Version: 3.3.8906.0
Release Date: December 06, 2012
Overview | What's New? | Key Features | Installation Notes | Known Issues
Softerra Adaxes is an end-to-end solution for comprehensive Active Directory management. The software facilitates the work of Active Directory administrators by automating their day-to-day activities and enabling them to manage multiple Active Directory domains in one administrative environment.
The easy-to-use Web Interface allows any user with sufficient permissions to perform a wide variety of directory-related tasks via a standard web browser. Regular users can use the Web interface as a self-service portal to update their personal information (telephone numbers, home address, etc.), manage their passwords and search the directory. Help Desk technicians can employ the interface to perform basic administrative tasks, such as resetting user passwords, unlocking, enabling or disabling user accounts. Directory administrators or users with appropriate privileges can perform comprehensive management, analysis, and monitoring of the Active Directory environment.
Softerra Adaxes 2012.1 incorporates great new features that provide more efficient management of Active Directory, make Web Interface even more user-friendly, enhance overall performance and reliability in demanding environments, and much more. Below you'll see the list of the most significant features and important updates since the previous release.
Adaxes 2012.1 includes an option for protecting AD objects from accidental deletion. If an object is protected from deletion, it cannot be deleted using any tools (Adaxes, native Active Directory tools or other 3rd party tools) until the protection is disabled.
With the help of Business Rules and Scheduled Tasks, you can configure Adaxes to protect objects from deletion automatically. Also, you can specify the default value for the Protect from Accidental Deletion option using Property Patterns for newly created objects. When importing objects from a CSV file, you can add the ProtectedFromAccidentalDeletion column to the CSV file.
When editing Business Rules, Scheduled Tasks and Custom Commands, you can now use the clipboard to copy/paste actions and conditions.
Another new feature allows copying Adaxes configuration objects (Business Rules, Property Patterns, Security Roles, etc.) between different Adaxes services using the clipboard or drag and drop. The option makes the deployment of Business Rules, Security Roles, Property Patterns etc. from your testing environment to the production service easier.
In previous Adaxes versions, when importing user accounts from a CSV file, all Account Options for imported users had to be specified in a single column called userAccountControl. Each account option was represented as a flag of the integer value specified in the column. Now, each account option can be specified in a separate column, which significantly simplifies importing users from CSV files.
Now it is possible to update objects during data import. If you select the 'Update existing objects' option in the Data Import wizard, Adaxes will update the existing objects using the data from the file and will not throw the 'Object already exists' error.
Now Adaxes automatically fixes the incorrect order of records during data import (when child objects precede parent objects) and always imports parent objects before their child objects.
Now, with the help of Property Patterns it is possible to provide custom help and hints for Active Directory object properties.
Now Security Roles have become more granular and include two new permissions:
To learn more about new features and improvements brought by this release, see What's New in Softerra Adaxes 2012.1
top of page
Softerra Adaxes offers a wide variety of features essential to create a reliable
and secure environment for complete and automated user life-cycle management.
The key features of Softerra Adaxes include:
Role-Based Security Administration. Role-based administrative model enables Active Directory administrators to organize and efficiently distribute permissions among users. Permissions are arranged in separate units called Security Roles that either allow or deny users to perform a specific range of tasks. Comparing to the native Active Directory security model, Security Roles increase the productivity of Active Directory administrators and reduce the risk of potential errors.
Active Directory Management. Softerra Adaxes provides a rich set of features for Active Directory management that completely satisfies the needs of directory administrators and regular users. The feature set includes:
Directory Search. Softerra Adaxes provides a powerful search functionality
that enables users to find any Active Directory objects using the maximally flexible,
but simple to specify search criteria. The search can be performed either across
domains or in a specific domain location.
Apart from the Standard search that allows users to locate directory objects by
a wide variety of search parameters, Softerra Adaxes offers the Quick and Alphabetical
searches. Quick Search is useful when the user needs to quickly find an object by
its name or a part of the name. Alphabetical Search allows searching for objects
by the first letter of object names.
Rules-Based Automation. One of the most valuable features of Softerra Adaxes is the ability to automate routine administrative tasks. Softerra Adaxes allows users to create Business Rules that automatically perform necessary tasks when certain conditions are met. Business Rules allow automatically changing the group membership of an object, modifying object properties, managing user home directories, moving objects to new locations, deleting objects, etc.
Streamlined Provisioning and Enterprise Standards Enforcement. Softerra Adaxes provides means to avoid repetitive entering of the same information and helps observing multiple enterprise standards when creating or modifying Active Directory objects. With the help of Property Patterns, administrators can define rules for automatic generation of property values and formatting constraints that don't allow users to enter data that doesn't correspond to the corporate standards.
Approval-Based Workflow. Softerra Adaxes enables administrators to define critical operations that are executed only after their execution is permitted by a responsible person. If a user is trying to perform such an operation, the operation is suspended and an e-mail notification is sent to all its approvers. No changes are made in the directory until an approver allows the execution of the operation.
Dynamic Business Units. Softerra Adaxes allows users to collect Active Directory objects spread over the Active Directory into virtual collections called Business Units. Business Units are used to organize objects in an alternative way to manage them collectively, overcoming the restrictions of domain or organizational structures. Members of Business Units are defined by flexible membership rules that allow to include or exclude objects dynamically, adapting to changes in the Active Directory. Business Units can include or exclude specific objects, group members, container children or results of search queries.
Active Directory Reports. Softerra Adaxes provides an extensive list of Active Directory reports that facilitate analysis and monitoring of the Active Directory environment. Reports can be created either for objects located in a specific Active Directory container or organizational unit, or for all objects in one or several Active Directory domains. Information on objects displayed in each report can be customized to represent data, detailed enough to perform effective analysis.
Password Self-Service for Active Directory. Adaxes allows users to reset forgotten passwords and unlock accounts without contacting the help desk, and thus, eliminates the biggest source of help desk traffic. To prevent malicious attacks to the self-password reset system, Adaxes provides a number of strong and reliable security measures. To validate the user's identity, Adaxes uses Security Questions & Answers, and/or SMS Verification.
Customization. Adaxes includes extensive customization capabilities that allow aligning the software with unique business processes and requirements. With the help of Custom Commands, complex and routine tasks specific to your work environment can be performed at a single mouse click. The Web Interface can be configured separately for Administrators, Help Desk operators, and Self-Service. For each role, you can customize forms for object creation and modification, define which activities users can perform, allow users to view only specific Active Directory objects, disable certain features of the Web Interface, customize the Active Directory search and browsing capabilities, etc.
Scheduled Tasks for Active Directory. It is often required to run various Active Directory management tasks on a regular basis. With Adaxes you can schedule a wide range of operations, such as:
Logging. By logging all operations performed via Softerra Adaxes in a centralized fashion, the product allows administrators, auditors or any other users to view, who performed what operations, when, on what objects, filter data to view all operations performed from a specific host within a specific period of time, etc.
Exchange Management. Softerra Adaxes enables administrators, help desk, and other staff to manage recipients in several Microsoft Exchange servers from a single administrative console, and spares the need to switch between several tools for Active Directory and Exchange management. The creation of Exchange mailboxes became significantly faster due to the ability to configure the generation of aliases and selection of mailbox stores by default. With the help of Business Rules, it is possible to automatically provision newly created or modified Active Directory users with Exchange mailboxes. Supported Exchange versions: 2003, 2007, and 2010.
Active Directory Management with PowerShell. Adaxes is delivered with a PowerShell module that includes a PowerShell provider and a set of cmdlets for Active Directory management from the command line. The PowerShell module lets users benefit from features like cross-domain management, automated provisioning, approval-based workflow, enforcement of enterprise standards, etc. For example, when an AD user is created using PowerShell, Adaxes can automatically add this user to certain groups, provision this user with a home directory and Exchange mailbox, ensure that the data specified for the user account corresponds to the established organization standards, send e-mail notifications, etc.
SPML Support. Softerra Adaxes can be integrated in SPML-enabled provisioning systems to exchange provisioning data via the SPML v.2 protocol. Softerra Adaxes can act both as an SPML client (Requesting Authority in terms of SPML standard) and an SPML provider (Provisioning Service Point). Adaxes SPML Provider transforms SPML requests sent by other provisioning services into Active Directory operations or data retrieval queries. As SPML client, Softerra Adaxes sends SPML requests for operations performed in Active Directory to the registered SPML providers.
For the product requirements and instructions for Softerra Adaxes installing and uninstalling, see Installation Notes.
SYMPTOMS
The Adaxes service does not start on a workstation and the system event log contains
the following error messages:
CAUSE
The Adaxes Service uses the account of the default service administrator to log
on to the system. During the service installation on a workstation (not on a domain
controller), the setup program grants the 'Log on as service' right to this account
locally on this workstation via the Local Policy settings. If there is a conflicting
domain-based Group Policy object that grants the 'Log on as service' right to other
users, the local right granted by the setup program will be removed during the Group
Policy refresh, because the domain-based Group Policy settings override the Local
Policy settings. If this happens, the Adaxes service will not start.
WORKAROUND
To work around this behavior, contact your domain administrator to grant the 'Log
on as service' right to the account of the default service administrator in a precedent
domain-based Group Policy.
STATUS
This behavior is by design. The Domain Group Policy overrides the Local Policy settings.