Product: Softerra Adaxes
Product Homepage: Click here
Free Trial: Click here
Introduction
Softerra Adaxes is a solution for Active Directory [AD] management, administration and monitoring that enables administrators to automate, streamline and secure AD provisioning. Although its main focus is AD, it also includes great capabilities for managing and automating Exchange tasks.
In every single organization, IT staff spends a considerable amount of time and effort performing time-consuming tasks related to user provisioning/deprovisioning, management, group membership maintenance, etc. Adaxes focuses on reducing the workload associated with these tasks, improving compliance, and ensuring the integrity and consistency of AD and Exchange data. For example, Adaxes can set additional actions to be executed before or after specific operations depending on certain rules and conditions, making AD and Exchange management tasks simpler and reducing the workload of IT and help desk staff at the same time.
This review will focus mainly on the Exchange capabilities of Adaxes.
Installation
The installation of Adaxes could not be easier. All it requires is Microsoft .NET Framework 3.5 SP1 and a supported operating system that ranges from Windows XP to Windows 8 and from Windows Server 2003 to Windows Server 2012.
After installation, it is simply a matter of choosing a service account for Adaxes and connecting to the AD domain (or domains) that we intend to manage. The permissions required for this account will depend based on the tasks we want it to perform both on AD and on Exchange.
All of this is easily explained through links to Softerra’s website that includes great documentation, tutorials and videos.
Interfaces
Adaxes has three well designed and intuitive interfaces: the Administration Console is the main admin interface, which is used to do most of the Adaxes configuration from permissions, logging, tasks and actions available to users, etc.:
Figure 1: Adaxes Administration Console
The Web Interface is the interface staff will use to manage AD and Exchange attributes for user accounts. There are three variations of this interface, one for administrators, one for end users and another one for Help Desk staff, all providing different levels of access and permissions:
Figure 2: Adaxes Web Interface
This interface can be customized to display only the functionality necessary to complete the tasks delegated to help desk staff, for example. After policies are set up, tasks become much easier. Using this interface, help desk technicians can perform a simple operation that triggers an automated policy and all related operations within the policy are performed automatically. For example, when a user is moved to another department, help desk operator just needs to change the Department property, and the user automatically gets new permissions, is added to necessary groups, the mailbox is moved to another database, etc.
The Web Interface Configuration console allows administrators to greatly customize all the web interfaces mentioned above. Using this console we can, for example, specify which AD attributes Help Desk staff are able to read or change, what they are allowed to see, etc.:
Figure 3: Adaxes Web Interface Configuration Console
Figure 4: Adaxes Web Interface Configuration Console – Customizing Operations
Roles and Security
Adaxes provides role-based security administration and automated group membership management in order to efficiently control permission delegation. Similarly to Exchange Role Based Access Control [RBAC], Adaxes roles allow a granular distribution of permissions, reducing the possibility of uncontrolled access to resources. As can be seen from Figure 5, there are many roles already configured out of the box with permissions relevant to their purpose:
Figure 5: Adaxes Bult-in Security Roles
For each security role, we can explicitly define the minimum permissions required for role users to accomplish their duties, without providing unnecessary access. For example, we can allow Help Desk to only update Auto-Reply messages and enable, disable and configure Unified Messaging services and Archiving.
It is easy and straightforward to add new roles or edit existing ones down to a great level of detail:
Figure 6: Editing Security Role Permissions
Adaxes also allows to configure certain tasks to require approval of an authorized person. Approval-based workflow allows introducing management control without complicating the administration process.
For overall monitoring of operations, Adaxes keeps track of all operations performed. Using this tracking feature, administrators and authorized users can review all operations executed in all AD domains.
Administrators can even configure e-mail notifications so they are informed when specific operations are performed. In this way, administrators can stay in touch with the situation in their AD domains and timely react to any wrong and malicious actions.
Figure 7: Adaxes Logging
Managing and Automating Exchange
From an Exchange administrator perspective, managing Exchange might be easy and something that comes naturally, especially for seasoned administrators. However, certain administrative tasks such as creating mailboxes, enabling users for archiving, setting mailbox quotas, etc., are time consuming and many organizations often try to delegate these to Help Desk staff in order to free up 3rd line technicians to look after Exchange itself.
With Exchange 2010 and the introduction of RBAC, Microsoft made this a bit easier by allowing administrators to grant specific users or groups with only the required permissions for them to do their job. However, RBAC is still a complex approach that most administrators do not know how to take the most out of it. At the same time, it does not provide with an interface tailored to basic administration tasks.
Another downside is that usually a simple set of tasks have to be done in multiple consoles or even servers. Consider the following scenarios: when a new employee comes in, someone needs to create and configure a new mailbox for the employee in Exchange. This requires knowledge of how to select a mailbox database, which mailbox features to enable for this particular user, which mailbox policies to assign, etc. Then, the AD attributes need to be configured as well (company, address, group membership, etc.). When an employee is relocated to a different city, promoted or transferred to another department, someone has to move their mailbox to another database, adjust mailbox rights, change mail flow settings, etc. When an employee goes on a sick leave, somebody must set an auto-reply message for the user, configure e-mail forwarding, put the mailbox on retention hold, maybe disable the account, etc. Dealing with all these different scenarios require a broad knowledge of multiple systems and multiple administrative consoles. Moreover, staff performing these tasks have to learn and consistently follow a set of guidelines and policies. Not only is this ineffective, it also leaves room for human error.
With Adaxes, we can completely automate the process of provisioning and managing mailboxes, distribution lists and mail-enabled recipients in Exchange 2003, 2007, 2010 and 2013. Most of Adaxes power comes when something happens such as when a user account is created in AD for example. This can trigger Adaxes to automatically create an Exchange mailbox for the newcomer and modify mailbox parameters based on the data entered during account creation. By establishing rules for mailbox provisioning we can define when to create a mailbox, how to generate the alias and tell Adaxes how to pick a database (based on the least number of mailboxes, use round-robin or even pick a database based on the office location or the user’s last name for example).
As an example, the following screenshot shows a policy that is triggered whenever a new user account is created. If the creation is successful and the user does not have a mailbox, Adaxes will automatically create one for the user. We can also see that, in this case, Adaxes will select the database containing the least number of mailboxes out of databases DB02, DB02 and DB04:
Figure 8: Example of an Adaxes Policy
If we want, we can easily add more actions to this policy to take it a bit further and configure certain mailbox properties instead of simply creating a mailbox. In this case, we would add an action to Modify Exchange properties:
Figure 9: Adding Actions to a Policy
Then we would configure all the setting we want to. From the tabs displayed in the screenshot below, it is clear the vast number of options that can be configured. A few examples are mailbox quotas:
Figure 10: Configuring Mailbox Quotas
Enable or disable certain mailbox features such as disabling IMAP and POP and enabling the user for archiving (in case we are using Exchange 2010 or 2013):
Figure 11: Configuring Mailbox Features
Or even configure permissions. A great advantage of Adaxes is that it supports value references such as %manager% which are replaced with the correct value when the policy is executed:
Figure 12: Configuring Mailbox Permissions
These are just some examples, but Adaxes can configure almost any property of a user’s mailbox, such as hiding it from the global address list, modify Exchange custom attributes, configure deleted item retention, reset Unified Messaging PIN, set Auto-Reply Message (OOF), etc.
We can also add conditions to our policies so they are only triggered in certain cases. For example, we can add a condition to the above policy so it only applies to users that are created in the London Organizational Unit (OU):
Figure 13: Adding Conditions to a Policy
There are many types of conditions that can be used, allowing for great flexibility and customization:
Figure 14: Available Conditions
Now that our policy is fully configured, let us see it in action. Using Adaxes’ Web Interface, let us create a new user by using the Create User button in the homepage:
Figure 15: Creating a New User
The first step is selecting which OU we want to create the user in:
Figure 16: Creating a New User – Organizational Unit
The most important fields are automatically populated by Adaxes, but there are many more that can be manually configured, all not shown here:
Figure 17: Creating a New User – Details
Once the user is created, we can check its Exchange Properties pane to verify that our policy was triggered and the user’s mailbox was configured as per the rules in the policy. As it can be seen from the screenshot below, it was:
Figure 18: User’s Exchange Properties
Custom Commands
Custom commands can be added to the homepage of the web interface to make it easier and more convenient for help desk staff to run them. These are useful to automate complex Exchange tasks that require multiple steps to complete. For example, we can easily create one so that when users go on leave, properties such as OOF message, e-mail forwarding and retention hold are all configured with the touch of a button.
We start by giving our custom command a name, an icon and a description which is optional:
Figure 19: Creating a Custom Command – Name
We then select to what type of objects this command will be available to. In our case, it is for Users:
Figure 20: Creating a Custom Command – Object Type
Now we configure Exchange properties just like we did with the policy we created earlier. In this case, we configure the retention hold with a start date of when the command is run and with an end date of a week’s time, for example. Adaxes allows great flexibility when setting these dates as can be seen in the following screenshot:
Figure 21: Creating a Custom Command – Configuring Retention Hold
We configure the mailbox to automatically forward e-mails to the user’s manager:
Figure 22: Creating a Custom Command – Configuring E-mail Forwarding
Finally we configure an automatic reply message to let users know who to contact in case of urgency. Note that we can use value references in this message as well:
Figure 23: Creating a Custom Command – Configuring Automatic Reply
When we finish configuring all the settings we want the command to update, we are presented with a summary of the command’s actions:
Figure 24: Creating a Custom Command – Summary of Actions
We then select the groups of users to whom these custom command will be available to:
Figure 25: Creating a Custom Command – Permissions
Once our custom command is configured, it will be immediately available for users to make use of it through the Web Interface:
Figure 26: Running Custom Commands
The options here are limitless. We can create commands to achieve anything from moving mailboxes, to simply configure OOF messages. Custom commands are a great method to perform tasks easy and quickly but, more importantly, according to the company’s policy. This is particularly important for user/mailbox deprovisioning. When an employee leaves, all resources associated with the account must be deprovisioned. This usually involves disabling the account, hiding the mailbox from address lists, forwarding incoming e-mail to the manager, moving the mailbox to a database dedicated for terminated mailboxes, etc. This is another area where Adaxes makes administration a lot easier by turning complex, multi-step operations into a one-click action.
Exchange Management via Web Interface
While automation is ideal for repetitive tasks, sometimes human interaction is still needed, to handle support cases for example. The Web Interface provided by Adaxes that we saw in the beginning of this review, includes many convenient features that allow administrators, managers, help desk personnel, or anyone else to manage Exchange mailboxes, distribution lists and mail-enabled contacts.
This console is not just intuitive, but it is also flexible and highly customizable to allow users to see only what they need to see and to do only what they need (and are allowed) to do. If the user interface is overloaded with features and options that users do not really need, they will eventually click on the wrong button. Adaxes allows administrators to customize any view and input form and define which operations are available to users.
For example, if we do not want help desk staff to be able to set permissions and OOF messages on users’ mailboxes, or even edit any mailbox properties, we can simply remove those permissions from them. However, they will still see those options on the Web Interface although they will not be able to execute them:
Figure 27: Exchange Properties Pane Before Customization
By using the Web Interface Configuration console, we can easily remove these two sections from the interface, simply by unselecting them:
Figure 28: Customizing Web Interface
Now, they are no longer visible to users:
Figure 29: Exchange Properties Pane After Customization
Conclusion
Adaxes turns complex, multi-step operations into one-click actions. It is a powerful tool with vast automation capabilities, yet it is easy to configure and so intuitive to use.
Although Exchange’s RBAC makes it easier to provide Help Desk staff, for example, with a cut down version of the Exchange console so they can perform certain regular and repetitive tasks, Adaxes takes this a step further and makes these tasks much easier to perform through a great and highly customizable user interface. With all of this, Adaxes is possibly the best method to delegate and automate Exchange tasks.
MSExchange.org Rating 5/5
Learn more about Softerra Adaxes or request a free trial here.
