Active Directory (AD) has been a critical piece of functionality in a huge majority of businesses. AD has provided us with single sign-on functionality for nearly 16 years now. Due to AD’s wide adoption, administrators have many years of experience with AD. They know that AD can be a beast of a system to manage. Everyone in the business depends on AD. It’s a critical system but at the same time can easily turn into an organizational mess if not properly maintained. This is where a product like Adaxes by Softerra comes in. I had a chance to review this product and, coming from my nearly 10 years of managing AD, it is the product I wish I had so many years ago.
Adaxes is a product that aims to help nearly ever user in a business manage AD. It’s not simply an AD management product for administrators. Adaxes also provides an interface for users to manage their own accounts, help desk agents to assist in account management and what you might expect in an AD management product; an administrative console.
Adaxes can be broken down into three logical components; a self-service portal for users and non-administrators to manage their own or assist in other account management, an administrative console where nearly every piece of AD can be automated and a general AD management solution. All three of these components roll up to form a complete AD management and automation solution.
To get started with Adaxes, you’ll need to download and install the product. The installation is straightforward and acts like you’d expect a typical MSI-based installer to act. However, be aware that the installer needs .NET 3.5 which is not automatically installed. Also, the installer also requires you to be logged in as a domain user. I was trying to install it as the domain administrator which would not work.
Ready to stop reading and start learning about PowerShell, DSC, Windows Server, Sharepoint, IIS and dozens of other categories? If so, check out the hundreds of absolutely no-PowerPoint, technical demo screencasts available on the new, IT e-learning platform TechSnips. Click here for a 7-day free trial to see what it's all about!
The product consists of both a server component and an administration console. Although possible to install on the same machine, it’s recommended to install the server component on a member server and install the administration console on your workstation.
In my lab, I’ve installed the Adaxes Service on a Windows Server 2012 R2 server. I’ve also installed the Service Administration Console and PowerShell Module for AD on a Windows 8.1 client in the same domain.
Upon bringing up the admin console for the first time I was pleasantly surprised that it was able to already see the server I installed Adaxes Service on. I then diligently followed all of the post-installation steps that were required although I didn’t have a whole lot to do since I was only working with a single domain.
Once I got the product installed, I was ready to go. Because my primary focus is on automation, I am not going to cover a couple of Adaxes’s components; the self-service portal and the AD management component. There’s so much to each of these components by themselves I can’t possibly cover them both without the detail they deserve. If you’d like more information on those features, I encourage you to check out their product info page.
In this article, I’m going to cover how Adaxes can help you and your business save time, keep AD organized and standardize your AD management procedures through Adaxes’s AD automation features.
First, I’d like to cover business rules in Adaxes. When shown the demo of the product the concept that I was really interested in was business rules. In Adaxes-speak, business rules are like automation workflows complete with triggers, conditional logic and actions of all kinds. Adaxes has the ability, through business rules, to not only automate various things with AD but can tie into many other things like user home folder creation, creating Exchange mailboxes, provisioning accounts in Office 365 and even running PowerShell scripts! All of these actions are completely customizable based on a number of conditions.
One task that I’m sure a lot of you are familiar with is new user provisioning. Creating an AD account for a user isn’t enough. There’s a lot of various actions that need to happen to onboard a new employee. This is a great reason to build a business rule. I work best from examples or an existing template. I found it’s much easier to learn something this way. I was easily able to pick up the concept of business rules due to an existing rule called After User Creation that was provided out of the box.
As a test, I decided to create a business rule of my own. There have been times in my career where when a female employee gets married her last name changes and I’ve had to update that name in all kinds of different places. I wanted to put this to the test to see how difficult this was with Adaxes. To do this, I wanted to create a business rule that changed her home folder name as well as her username if I only changed her last name.
The process was straightforward that didn’t really require a PowerShell script but I wanted to find out how Adaxes leveraged PowerShell. I decided to use PowerShell to rename the user’s home folder. When stepping through the business rule wizard, I chose the PowerShell script action and was presented with a builtin PowerShell editor complete with syntax highlighting and basic Intellisense features. Wow! I was also able to insert variables specific to Adaxes easily as you’ll see below I’m bringing in the user’s existing home directory. The PowerShell support is the best I’ve seen in a product. It includes logging capabilities as well as methods to use inside of your script to do Adaxes-specific functions. A+ for the PowerShell supprt.
After I setup the business rule, I was able to use the built-in AD management node in Adaxes’ console tree to modify the last name. When I did, I immediately notice that the Display Name had automatically changed to reflect the last name change and saw that the home folder name was changed as well. Very cool!
Another topic I wanted to focus on was Adaxes’ scheduled tasks. Scheduled tasks in Adaxes are exactly like Windows scheduled tasks only that they run Adaxes actions. Scheduled tasks are similar to business rules in that they allow you to set a near unlimited amount of conditions to check for various things and then take action on something. However, instead of being triggered on a particular action, scheduled tasks are triggered on a time.
The software contains a few useful built-in scheduled tasks that show off its ability. One that caught my eye was the Inactive User Deleter task.
Stale AD accounts are the norm in businesses especially if you’re in a large enterprise. I’ve personally spent hours upon hours building advanced PowerShell scripts to check for and manage these accounts. With this one scheduled task in Adaxes you can easily modify a few of the actions to set your needs and be done! Adaxes also has an approval mechanism built-in too. This means that if it’s going to be doing something destructive like removing a user account, you can put an approval on that individual task. That then sends an email to a manager, for example, to ensure that account needs removed and only when confirmed will it actually remove the account. This would be a nightmare to script with PowerShell!
My Opinion of Adaxes
My first reaction to this product was, “Wow, this thing does a LOT of stuff”. I initially was overwhelmed by the amount of bells and whistles that this product has. Every new screen that came up had all kinds of buttons you could push and levers you could pull to modify that function’s behavior. You can clearly see that this is a mature product and a lot of thought has gone into every detail.
This is great for flexibility and to ensure the customer is able to do nearly anything they want but at the cost of simplicity. The product was easy enough to get setup. I didn’t run into any major issues. All the menus and options were self-explanatory but I couldn’t stop thinking that there’s got to be a better way to organize all of this into a simple method. Which would you rather have? A thorough, complete product that does everything you need at the cost of a higher learning curve or a simpler, easier-to-learn product with fewer features? I’d go with the former.
This is truly an amazing product. The attention to detail is astounding. The fact that they even included a nice PowerShell script editor built into the product clearly feels like they aren’t considering PowerShell a competitor like some other automation products but rather a complement to finish off the last mile of automation for their customers.
If you’re an AD administrator, I whole-heartedly think you should give Adaxes a try.