adm-CustomAttributeText41..50.

Changes to how Adaxes handles usernames

In this release, we are introducing changes to how Adaxes handles usernames. It is highly unlikely that you will need to update anything in your configuration to accommodate for these changes. Just keep them in mind for any workflows you create in the future. We did our best to make the transition completely painless.

Details

Adaxes now considers User Principal Name and not sAMAccountName the main property for usernames. This means several things.

  • By default, property patterns now generate sAMAccountName from User Principal Name, not the other way around like before.
  • Default forms and views now have User Principal Name listed above sAMAccountName.
  • The %username% value reference alias now refers to the User Principal Name property instead of sAMAccountName. This value reference resolves without the domain part by default, e.g. j.smith. Essentially, it will resolve into the same value but obtained from another property.
  • Now, when the User Principal Name property is built from value references, Adaxes automatically removes invalid characters from it.

Known issues

There are some known issues in this release. Some of them are beyond our power to fix, and others will be fixed in the next release. The detailed list can be found in our Q&A, and here is the summary.

Summary
  • Currently, users from Azure AD domains cannot log in to Adaxes Web interface and Administration console.
  • Password self-service is not available for users from Azure AD domains.
  • Management of password policies is not supported for Azure AD.
  • Adaxes clients (i.e. Web interface, Administration console) of previous versions do not work with Adaxes service version 2023.
  • SMTP aliases and email addresses of unified groups in Azure AD can't be updated via Adaxes.
  • Some reports related to Exchange do not support Exchange Online.
  • Microsoft 365 group properties allowExternalSenders and autoSubscribeNewMembers cannot be updated using Adaxes.
  • User photos in Azure AD cannot be deleted via Adaxes.

Update 1


Version
3.15.21404
Release date
May 8, 2023

In this update, we focused on the stability of Adaxes 2023. All the critical bugs were fixed, and some improvements were added along the way.

EXOv3 module for Exchange Online

Adaxes no longer relies on PowerShell remoting for performing operations in Exchange Online. Following the announced deprecation of PowerShell remoting by Microsoft, we have transitioned to using the latest EXOv3 PowerShell module.

Besides being fully prepared for the deprecation, you can now disable basic authentication in WinRM on the computer where the Adaxes service is installed.

The CreateExchangeOnlinePSSession method in Adaxes is now deprecated. After installing this update, you will need to switch the connection method in your scripts to ConnectExchangeOnline.

Details

Your current scripts that rely on CreateExchangeOnlinePSSession to connect to Exchange Online will continue working as before in the new Adaxes version. However, they will stop working when Microsoft blocks the RPS connection for your tenant – this can happen at any time in June 2023, according to Microsoft. We recommend to update such scripts as soon as possible after updating Adaxes.

Here's a sample script from our repository that connects to Exchange Online via the new ConnectExchangeOnline method.

Also, using Connect-ExchangeOnline and Disconnect-ExchangeOnline cmdlets is now prohibited in scripts executed within Adaxes. If you have any scripts that use these cmdlets, they have to be updated to use ConnectExchangeOnline as well.

Improvements

  • It is now possible to pass property names to criteria expressions via variables. For example, New-AdmCriteria "user" {$myProperty -eq "value"}.
  • Made the behavior of quick search consistent with previous versions when a wildcard character (*) is used in the search query.
  • Removed the timeout for AD LDS installation, which fixed the issue with the initial replication of large and complex configurations to a new Adaxes service instance in multi-server environments.
  • Improved Web interface performance when fetching the operations that the signed-in user is allowed to perform.
  • The Web interface no longer reconnects to a different Adaxes service when the web page is refreshed.
  • Improved the performance of the Reset password operation for users within the scope of a Microsoft 365 tenant that is assigned over many groups.
  • The Managed By (Primary) property is no longer forcefully displayed under the Additional Properties section if the property is required but absent from the creation form.

Web interface bug fixes

  • Fixed the bug that made it impossible to select a domain as a target of a custom command in the Web interface.
  • Fixed the issue where the default Web interface selection settings for the Common Sign In page had no effect if the Remember the last selected Web interface option was disabled.
  • Fixed the issue where the GUID of a mailbox was displayed in the Forward to field if the mailbox Exchange properties have never been viewed by any user.
  • Fixed the Object does not exist error that occurred on the user creation form if a Microsoft 365 section was present on the form.
  • Fixed the issue that made it impossible to use the Group members membership rule in rule-based groups from Azure AD domains.
  • Fixed the issue that caused the is empty / is not empty operators to work incorrectly when using the Advanced search.
  • Fixed the issue that caused business units to sometimes not be displayed on content panes.
  • Fixed a visual bug in the Web interface that occurred when the My Managed objects content pane was grouped by any property.

Other bug fixes

  • Fixed the bug that made it impossible to view or modify Exchange properties of a synchronized contact or group after they were renamed in Azure AD.
  • Fixed the Failed to synchronize group data error that could sometimes lead to an Azure AD group still showing in Adaxes after it was deleted directly in the Azure Portal.
  • Fixed the AuthorizationManager check failed error that prevented Adaxes from successfully registering Azure AD domains if the PowerShell script execution policy was set to AllSigned.
  • Fixed the issue that caused rule-based group membership updates to trigger business rules.
  • Fixed the Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax error that occurred when updating the Azure AD cache if any object in Azure AD had an apostrophe in their name.
  • Fixed the An attempt was made to modify an object to include an attribute that is not legal for its class error that made it impossible to use the If <property of the member> <relation> <value> condition in business rules triggering Before adding a member to a group.
  • Fixed the Cannot find an overload for "AddValues" and the argument count: "1" error in the AddValues method of the SimpleCriteriaItem class.
  • Fixed the Access is denied error that prevented users from manually resending approval requests notifications for requests initiated by executing a custom command.
  • Fixed the Can't find an object with identity error that made it impossible to locate computer objects or perform operations on them via the Get-AdmComputer/Set-AdmComputer cmdlets with the AdaxesService parameter in Windows PowerShell.
  • Fixed the The criteria is invalid. Syntax error at position bug in the New-AdmCriteria cmdlet that occurred when a criteria expression included line breaks. Now you can span criteria expressions over several lines to improve their readability.
  • Fixed the Failed to import configuration objects to the backend. Directory object not found that could occur when restoring specific Adaxes configurations from a backup.
  • Fixed the issue where restoring certain configurations from a backup would lead to Adaxes failing to cache the data of Azure AD managed domains.
  • Fixed the Value cannot be null. Parameter name: dn error that could occur in the Web interface after restoring a configuration from a backup if the app used to manage an Azure AD domain had an expired client secret.
  • Fixed the Failed to load last known good information of the managed domain error that caused Adaxes service to fail to start after restoring certain configurations from a backup.
  • Fixed the Culture ID 4096 (0x1000) is a neutral culture; a region cannot be created from it. Parameter name: culture error that prevented Adaxes from updating the Azure AD cache if the computer with the Adaxes service used a custom Windows culture.
  • Fixed the Failed to get mailbox rights error that could occur when viewing Exchange properties of a linked mailbox if the language of the Exchange server was not English.
  • Fixed the The operation couldn't be performed because object couldn't be found error that occurred when moving a user and enabling a remote mailbox for that user via a script in the same business rule.
  • Fixed the Failed to get the mailbox usage information. MailboxLocation was not found for id error that sometimes occurred when viewing mailbox usage immediately after the mailbox is created in Exchange Online.
  • Fixed the The account name is invalid. It is expected to be formatted either as 'DOMAIN\user' or 'user@domain' error that occurred after changing the service account for a managed domain and then switching it back to the Adaxes service account.
  • Fixed the issue where reports would not display indirect subordinates of a user if that user had a comma in their name.
  • Fixed the issue that made it impossible to search for objects from Windows PowerShell using Adaxes criteria expressions with a single element.
  • Fixed the issue where the Password Must Be Changed at Next Logon option would not be set for new users if it was enabled by default but no other account options were modified during user creation.
  • Fixed the Failed to remove the remote mailbox of the user. Domain is not managed by Adaxes error that occurred when enabling/disabling the Yammer Microsoft 365 service for a synchronized user if the on-premises domain of that user was not registered in Adaxes.
  • Fixed the The search filter cannot be recognized error that occurred after restoring the configuration from a backup if the Web interface browsing search filter in the backup file was disabled.
  • Fixed the An item with the same key has already been added error that prevented Adaxes service from starting after restoring specific configurations from a backup.

Try Adaxes right now!

Download