Softerra Adaxes -Product Review
Softerra Adaxes is a complete solution for management, administration and monitoring of Active Directory.
It allows us to automate and secure user provisioning and de-provisioning in Active Directory environments. With its granular distributed role-based security, administrative tasks automation, approval-based workflow, and enterprise standards enforcement rules. It provides a high-performance user lifecycle management for an enterprise.
- Increased AD Security: Active Directory security has been amplified due to the role-based security administration, approval-based workflow, and automated user provisioning and de-provisioning available in Softerra Adaxes.
- Role-based security administration: it enabled distributing the permissions more granularly, which removes uncontrolled access to the enterprise resources.
- Approval-based workflow sets the critical processes under the control of authorized persons. There will not be any delay/errors in granting the permissions by automatic user provisioning and deprovisioning.
- Reduced Workload for IT Staff: Automated and modernized provisioning reduces the workload and risk of errors for IT staff. The easy-to-use Self-Service Web Interface allows users to maintain their personal information themselves without involving IT staff
- Standardized AD Environment: As it use auto-generation patterns and formatting for object creation/modifications, its easy to maintain AD resources comply with enterprise standards.
- Efficient Audit and Monitoring: Adaxes service allows a complete tracking/monitoring of all the activities performed in Active directory.
- Information on the AD infrastructure and the state of AD objects can be collecting via Active Directory reports. These amenities allow analysis and monitoring of the enterprise resources making Active Directory more structured and explained.
- Role-Based Security Administration: Role-based security model is used to consolidate and proficiently allocate permissions to users. A flexible assignment mechanism allows combining the permissions into separate, easy-adjustable Security Roles which allows users or groups, to which it needs to be assigned in order to perform a certain set of tasks.
- Administrative Task Automation: Administrative workload, routine operations can be avoided by an automated and combined in one task. Additional tasks are executed automatically by Business Rules which is controlled by flexible conditions and assignments.
- Day-to-day administrative operations become more and more time-consuming as enterprises grow in size. To reduce administrative workload, routine operations can be automated and combined in one task. Additional actions are executed automatically by Business Rules, when a specific operation is performed. The scope of Business Rule efficiency is controlled by flexible conditions and assignments.
- Streamlined Provisioning and Enterprise Standards Enforcement: Softerra Adaxes provides Property Patterns which define formatting constraints and auto-generating rules for object properties. Through a granular assignment mechanism, different Property Patterns can be made operative for different resources depending on their regional or departmental details.
- Approval-Based Workflow: Administrators can configure the critical operations to execute only after an approval using Softerra.
- Dynamic Business Units: With the help of Softerra Adaxes, Active Directory objects can be organized in a different method without breaking the AD structure
- Active Directory Reporting. The reporting feature in Softerra Adaxes allows to analyze and monitor the Active Directory A complete list of AD reports will be provided by Softerra Adaxes in a lesser time.
- Password Self-Service: Active Directory Self-Service Password Reset feature of Adaxes allows users to reset their forgotten passwords without a help from an IT team.
- Customization: With the help of customized commands, Adaxes can be customized to fulfill the specific requirement of the company.
- Scheduled Tasks: Adaxes allows performing numerous Active Directory management tasks automatically with the help of scheduler task.
- Exchange Management and Automation: Adaxes comprises an integrated collection of tools for Exchange management and automation, which enables an administrator to standardize, automate, and streamline creation and management of mailboxes, distribution lists, and mail-enabled contacts. it also offers an easy-to-use web-based interface for Exchange management and administration. Adaxes supports Microsoft Exchange 2003, 2007, 2010, and 2013.
- Office 365 Management and Automation: Adaxes carries the missing layer of automation for Office 365 which includes automated management of Office 365 accounts and automated management of Exchange Online mailboxes. Adaxes combines Office 365 and on-premises environments under a sole web-based administrative interface which allows administrator to manage both Office 365 and local user identities
- Automated Provisioning for Lync: Lync enabling/disabling users for lync process can be automated using Adaxes. EX: When a new user account is created in Active Directory, Adaxes will automatically enable the user for Lync. During user deprovisioning, Adaxes can automatically Lync-disable the user. Adaxes supports Microsoft Lync 2010 and 2013.
- Logging: The Service Log permits an administrator to monitor all operations performed through Softerra Adaxes.
- Active Directory Management with PowerShell: The Active Directory PowerShell module brought with Adaxes allows administrators to manage Active Directory from the command line.
- Load Balancing: By installing the numerous Adaxes services which share their configuration, users connects to the nearest available Adaxes service which in turn minimize the system overburdening, increase the utilization of network segments, and enhance the system liability.
- SPML Support: SPML Support provided by Softerra Adaxes allows you to integrate Adaxes in SPML-enabled provisioning systems. This enables Adaxes to exchange provisioning data with SPML-compliant identity providers without complex and costly integration.
The installation includes a straight forward steps and the installation window itself will guide you through the installation process. The user account which is userd to install and configure should be a domain user. The Adaxes comprises of both Server component and an Administration console.
- .NET 3.5 needs to be installed manually prior to the Adaxes installation.
Though both the components of the Adaxes can be installed on the same machine, it is recommended to install Server component on a member machine and Administration console on the workstation
Adaxes has three well designed and intuitive interfaces as below:
- Adaxes Administration Console
- Adaxes Web Interface Configuration Console
This is the main admin interface, which is used in most of the Adaxes configuration from permissions, logging, tasks and actions available to users, etc.:
Adaxes Web Interface Console:
The Web Interface Configuration console allows administrators to customize the web interfaces as below. Using this Web Interface Configuration Console administrator can specify which AD attributes that Help Desk staffs are able view/modify:
Actions can be enabled/disabled as below:
Once the Adaxes is installed, we can find Server available readily where the adaxes service is installed at the first time itself:
We need to double click on the domain to connect:
Once the connection is established, we can see the console as below:
Adaxes offers role-based security administration and automated group membership management in order to control permission delegation efficiently. Similarly to Exchange Role Based Access Control [RBAC], Adaxes roles permit a granular distribution of permissions by reducing the risk of uncontrolled access to resources. There are many built-in roles already configured as below:
Each security role can be clearly described with the minimum permissions required for role, that the users to accomplish their responsibilities, without providing unnecessary access.
Example: we can allow Help Desk to only update Auto-Reply messages and enable, disable and configure Unified Messaging services and Archiving.
It’s very simple and straightforward to add new roles or edit existing ones as below:
A business rule is an automation workflows, conditional logic and actions of all types. Adaxes has an capacity to automate numerous things with AD and also it can link into many other tasks like user home folder creation, creating Exchange mailboxes, provisioning accounts in Office 365 and even running PowerShell scripts! All of these actions are modified based on conditions.
We can add actions to the built-in Business Rule by clicking on Add actions to a new Set as below:
We can even edit the existing actions by double clicking on it as below:
Property patterns are the one which is used to Generate and validate the values while creating/modifying the account as below:
There are many built-in patterns available with Adaxes as per the object types, we can add any extra patterns/values by clicking in Add option and below are the available values:
Scheduled tasks in Adaxes are similar to Windows scheduled tasks which run Adaxes actions. Scheduled tasks are permits to set a nearby infinite amount of conditions to check for various conditions and then take action and these scheduled tasks are triggered on a time.
It requires an hours for building advanced PowerShell scripts to check for and manage the old AD accounts which are norm in businesses especially when it is a large enterprise. Adaxes comprises of few useful built-in scheduled tasks that show off its capability. With the help of these, we can easily modify certain actions which fulfill our business needs. It also has an approval mechanism built-in; with the help of this we can put an approval on those individual tasks and a sends to a manager for approval to ensure that action needs to be performed or not.
Adaxes keeps track of all operations performed on it. Using the Adaxes logging option, administrators and authorized users can review all operations executed in all AD domains.
Administrators can even configure e-mail notifications when specific operations are performed. Adaxes logging looks like as below:
Managing and Automating Exchange:
For an Exchange administrator certain administrative tasks like creating mailboxes, enabling users for archiving, setting mailbox quotas, etc., are time intense and few organizations habitually go with delegating these tasks to Help Desk staff.
RBAC with Exchange 2010, it bit simple by allowing administrators to grant specific users or groups with the essential permissions for them to perform their task. However, RBAC is a bit complex approach that most administrators find it difficult and also it does not provide any personalized interface to administration tasks.
With Adaxes, we can fully automate the process of provisioning and managing mailboxes, distribution lists and mail-enabled recipients in Exchange 2003, 2007, 2010 and 2013.
Let us see how a policy that is activated when a new user account is created. If the user account is created successfully without a mailbox, Adaxes will automatically create the mailbox for the user account by selecting the database containing the least number of mailboxes out of available databases:
We can add many options to the policy as required:
We can set the mailbox storage settings:
Enable the option for lync access:
There are more options available to add to the policy and execute the same.
Adaxes is a wonderful tool which combines multi-step operations into one-click actions. This is flexible and provides enormous automation capabilities with simple methods. It is simple enough to setup and options are self-explanatory. The PowerShell script editor built into the product is a complement to complete the last mile of automation tasks. Adaxes also provides a great and highly customizable user interface which will be used to delegate and automate AD and Exchange tasks easily.
If you’re an AD/Exchange administrator, Adaxes is a must have tool.
Microsoft MVP | Exchange Server