User LifecycleActive Directory Management & Automation
User Lifecycle within IT
In today’s world, when new employees are hired, IT department plays a major role in welcoming them. It’s a lot of tedious and repetitious work, creating accounts in Active Directory, adding them to groups, creating home folders and Exchange mailboxes, assigning Office 365 licenses, etc… Doing it manually, means support staff must switch between multiple tools and interfaces and follow long and convoluted provisioning procedures that vary for different types of users. Such complexity inevitably leads to mistakes, missteps, and delays, and it can’t be solved with delegation to HR or managers without over privileging them. As a result, the IT department is trapped in time consuming routines while new users are waiting for hours or days before they can start working. We eliminate all these problems completely, with rule-based automation.
After a new employee is hired, all provisioning procedures, like creating Active Directory accounts, setting up a home folder, creating an Exchange mailbox, assigning Office 365 licenses and others, are executed instantly, and based on company policy. Things like adding new users to different groups based on job role or moving them to an OU, based on location will all be automated. Once configured, all you need to do is, fill out a form with user name, job title, and location, click create and that’s it! Everything else is done by automation rules put in place. Even users with limited technical skills, i.e. your human resource department, can initiate the process and have the proper IT accounts created after routing it through pre-determined approval process.
All that applies to user updates as well, so for example, when the user is promoted, all you need to do, is change the job title property, and the process will then adjust group membership, update Office 365 licenses, and move the user to a new OU, strictly following your company rules.
When a user is terminated, according to your policies, the process will disable the user account in AD and all connected systems, relocate home folder, set mail forwarding to the user’s manager, remove the user from all groups, revoke Office 365 licenses, reset user’s password, move the account to a secured OU and delete it after a certain time. With deprovisioning automated, all user’s access to your system is blocked at the exact moment they leave, eliminating the risk of a data leak or possible data loss from previous employees.
With our user lifecycle automation, there is no more waiting for your users, no more tons of routines for IT staff, no more human factor mistakes. Managing user lifecycle, couldn’t be easier!
01Logix, a Softerra partner, has been helping, guiding, and training organizations with complicated setup scenarios that require custom solutions to fit their IT environment’s specific needs. Our consultants specialize in the implementation of Adaxes and can help automate manual and time consuming processes such as user provisioning, deprovisioning, and reprovisioning through integration with Human Resources systems. Our system architects can help you achieve your objectives in terms of security and high availability, and our support staff can provide you with ongoing maintenance and support.
Active Directory management
Active Directory plays a major role in many critical processes within organisations. Effective and secure Active Directory management becomes increasingly important and at the same time increasingly challenging, especially in large and complex environments. Native tools for Active Directory management are inefficient as they provide only basic functionality and cannot be used for active directory automation, web-based administration, role-based security, cross-domain management, audit of changes, etc. It becomes obvious that a higher-level solution like Adaxes is needed to cope with all challenges associated with Active Directory management. Softerra Adaxes provides a number of much-needed features that make Active Directory management, maintenance and administration much more simple, secure and effective.
Active Directory Provisioning
User provisioning, deprovisioning, and reprovisioning can be extremely complex and difficult-to-manage processes that take a lot of time and effort. When a new employee starts, this employee needs an Active Directory account, Exchange mailbox, home folder, the employee’s user account must be added to certain security groups and distribution lists, etc. When an employee leaves, the AD account of this employee must be disabled and removed from all distribution lists and security groups, the user home folder must be relocated or deleted, user accounts in various applications must be deactivated, and much more.
If Active Directory provisioning involves a series of manual activities performed by a human, the user provisioning and deprovisioning can easily become extremely complex, tedious, and time-consuming tasks accompanied by various kinds of errors and faults. To eliminate the issues related to the process, all operations involved in the Active Directory provisioning must be automated. The process automation reduces administrative costs associated with the user account management and acquires especial importance when multiple persons (Help Desk, support, administrators) are involved in the Active Directory provisioning.
Active Directory Delegation
Active Directory Web Interface
The necessity of Active Directory Web Interface increases drastically if there is a need to delegate AD management tasks to non-administrative staff. Usually, this staff doesn’t have access to native AD management tools, and needs a more simple, easy-to-use and intuitive solution. Fortunately, there is such a solution – Softerra Adaxes. Among other AD management facilities, Softerra Adaxes enables highly granular, controlled, and secure Active Directory Web access.
Active Directory Self-Service Password Reset
Exchange Management & Automation
Exchange management is a headache. This statement is supported by countless articles, blog posts and forum topics in the Internet. Web searches yield a myriad of various tips and best practices on how to streamline the process and make it less expensive. With all the vast amounts of information available, the problem is still there and desperately needs a strong and effective solution.
Why is there so much talk and fuss about Exchange management? The answer is straightforward: because it is expensive as it involves a lot of manual work by skilled technicians. Consider the following. When a new employee comes in, someone needs to create and configure a new mailbox for the employee. This requires knowledge of how to pick a mailbox database, which mailbox features to enable for this particular user, which mailbox policies to assign, etc. When an employee is relocated to a different city, promoted, or transferred to another department, somebody has to move their mailbox to another database, adjust mailbox rights, change mail flow settings, etc. When an employee goes on a sick leave, somebody must set the Auto-Reply message for the user, configure email forwarding, put the mailbox on retention hold, etc. When an employee leaves or retires, their mailbox must be properly deprovisioned, which is a complex task that requires multiple steps to complete.
What does all this mean? It means that somebody has to learn and consistently follow a rigorous set of guidelines and policies for Exchange management. Not only is it ineffective and a huge waste of human resources, it also leaves too much room for human error – the root cause of downtime and out-of-compliance issues.
Office 365 Automation & Management
The foremost essential step to achieve the much desired cost efficiency and operational agility is to automate Office 365 management tasks wherever and whenever possible. Adaxes delivers the missing layer of automation and policy enforcement needed to sustain the compliance and efficiency goals.
send e-mail notifications to users whose passwords are about to expire,
notify managers about soon-to-expire accounts of their subordinates,
delete inactive user and computer accounts from Active Directory,
add users to groups based on predefined rules,
move users across OUs if certain conditions are met,
synchronize Active Directory with external data sources,
update properties of Active Directory object using modification templates, etc.
With Adaxes you can quickly and easily automate such tasks, and you don’t need to be a software developer to do this!
Active Directory Automation
Active Directory Role-Based Security
- The process involves modification and maintenance of multiple Access Control Lists (ACLs) across many objects in Active Directory, which is very error-prone and often results in users either not having access they need or having elevated administrative privileges they don’t need.
- There is no central place to store and manage permissions, and, as a result, it is rather challenging to control who has what privileges and why.
- Permissions can be applied either at the domain or OU levels only. This significantly complicates the delegation process, because the Active Directory OU structure is often designed for effective application of Group Policy Objects, rather than for delegation of security rights.