Softerra Adaxes Review: An Active Directory Management and Automation Solution

I’m sure that for many of you Active Directory is a mainstay of your day. I know that from my PowerShell perspective, this is a very popular topic for automation. Clearly, IT pros want management tools. So today I want to take a look at a product called Adaxes from Softerra.

Softerra has been in the AD business for a long time. Years ago, I used their free LDAP browser when Windows 2000 came out. In fact, that utility is still freely available today. But I’m going to assume you need a more full-featured solution for managing and automating Active Directory. I won’t have time to cover every feature, but you can download it, and give it a test with a free 30 day trial.

Installation

You can install everything on a single server or take what I feel is a more traditional path. I installed the Adaxes Service and web components on a Windows Server 2012 R2 server. On a Windows 10 client, I installed the Service Administration Console and the PowerShell module. Everything installs from a single MSI. You select what you want to install.

Selecting Installation Features (Image Credit: Jeff Hicks)
Selecting Installation Features (Image Credit: Jeff Hicks)

Note that if you want the PowerShell module, you need to have the PowerShell 2.0 engine installed. The service installation is pretty straightforward and probably like other client-server applications you’ve installed in the past. The installation requires .NET Framework 3.5 SP 1. You may need to go into optional features and explicitly install the .NET Framework 3.5. I would then suggest running Windows Update to make sure everything is current.
Setup a new service configuration (Image Credit: Jeff Hicks)
Setup a new service configuration (Image Credit: Jeff Hicks)

One of the useful features is the inclusion of several web portals. These portals give you, the help desk, and users access to the Adaxes services and features that they need.
Setup optional web portals (Image Credit: Jeff Hicks)
Setup optional web portals (Image Credit: Jeff Hicks)

The service installation will open port 54782 on the server. If you are installing the web features, this will obviously require an IIS installation, which means port 80 will also be open.
Installation Summary (Image Credit: Jeff Hicks)
Installation Summary (Image Credit: Jeff Hicks)

If you will be installing the management tools on your desktop, set up the service first. The installation only takes a few minutes, if that. When complete, you should see some new menu items.
Adaxes program items (Image Credit: Jeff Hicks)
Adaxes program items (Image Credit: Jeff Hicks)

Start the Administration Console, and follow the installation guide to configure the service for your domain. Any installation you do must be on a domain member.
Post installation steps (Image Credit: Jeff Hicks)
Post installation steps (Image Credit: Jeff Hicks)

There is a lot going on in the console, but I found most of it pretty intuitive to use.

Adaxes Features

Adaxes is designed to meet the Active Directory needs of three different audiences and provides customized interfaces for each. In addition to integrating with Active Directory, you can use Adaxes with other user-centric products like Exchange and Office 365, although I didn’t try any of those features in my test environment.

The Adaxes model (Image Credit: Softerra)
The Adaxes model (Image Credit: Softerra)

Adaxes acts more like a front end to Active Directory and does not replace it. Nor does it act as a full-fledged proxy solution. I should also point out that nothing needs to be installed on any domain controller. The only requirement is that your run the product from a domain member desktop or server. You can still use Active Directory Users and Computers or the Microsoft Active Directory cmdlets if you want. But if you run your Active Directory tasks through a server running the Adaxes service, then you can take advantage of a very rich feature set.
In addition to the typical AD-related tasks, such as creating and moving user accounts or modifying group membership, you can create process workflows. For example, I’m sure many of you have built home-grown scripting solutions to create a user, add them to some groups, create their home folder and create a mailbox. Well that is exactly the type of process you can create through their graphical interface through a business rule.
Creating a business rule (Image Credit: Jeff Hicks)
Creating a business rule (Image Credit: Jeff Hicks)

When I create a new user in Sales and Marketing, as long as I do it through the Adaxes service, my rule will run. These rules can be as complex as you need them and incredible time savers. Here’s a built-in example.
Sample new user rule (Image Credit: Jeff Hicks)
Sample new user rule (Image Credit: Jeff Hicks)

Depending on your organization, expect to take some time getting these rules setup and working perfectly. But once in place, I don’t see how the additional automation is anything but beneficial.
The same is true of the Scheduled Tasks feature. Adaxes ships with a few common recurring tasks.
Out of the box scheduled tasks (Image Credit: Jeff Hicks)
Out of the box scheduled tasks (Image Credit: Jeff Hicks)

These are tasks you most likely would like to do on a periodic basis but either haven’t gotten around to it or you are relying again on homegrown scripts. Like business rules, you can use any number of pre-defined building blocks. And as a last resort, you can always schedule a PowerShell script. I tested out the scheduled task feature to periodically standardize a user property. Adaxes has methods for ensuring data consistency, but they only apply if Active Directory is managed through the service. For everything else, you might want to make sure as I did in my test, that a property like Company has the value you expect. You can limit your scheduled task to a business unit or OU.
All of this automation and workflow is where Adaxes really shines. At times your options can be a bit overwhelming, but the online documentation and tutorials go a long way. Oh, and everything you do through Adaxes is logged and searchable.
Logging Adaxes actions (Image Credit: Jeff Hicks)
Logging Adaxes actions (Image Credit: Jeff Hicks)

Reporting

In addition to being able to do just about everything through a web interface as well, the web portals also offer some terrific reporting features.

Reporting via the web portal (Image Credit: Jeff Hicks)
Reporting via the web portal (Image Credit: Jeff Hicks)

I expect many of the pre-built reports are items you would love to have. I especially like the reports are interactive. For example, when I run a report showing recently created user accounts, I can click on the user account and manage that account right from the portal.
User management via the web portal (Image Credit: Jeff Hicks)
User management via the web portal (Image Credit: Jeff Hicks)

User management via the web portal (Image Credit: Jeff Hicks)

PowerShell

In addition to the console and web interfaces, Adaxes ships with a PowerShell module of 39 commands. The syntax of most commands is very similar to the Microsoft Active Directory cmdlets. If you’ve used Get-ADUser, you can use Get-ADMUser.

Using an Adaxes cmdlet (Image Credit: Jeff Hicks)
Using an Adaxes cmdlet (Image Credit: Jeff Hicks)

The module requires at least PowerShell 2.0, which I’m assuming most of you are beyond. However, the installation checks for the existence of the PowerShell 2.0 engine. which is now optional. So if you want to use the module, you’ll need to make sure you have enabled v2. You don’t need to use it. I ran the commands just fine in Windows 10 under PowerShell 5.0.
The only potential gotcha that I can see is that if you are using any of the cmdlets that will change something, such as moving a user, you need to make sure you specify the Adaxes service, especially if the service is running on a different box.
Creating a new user (Image Credit: Jeff Hicks)
Creating a new user (Image Credit: Jeff Hicks)

Because I used the Adaxes service, my business rules for new users in this business unit automatically executed. You could easily set a default parameter value.

​
The Adaxes module also includes a PSProvider and a default PSDrive, much like the PSDrive you get with the Microsoft cmdlets.
Exploring the Adaxes PSDrive (Image Credit: Jeff Hicks)
Exploring the Adaxes PSDrive (Image Credit: Jeff Hicks)

Licensing

Adaxes is licensed in bundles per enabled and unexpired user accounts, starting at $1600 for the first 100 users, and the licenses are perpetual. You also have the option to purchase an annual maintenance and support contract. You can learn more by visiting the purchase page. If you have any questions on licensing or cost, talk to the folks at Softerra. But I have to admit the cost to benefit ratio is pretty compelling. Let's say you run a small shop and your time is worth $50 per hour. That would equate to 32 hours of work effort. There's no way you could build home grown solutions for a fraction of the feature set in this product and the daily management time saved is also considerable. And I didn't even get into the password self-service feature, which depending on your user base, may be worth the price of admission by itself.

Cons

I don't have too many concerns about features that are lacking or don't work. If anything, the standard console can be a bit overwhelming between tree controls, icons, and menu choices. I also expect the learning curve to fully take advantage of all features is a bit steep but not without rewards.

Pros

There's a lot to like and recommend with this solution. For starters, your domain controllers can remain untouched. No changes are made to your AD schema and nothing is stored in AD. Thus you can safely test the product without having to worry about complex rollback schemes. I'm also a big fan of the business rules and scheduled tasks. I think of these features as force multipliers like in the military. They add extra firepower to common tasks, such as creating a new user account. I like the reporting capabilities, as I know many of you have spent a lot of time struggling to build similar reporting mechanisms. Related to reporting is the logging feature. Now you have a central location for all logged Active Directory related events, provided they were run through the Adaxes service. And finally, how can I not like a product that has a full set of PowerShell cmdlets. Even though the cmdlet coverage doesn't come close to duplicating functionality in the GUI, the cmdlets are easy to use and familiar. The module is listed as version 1.0, so I have to assume cmdlet coverage will increase over time. For example, it would be nice to have reporting cmdlets so I don't have to rely on a web browser.

Recommendation

If I had significant Active Directory responsibility, I would definitely be trying this product out. Even more so if I also had to manage user's Office 365 or Exchange accounts. The ability to build workflows and automation to typical management tasks is a very compelling reason to give this a try. If you can carve out the time to get everything configured the way you need it, I think the product will make you a much more efficient and happier administrator. You can learn much more by visiting Softerra Adaxes online. There are demo videos, tutorials and screen shots. Even better there is a live demo, where you can try the product out for free without having to download or install anything. Although allow yourself at least 45 minutes as it takes a bit of time for them to spin up a virtualized environment which is more an issue for their hosting company that Softerra. Disclaimer: On my personal blog, Softerra is a paid advertiser, but this review is based entirely on my own testing, observation and experiences. The opinions are my own, unsolicited and uninfluenced.