About a year ago, I started using Adaxes. I have been a fan of this software for quite a while because it fills many of the holes in an Active Directory environment. Out of the box, Adaxes provides mobile management, user self-service, and a mighty AD management console. Softerra has now released their most comprehensive update for Adaxes yet. Now that I have had a bit of time to get used to it, I wanted to write up some of my personal experiences and review where we were, where we are now, and where we hope to be with Active Directory management.
Before Adaxes and Our Current State
One word could summarize our environment in the past. That word is messy. We had many inconsistent naming schemes for every object type. Attributes, like descriptions or Outlook details, varied depending on when the object was created. Most actions were driven through multiple people and many routine AD management tasks were done by hand.
Since that time, we have moved to a very streamlined (but still not perfect) management scheme. In our environment, AD is the source for many of our applications and user data. Almost everything ties back into it. Because of this, our goal is a single console and service for all AD management. In the past, we would do some routine management (like a weekly task list) in ADAC and have various scripts running as scheduled tasks. All of that is now managed by Adaxes because we could use many of the built-in tasks and import scripts that were previously written. Below is a truncated screenshot showing the scheduled tasks agenda view in Adaxes. Even though I receive status notifications from these Adaxes tasks, I love getting to see this 30,000-foot view of future automated actions.
At our current state, most object management and maintenance are automatically handled by the scheduled task features in Adaxes. This makes the behind-the-scenes stuff simple, but what about the front-end? To be honest, our users are probably not even aware that we are using Adaxes to extend Active Directory because it integrates so well. Features like self-service password reset magically show up on the login screen. Our HR and Finance staff go to their custom designed Adaxes web portal for their AD management tasks. This is a considerable improvement over the clunky custom Active Directory Users and Computers MMC as I can design workflows for our staff to use.
Adaxes 2018.1 made AD web administration and management so much better! In previous versions, web consoles were created with a separate utility. While not difficult to use, I spent a lot of time jumping back and forth between the on-server utility and the console while making modifications. Now, web consoles are modified in the same browser. The screenshot, above, shows me modifying the Administrator web console. Everything is on one page – neatly divided with headers – and searchable.
From the end user standpoint, the web consoles are cleaner and easier to navigate in. Below is a screenshot of the AD console that our department can use for mobile access. Four buttons cover the majority of AD actions required in the field. When I am in a classroom or office, I can push out some software or a printer in just a few clicks from my phone.
With the new web consoles in Adaxes 2018.1, most routine work can be pushed into the browser wherever the user is located. From IT’s perspective, management is more accessible due to the unified management tool, unified login, and unified creation. Regarding customization, the browser management platform is superior. Every bit of content can be changed or rearranged for specific roles or tasks.
For more complex work, I spend most of my time working in the new Adaxes Administration console. Below is a screenshot of the console in our environment. It still has the traditional Active Directory view when I expand the Active Directory Node, but I also get to view our maintenance tasks, approval requests, workflows, and reporting within the same window. One thing to note is that Adaxes licenses per active user that you want to manage. We have licenses for all of our users, and it was a little confusing when they didn’t show up under the Active Directory node.
If you have ever worked with System Center Configuration Manager, you probably found it impressive to see software, updates, operating systems, security settings, inventory, etc. in the same console. I get that same happy feeling when I see AD reports, logging, tasks, etc. in the Adaxes console. One new feature that I am enjoying, which I highlighted above, is the inclusion of Best Practices as reports.
Almost every report breaks out into an interactive console. Computers, Users, and Groups each have an Overview Dashboard. When I click on Groups, I get a 30,000′ view of my group structure. If I click on the (5) Created Recently button, I get a custom view that shows these groups and the related attributes.
I do wish that Adaxes would combine AD audit events into their single pane of glass approach. If an environment audits group creation/deletion and the Adaxes service is delegated permission to read those events, the console should merge that data into their reports. Because the reporting platform is so flexible, it would be possible to pull this data in through external scripts that you set up. As of right now, that data is just not native to a report.
Going Forward with Adaxes
Like I said at the beginning, I don’t feel that I am at a perfect environment yet, but Adaxes is helping me get there. Going forward, I would like to look at moving some of the scheduled tasks over to business rules. This would allow our HR/finance staff to drive staff changes in real-time instead of feeding them into a scheduled task. I would also like to get a bit more redundancy built into my setup. Adaxes 2018.1 does streamline this with their new shared hierarchy models.
Adaxes is excellent, but I would like to recommend some future features. First, tie in AD domain controller audit events into the Logging and Report nodes. These events have always been a pain to read, and their integration would allow us to have a clearer insight into our environment. Second, make the Active Directory node an accurate view of AD – this will keep administrators in the console instead of having to fall back to ADUC/ADAC at times. The 30,000′ views are fantastic – keep adding to them! For example, property patterns allow us to create consistent computer accounts once implemented. A report showing naming irregularities would provide insight into our previously misnamed machines. Custom commands can allow us to fix these issues fairly quickly. Finally, add additional right-click management tools (similar to the SCCM Right Click Tools) and allow administrators to modify/add their own. Being able to right click and remote into a computer would be one example. Another would be a right-click – rename feature that works on one computer or a group of computers. Linking these right-click options to reports would provide insight and action with one tool. As of right now, custom commands can be added here. I have been told that the next big update will make these additional options easier to implement!
So, what is my final take with Adaxes and the 2018.1 Update? It is an incredible design for modern AD management. I think it will keep getting better! Adaxes is one of the few companies that I would consider holding a maintenance agreement with and that is because they provide solid feature rich updates on a regular basis. If you have never tried it before, play around with their live demo environment here.