Version: 3.2.7708.0
Release Date: November 18, 2011
Overview | What's New? | Key Features | Installation Notes | Known Issues
Softerra Adaxes is an end-to-end solution for comprehensive Active Directory management. The software facilitates the work of Active Directory administrators by automating their day-to-day activities and enabling them to manage multiple Active Directory domains in one administrative environment.
The easy-to-use Web Interface allows any user with sufficient permissions to perform a wide variety of directory-related tasks via a standard web browser. Regular users can use the Web interface as a self-service portal to update their personal information (telephone numbers, home address, etc.), manage their passwords and search the directory. Help Desk technicians can employ the interface to perform basic administrative tasks, such as resetting user passwords, unlocking, enabling or disabling user accounts. Directory administrators or users with appropriate privileges can perform comprehensive management, analysis, and monitoring of the Active Directory environment.
Softerra Adaxes 2011.3 delivers great new features that aim to provide secure password self-service for Active Directory, significantly improve Active Directory automation and management, enhance user notification capabilities, and much more. Below you'll see the list of the most prominent features and important updates since the previous release.
The Password Self-Service feature enables users to securely reset forgotten passwords and unlock their accounts themselves, not involving administrative or Help Desk personnel. Users can perform self-password reset right from the Windows Logon Screen or from the logon page of Adaxes Web Interface. You can also integrate the feature into your own web portal, if it uses Active Directory for authentication.
With the help of Scheduled Tasks you can launch a wide range of Active Directory operations on a predefined schedule. Here is a short list of typical operations that you can automate using Scheduled Tasks:
One of the most important features of Scheduled Tasks is the possibility to control their execution by requesting an approval for specific Scheduled Task actions. Adaxes will not execute such actions until the execution is approved by an authorized person.
Now, with the help of Adaxes it is possible to send SMS messages to Active Directory users. For example, prior to resetting the password of a user, a Help Desk operator can send an SMS verification code to this user. By dictating this code the user can confirm his/her identity. To send SMS messages using Adaxes, users must be granted appropriate permissions.
SMS messages can be sent automatically by Business Rules, Custom Commands and
Scheduled Tasks. In advanced cases, it is possible to send SMS messages using PowerShell:
$Context.SendSms($mobileNumber, $text)
.
The new version of Adaxes allows customizing templates for email notifications sent as a part of approval-based workflow. For all the notifications you can edit subject, header and footer as well as specify font and text size. Besides, now approval notifications include full operation description presented in nice manner with color highlighting.
The new version of Adaxes allows you to filter the information stored in the Adaxes service log. You can filter records by operation type, by initiator type, by target object type or by initiator host.
To learn more about new features and improvements brought by this release, see What's New in Softerra Adaxes 2011.3
top of page
Softerra Adaxes offers a wide variety of features essential to create a reliable
and secure environment for complete and automated user life-cycle management.
The key features of Softerra Adaxes include:
Role-Based Security Administration. Role-based administrative model enables Active Directory administrators to organize and efficiently distribute permissions among users. Permissions are arranged in separate units called Security Roles that either allow or deny users to perform a specific range of tasks. Comparing to the native Active Directory security model, Security Roles increase the productivity of Active Directory administrators and reduce the risk of potential errors.
Active Directory Management. Softerra Adaxes provides a rich set of features for Active Directory management that completely satisfies the needs of directory administrators and regular users. The feature set includes:
Directory Search. Softerra Adaxes provides a powerful search functionality
that enables users to find any Active Directory objects using the maximally flexible,
but simple to specify search criteria. The search can be performed either across
domains or in a specific domain location.
Apart from the Standard search that allows users to locate directory objects by
a wide variety of search parameters, Softerra Adaxes offers the Quick and Alphabetical
searches. Quick Search is useful when the user needs to quickly find an object by
its name or a part of the name. Alphabetical Search allows searching for objects
by the first letter of object names.
Rules-Based Automation. One of the most valuable features of Softerra Adaxes is the ability to automate routine administrative tasks. Softerra Adaxes allows users to create Business Rules that automatically perform necessary tasks when certain conditions are met. Business Rules allow automatically changing the group membership of an object, modifying object properties, managing user home directories, moving objects to new locations, deleting objects, etc.
Streamlined Provisioning and Enterprise Standards Enforcement. Softerra Adaxes provides means to avoid repetitive entering of the same information and helps observing multiple enterprise standards when creating or modifying Active Directory objects. With the help of Property Patterns, administrators can define rules for automatic generation of property values and formatting constraints that don't allow users to enter data that doesn't correspond to the corporate standards.
Approval-Based Workflow. Softerra Adaxes enables administrators to define critical operations that are executed only after their execution is permitted by a responsible person. If a user is trying to perform such an operation, the operation is suspended and an e-mail notification is sent to all its approvers. No changes are made in the directory until an approver allows the execution of the operation.
Dynamic Business Units. Softerra Adaxes allows users to collect Active Directory objects spread over the Active Directory into virtual collections called Business Units. Business Units are used to organize objects in an alternative way to manage them collectively, overcoming the restrictions of domain or organizational structures. Members of Business Units are defined by flexible membership rules that allow to include or exclude objects dynamically, adapting to changes in the Active Directory. Business Units can include or exclude specific objects, group members, container children or results of search queries.
Active Directory Reports. Softerra Adaxes provides an extensive list of Active Directory reports that facilitate analysis and monitoring of the Active Directory environment. Reports can be created either for objects located in a specific Active Directory container or organizational unit, or for all objects in one or several Active Directory domains. Information on objects displayed in each report can be customized to represent data, detailed enough to perform effective analysis.
Password Self-Service for Active Directory. Adaxes allows users to reset forgotten passwords and unlock accounts without contacting the help desk, and thus, eliminates the biggest source of help desk traffic. To prevent malicious attacks to the self-password reset system, Adaxes provides a number of strong and reliable security measures. To validate the user's identity, Adaxes uses Security Questions & Answers, and/or SMS Verification.
Customization. Adaxes includes extensive customization capabilities that allow aligning the software with unique business processes and requirements. With the help of Custom Commands, complex and routine tasks specific to your work environment can be performed at a single mouse click. The Web Interface can be configured separately for Administrators, Help Desk operators, and Self-Service. For each role, you can customize forms for object creation and modification, define which activities users can perform, allow users to view only specific Active Directory objects, disable certain features of the Web Interface, customize the Active Directory search and browsing capabilities, etc.
Scheduled Tasks for Active Directory. It is often required to run various Active Directory management tasks on a regular basis. With Adaxes you can schedule a wide range of operations, such as:
Logging. By logging all operations performed via Softerra Adaxes in a centralized fashion, the product allows administrators, auditors or any other users to view, who performed what operations, when, on what objects, filter data to view all operations performed from a specific host within a specific period of time, etc.
Exchange Management. Softerra Adaxes enables administrators, help desk, and other staff to manage recipients in several Microsoft Exchange servers from a single administrative console, and spares the need to switch between several tools for Active Directory and Exchange management. The creation of Exchange mailboxes became significantly faster due to the ability to configure the generation of aliases and selection of mailbox stores by default. With the help of Business Rules, it is possible to automatically provision newly created or modified Active Directory users with Exchange mailboxes. Supported Exchange versions: 2003, 2007, and 2010.
Active Directory Management with PowerShell. Adaxes is delivered with a PowerShell module that includes a PowerShell provider and a set of cmdlets for Active Directory management from the command line. The PowerShell module lets users benefit from features like cross-domain management, automated provisioning, approval-based workflow, enforcement of enterprise standards, etc. For example, when an AD user is created using PowerShell, Adaxes can automatically add this user to certain groups, provision this user with a home directory and Exchange mailbox, ensure that the data specified for the user account corresponds to the established organization standards, send e-mail notifications, etc.
SPML Support. Softerra Adaxes can be integrated in SPML-enabled provisioning systems to exchange provisioning data via the SPML v.2 protocol. Softerra Adaxes can act both as an SPML client (Requesting Authority in terms of SPML standard) and an SPML provider (Provisioning Service Point). Adaxes SPML Provider transforms SPML requests sent by other provisioning services into Active Directory operations or data retrieval queries. As SPML client, Softerra Adaxes sends SPML requests for operations performed in Active Directory to the registered SPML providers.
For the product requirements and instructions for Softerra Adaxes installing and uninstalling, see Installation Notes.
SYMPTOMS
The Adaxes service does not start on a workstation and the system event log contains
the following error messages:
CAUSE
The Adaxes Service uses the account of the default service administrator to log
on to the system. During the service installation on a workstation (not on a domain
controller), the setup program grants the 'Log on as service' right to this account
locally on this workstation via the Local Policy settings. If there is a conflicting
domain-based Group Policy object that grants the 'Log on as service' right to other
users, the local right granted by the setup program will be removed during the Group
Policy refresh, because the domain-based Group Policy settings override the Local
Policy settings. If this happens, the Adaxes service will not start.
WORKAROUND
To work around this behavior, contact your domain administrator to grant the 'Log
on as service' right to the account of the default service administrator in a precedent
domain-based Group Policy.
STATUS
This behavior is by design. The Domain Group Policy overrides the Local Policy settings.