0 votes

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)?

Since this user can change user's password, attribute, etc it become critical. We would like to manage this user so that PAM can change/rotate the password periodically

by (170 points)

1 Answer

0 votes
by (294k points)

Hello,

All operations in a domain managed by Adaxes are performed using the account specified for the domain. You can configure PAM to automatically change/rotate the password of the account, however, it will require updating the password in Adaxes as well. For information on how to do that, have a look at the following help article: https://www.adaxes.com/help/ChangeManagedDomainServiceAccount.

0

Hello,

So I will need to update the password periodically in Adaxes as well?

Is there any way to call REST API to PAM from Adaxes?

0

Hello,

So I will need to update the password periodically in Adaxes as well?

Yes, that is correct.

Is there any way to call REST API to PAM from Adaxes?

It should be possible using a PowerShell script. The following Microsoft article might be helpful: https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/privileged-access-management-rest-api-reference.

0

the question the, can we change ChangeManagedDomainServiceAccount through API?

So Adaxes will call the API from PAM. Can powershell inject credentials to Adaxes?

0

Hello,

Sorry for the confusion, but we are not sure of the workflow you want to have. Please, describe it in all the possible details with step-by-step live examples.

For your information, it is possible to use a script to update credentials of a managed domain in Adaxes: https://adaxes.com/sdk/SampleScripts.ChangingCredentialsForManagedDomain.

0

here is the live example.

to connect to AD from Adaxes we user some credentials let say AdaxesAdmin.

There's a policy that every username that has admininistrator capability has to managed by PAM, so PAM will rotate the password periodically for example every one month. Once this password managed by PAM, we need to request the current password to PAM.

So, if AdaxesAdmin is managed by PAM, is there anyway to re-inject this new password to Adaxes automatically?

0

Hello,

You can use the following script to update credentials of a domain managed by Adaxes: https://adaxes.com/sdk/SampleScripts.ChangingCredentialsForManagedDomain. Unfortunately, we were not able to find any information on PAM being able to make API requests automatically when rotating a user password. We recommend you to check that with Microsoft support. If there is no such possibility, then you can execute the script manually when required.

Related questions

0 votes
1 answer

I want to make a custom field in which you can select a person from the active directory, is this possible? For example, as in the field manager

asked Nov 18, 2022 by Alvares (100 points)
0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6, 2020 by DaralenManta (20 points)
0 votes
1 answer

It's possible to integrate ADAXES with HR Solution to create user in active directory ?

asked Feb 14, 2020 by babid (20 points)
0 votes
1 answer

Is there a comparison between the OnPrem user object and Entra user object in the built-in condition? Which determines the most recent inactivity from both environments. Or should a choice be made between the OnPrem domain or Entra based on the Activity scope?

asked Dec 13 by IwistIT (40 points)
0 votes
1 answer

The rule runs but since the first name and last name are passed as parameters, I only get the sequential # as a userID without the initials.

asked Oct 24 by curtisa (290 points)
3,589 questions
3,278 answers
8,303 comments
548,106 users