Active Directory Provisioning

Rule-based automation is a key principle that Adaxes introduces to simplify various aspects of Active Directory management. One of the most common scenarios where it can be applied is user onboarding. Adaxes can reduce the number of steps needed to provision user accounts across AD, Exchange, Microsoft 365 and other systems by automatically executing all the operations required to get a new user going. This means that IT staff no longer need to deal with such dull tasks manually and focus their resources on more useful things.

Here is how it works. When a new employee is hired, all you need to do is create a user account in AD, whereas Adaxes will then automatically do everything else. It can move the account to a correct OU, add it to groups, create and configure an Exchange mailbox, activate a Microsoft 365 account and assign licenses, send a welcome email to the user, notify the manager about the new arrival, execute a PowerShell script, etc. Adaxes can also be configured to take context into account. It means that onboarding procedures can vary depending on new user's job title, department, office or any other parameter, so that every account gets configured according to the exact needs of the user they are created for.

The way such a scenario can be implemented with Adaxes is by using automated workflows called Business Rules. They allow executing sets of various operations before or after certain events in AD. So, to configure Adaxes to automatically provision new users, you need to set up a Business Rule that contains all the onboarding business logic, i.e. all the actions that must be executed and the conditions they must follow. The rule then needs to be triggered every time a new user is created in Active Directory. Once it's done, you're good to go.

How to automate user provisioning

Delegation of User Provisioning

When user provisioning is automated, the process becomes so simple that it no longer requires advanced IT skills or elevated permissions to operate. This means that it can be safely delegated to non-technical users like, for example, HR managers. So, instead of submitting requests to IT every time an account needs to be set up for a new hire, with Adaxes they can do everything by themselves.

When delegating such tasks to users who might lack technical skills, it's important to provide them with tools that are as intuitive and user-friendly as possible. With Adaxes it is achieved with the help of the Web Interface. It is fully customizable, allowing you to give out a simple and clean UI that leaves no room for any mistakes. You can configure the Web Interface in such a way that all that needs to be done to create a new AD account is filling in a simple form with the new user's info and clicking the Finish button. After that Adaxes jumps into the game and fully provisions the new account according to the rules you defined.

How to customize forms for user creation and editing

If you need to have more control when delegating user creation, Adaxes allows you to add an approval step to the procedure. For example, if you've given the provisioning process to HR staff, instead of creating a new account straight after they fill in the form, the operation can be first sent for approval. The new user will then only be created after it's reviewed and approved e.g. by a member of IT staff or the new user's manager.

How to request approval for user creation

Bulk User Provisioning

Same automation approach can be applied when creating new Active Directory accounts in bulk. For example, Adaxes can automatically import new users from a CSV file, which can be generated by your HR system on a periodic basis. Once new users are imported to AD, same automation rules will be triggered, so that every account will be properly provisioned.

How to schedule import of users from CSV

Approvals can also be used here. For example, when automatically importing users in bulk, Adaxes can first submit them to be reviewed by the IT staff and then create and provision only those accounts that have been approved. This way administrators stay in charge of the process, but all they need to do is check the users that are already pending to be created and approve them with just several clicks.

Automating Other Aspects of User Lifecycle

With the help of rule-based automation Adaxes can also simplify other aspects of user lifecycle management, such as promotions, switching departments, going on vacations and sick leaves, etc. Finally, when the times comes for the user to leave your organization, termination of their accounts can also be automated, effectively doing provisioning in reverse.

How to configure user deprovisioning

By automating user provisioning as well other parts of user lifecycle management, you can make the overall process much faster and significantly more reliable. You can also take administrators out of the loop at points where they shouldn't be present and delegate tasks like user creation outside the IT department. As a result, onboarding, offboarding and managing user accounts can become much simpler and allow everyone to focus on their jobs, rather than the maintenance of technical means behind them.

See Also