Softerra Adaxes is a product that directly talks with Active Directory providing automation for user provisioning and de-provisioning making the administration process quick and easier.
Administering Active Directory it's a critical task and can be a nightmare if it not properly maintained. Lot of operations are tricky to perform without the help of specific tools and here is where Adaxes comes in. Adaxes is not a product only for administrators but also offers an interface for users to manage their accounts with simple tasks like password reset.
IT pros that work with Active Directory every day know exactly the effort required to maintain an AD environment. Native tools in Windows Server are not sufficient to perform all the tasks and often simple operations require a lot of time to complete. This product brings some useful automation that simplify the Active Directory management.
Prerequisites
Adaxes is compatible with most Windows systems and doesn't need great hardware to run. Web Interface and SPML Web Service should be installed on the server editions due to IIS limitation on the number of simultaneous connections.
- Supported OS: Windows Server 2003 / 2008 /2008 R2 / 2012 / 2012 R2, Windows 7 (AD LDS installation required) / 8 / 8.1
- Microsoft .NET Framework 3.5 SP1
Minimum hardware required
Hardware requirements depend on the total number of objects managed by your Adaxes service.
Licensing
Adaxes is licensed in packages based on the number of enabled and not expired user accounts in your AD domain(s) and the licenses are perpetual. Optionally you can also purchase an annual maintenance and support contract.
Additional info can be found visiting the purchase page.
Install Adaxes
To install Softerra Adaxes, the target computer must be joined to an Active Directory domain. From Adaxes website download the 30-day free trial and run the installer.
If Microsoft .NET Framework 3.5 SP1 is not installed in the target computer, you receive a warning message. Click OK to close the window and install the required component.
Run the installer and click Next to start the installation wizard.
Accept the EULA then click Next.
Select features to install and click Next.
Since it’s suggested the use of a dedicated account to run the service, create a dedicate AD account with Domain Administrator privileges as Service Administrator Account then click Next.
Click Yes to grant the required permission.
Click OK to confirm.
Since this is the first installation, select New configuration option and click Next.
Enable web interface for all items in the window and click Next to continue.
Enable the Open port 54782 in Windows Firewall option and click Install to start the installation.
The software is being installed in the system.
When the installation has completed, click Finish to exit the wizard. The two available options allows you to restore previously saved configurations.
The installation process is complete.
Administration console
First time you open the console, the Post-Installation Steps window appears showing the post installation tasks to perform to configure the environment. Click Close.
From main screen right click the server under Available Service and select Connect to link the software with Active Directory.
Select This account option, type the AD account and password previously configured during installation then click Finish.
The Adaxes Administration Console is now connected to the Active Directory.
Adaxes features
The software offers several features useful in a daily maintenance of the Active Directory environment and the power and easy-of-use of the product are the key points that makes Adaxes an interesting solution.
After testing the solution in my Active Directory environment, features included in Adaxes made some complicated and time consuming operations very easy to manage.
AD Management
One feature that introduces the Adaxes Administrator Console is the possibility to manage multiple Active Directory domains even belonging to different forests. This allows the administrators to perform operations across all the domains with a single action.
For instance you can perform search through all domains and change users property with a single operation.
You can disable selected accounts from different domains and much more.
There is also a web version available where you can manage Active Directory in the same way that the Admin Console does. You can create different Web UI types (for admins, help desks, end users, self-service, etc.) and each one can be granularly customized to fit the exact needs of each user type.
Role-based Security
With this feature you can assign permissions to users based on their job role instead of modifying access rights across Active Directory. Permissions are granted by assigning a specific role to the users defining where in Active Directory they can execute the assigned role.
AD Automation
A very cool feature is the possibility to assign tasks that can be automatically executed after creating a user. When a user is created, Adaxes can create the home share and automatically map it for the user. Automatically it can create an Exchange mailbox, enable user for Lync and activate user for Office 365 account.
It's possible to assign different operations and different additional tasks.
Scheduled Tasks
Similar to scheduled tasks you have in Windows, a task can be scheduled on a specific time, day, week or month and when executed it performs actions on each object of Active Directory included in the Activity Scope field. You can move objects between OUs, update users properties, run scripts, sending emails and much more.
In addition, the execution of a specific task can be controlled by the Get approval for this action option and it won't be executed until approved by the authorized person.
AD Data Integrity
This feature allow the administrators to make sure that data stored in Active Directory are compliant with the establish requirements.
For example, setting the Personal Title property in the User Pattern policy you can specify how the personal title must be formatted. Flag The property is required option to enable the policy.
When the configured policy is applied, during the user creation the Personal Title field can be filled only with values previously specified.
Approval Workflow
In addition to the typical AD related tasks, you can create process workflows where critical operations can be executed only when approved by the authorized person.
Virtual OUs
Virtual OUs allow to manage AD objects regardless of their location in Active Directory and the Business Units membership is determinated by flexible membership rules. You can assign automation rules and delegates permissions to a specific OU, group or department.
For instance, you can assign the Help Desk Security Role over the Sales Business Unit in order Help Desk staff can provide support to the Sales group members located in different OUs.
Logging
Each operation performed with Adaxes is logged by the system allowing to track changes in Active Directory. You can check who made what filtering the results by operation, date, group, etc.
Password Self-Service
This service allows to reduce most of the calls to Help Desk support due to forgotten passwords giving the IT time for other activities. The service is integrated in the Windows logon screen where the user can easily reset its password by clicking the Reset Password link.
The user is redirected to the Reset Password page and depending on the configured policy he/she has to enter the verification code received via SMS and/or answer the security questions.
From the Administration Console you can define different policies for different set of users. Policy with highest precedence is applied.
Office 365 Management and Automation
Most of companies use Office 365 environment for their business and manually assigning licenses and configuring mailboxes to each user is not only time consuming but it generates administration costs and inefficiency.
To deploy for each employee the correct application and license can be tricky and if a user get promoted, changes department or leaves the company, some specific actions must be performed to reassign licenses, configure the applications and so on.
Using Adaxes the management can be simplified. Following conditional rules, you can automate the activation of new accounts, assign different services to the users and configure mailboxes. If a job role changes, the license to assign to the user is changed automatically based on the new role/department.
If a user leaves the company, with Adaxes you can automatically revokes the office 365 licenses associated with the user.
You can manage mailboxes in one place regardless if the mailboxes are located on premises Exchange or in Office 365. To manage Office 365 with Adaxes you need to install Azure Active Directory PowerShell module on the server.
The user interface can be customized to be conformed to the different requirements for the job role within the organization. The Self-Service customization allows the users to pick the applications they need and services are assigned following an approval process.
Conclusion
Softerra Adaxes is a powerful and well done product that includes all the features an Administrator needs to maintain Active Directory. The product design is clear with an intuitive layout and all the options are self-explanatory.
If you want to try Adaxes, dowload the 30-day free trial.
