Note: For security reasons, we have to blur all references to our client’s name in the screenshots below. We will simply refer to them as “Investment Bank in NYC” or “our client”.
Nextware has been working with an investment banking client headquartered in New York for the last two years to implement a full-featured help desk portal based on Softerra Adaxes, along with all backend Active Directory, Exchange and O365 automations.
What we did
When our client approached us, they had already purchased Softerra Adaxes and were using it for nearly two years. However, its configuration was poorly maintained, not documented and many workflows had either stopped working entirely or ran incorrectly, leading to manual corrections by their help desk team whenever a new user was on-boarded or off-boarded. In addition, their Adaxes version was highly outdated and the initial Adaxes configurator had left the company with no replacement or knowledge transfer.
We analyzed their existing setup, but eventually recommended a complete re-implementation rather than trying to fix a broken solution. After an in-depth use case discovery, the latest Adaxes version was implemented in parallel to their existing, broken Adaxes instance. We then implemented all use cases using test AD OUs and test OU objects.
Once all 50 use cases were implemented in test OUs and fully client-approved, we shut down their old Adaxes instance and replaced it with their new Adaxes instance, switching all use cases over to production OUs and AD objects. In addition, we load-balanced Adaxes across three servers, two in the U.S. and one in the U.K. for better local performance. Our client has locations all over the world, but most users are based in the U.S. and in the U.K.
To avoid past mistakes, all use cases were properly documented in our project management tool JIRA and all key client stakeholders were properly trained on Adaxes.
How we still help
After going live, our client signed an on-going maintenance agreement with Nextware to ensure issues are quickly addressed and upgrades are done regularly. Realizing the power of Adaxes and having found an expert partner in Nextware that can help them achieve their vision with this product, our client is now working with us to take further advantage of the automation capabilities of Adaxes and to cover a wider set of productivity workflows.
Benefits to our client
- Manual user on-boarding, user change and user termination processes have been fully automated, improving the productivity of the help desk team.
- Adaxes property patterns ensure that attributes are properly formed from pre-defined value list, including title, department, office and more, so that manual corrections of AD object attributes are a thing of the past.
- Provisioning of Exchange mailboxes is fully automated.
- O365 license management is fully automated.
- Using Adaxes’ very granular “security roles” feature, help desk agents only get the access they need, via Adaxes’ web interface rather than limited AD management tools.
How it was done
For most Adaxes implementations, there are four main configuration areas:
- Adaxes Backend Automations and Configurations, such as property patterns, business rules, custom commands and scheduled tasks
- PowerShell Scripts to fill add functionality beyond the out-of-the-box feature set of Adaxes
- Adaxes Web Interface Configurations
- API Integrations
For this project, we were able to implement all required features and integrations using Adaxes features and PowerShell scripts. API integrations were not needed for this project, but usually provide additional paths to work with 3rd-party solutions our clients want to connect to Adaxes workflows.
For this client, the majority of use cases centered around:
- User On-Boarding
- User Changes
- User Termination
Other use cases were related to:
- Group Management, both DLs and security groups
- File, Folder & Server Access
- Password Management
- Managing Computer Objects
- Reporting, Logging & Auditing
- Exchange Management
- Lync Access
- Service Account Management
How it looks
Below is a small subset of all backend automations, but it will give you a sense of how workflow automation is achieved with Adaxes. At the core are:
- Property Patterns which control how AD object attributes can and must be formed to adhere to a company’s naming conventions.
- Business Rules which are event- and condition-based cascades of actions executed in sequence
- Custom Commands which are automation sequences which can be run on their own or as part of business rules
- Scheduled Tasks which are running custom commands or specific actions on a pre-defined schedule
This screenshot shows a property patterns for user objects. Similar property patterns were implemented for security groups, distribution lists, service accounts and more. Property patterns can further be restricted to an activity scope, so that they only apply to specific users in a certain OU.
A subset of business rules triggered by user, group and service account events.
Detail view of a business rule that gets triggered after a user is being created. Business rules can further be restricted to an activity scope, so that they only apply to specific users or groups in a certain OU.
Detail view of a basic custom command, in this case a set of rules applying the correct “Office Address” and “Location Code” based on the “Office” attribute.
Detail view of the user termination business rule.
Frontend Helpdesk Web Interface
Our client’s help desk team is now using a full-featured Adaxes web interface configuration to execute their daily tasks. Here are some example screenshots:
Homepage of the help desk team’s Adaxes web interface
Full list of user management tasks
User creation dialog (please note that values are controlled by property patterns)
Execution log presented to the help desk team after a user has been created. All successful and unsuccessful steps are logged for troubleshooting and auditing purposes.
Four screenshots of additional homepage actions, including Group, Exchange and Lync Management as well as other help desk tasks that can be executed via the Adaxes web interface.
Detail view of a user object.