Welcome to Adaxes. In this video we’ll be looking at Custom
Commands. This feature allows practically any multi-step
operation in Active Directory, Exchange and Office 365 to be executed in an instant by
turning them into simple one-click actions, which can make the management process much
easier, faster and more reliable. So, let’s see how it works. For example, here I have a Custom Command
called Deprovision, which comes pre-configured with Adaxes and contains all the actions that
need to be executed to terminate users. It disables the user account in Active Directory;
it resets the user’s password to a random value; it can also do something with the user’s
home folder, like, unshare the home folder, delete the folder itself if it’s empty,
or, for example, archive it to a specific location. Then, if the user has a manager, the command
will set mail forwarding to the manager’s email and give full access rights to the user’s
mailbox. After that, the command will hide the mailbox
from the Exchange address list, cancel all meetings organized by the user and convert
the user mailbox into a shared mailbox, so that if it’s located in Exchange Online,
it won’t need an active license. Then, the command will deprovision the user
in Office 365, which by default will set the account status to Blocked and revoke all licenses
from the user. Of course, you can tailor the default deprovisioning
procedures to the needs of your organization. You can edit any of the available actions,
remove them if they’re not needed or add others. For example, I can configure the command to
also move the user to a separate OU where all the terminated accounts are stored. And if the actions that are provided by Adaxes
aren’t enough to satisfy my needs, I can extend the built-in functionality by adding
my own scripts to the Command. So, for example, I can make a web service
call to my HR system to notify it that the user is terminated. So now, let’s deprovision one of the users
to see how the Custom Command works. As you can see, it’s literally a one-click
action that I need to execute for the user I want to terminate, then¬ I need to confirm
the action and that’s it — the user is now fully deprovisioned. The AD account of the user is disabled, it’s
moved to the Deprovisioned Users OU, the mailbox is hidden from the Exchange address list,
Office 365 licenses are revoked and so on. The whole process took literally seconds,
and there’s also no risk of missing a step or doing something wrong, as everything is
effectively done automatically. In addition to being easy to execute, it’s
also easy to safely delegate permissions to run the Custom Commands. For example, to delegate deprovisioning to
somebody, like your HR staff, all you need to do is assign a single permission to execute
the Deprovision command and nothing more, as opposed to granting rights for all the
individual steps it contains, like resetting passwords or disabling AD accounts, which
in fact require administrative permissions, so you avoid over-privileging users. And, if at some point the termination procedure
changes, you won’t need to add or revoke permissions to anybody, as all you’ll need
to do is update the Deprovision Custom Command and that’s it. You can also allow users to control the execution
process of Custom Commands, with the help of parameters. To see how parameters work, let’s create
a new Custom Command to send users on vacation. To provide user inputs that will be available
to control the Custom Command, I need to specify which parameters it will have. For example, I can add a parameter to request
a return date of the user who’s being sent on vacation. And, let’s set a default value for the return
date to be two weeks after the date the command is run. When I’m done with the return date, I can
also add other parameters for the Custom Command. For example, I can add a checkbox that will
determine whether the Active Directory account of the user needs to be disabled when the
users goes on vacation. And after I’ve defined the parameters, I
then need to specify, which actions will be executed when the Custom Command is run. First, let’s set it to disable the account
of the user who’s being sent on vacation, but only under the condition, that the ‘Disable
User’ checkbox is checked. And after that, let’s configure the command to set
Out-Of-Office messages for the user in Exchange for the absence period. To do that, I can set the Automatic Replies
to end on the return date that’s specified by the parameter, and I can also use the parameter
value in the actual text of the out-of-office message, to let everyone know, exactly when
the user is expected to be back. So now, the command is ready, let’s switch
to Adaxes Web Interface and see how it works. Here I’ve got a user that I want to send
on vacation, and all I need to do for that, is launch the Custom Command for this user. Then I need to specify the return date and
select whether I want the account of the user to be disabled or not. And once I’ve done that, I can see that
the user account in AD is now disabled, and the out-of-office message in Exchange has
been set for the user. So, not only can I execute multi-step operations
with just a couple of clicks, but I can also control how they need to be executed, and
I have a clean and comprehensive UI for doing so. If you have PowerShell scripts that you use
in your AD management routines, you can also turn them into one-click actions with the
help of Custom Commands. This way you can simplify the execution of
the scripts, as you won’t need to switch to the command line to run them and can instead
do that straight from the user interface, just like any other action. So, when users run those actions, they won’t
even know that they are in fact executing scripts. And also, with Custom Commands you can have
a centralized storage place for all your scripts, which means that it’s easy to maintain them,
you always have the latest version of the scripts in one place and everybody who needs
them knows where they are. In addition to being executed by users, Custom
Commands can also be used in workflows that are automatically launched by Adaxes. This can be useful, for example, when the
same sequence of actions needs to be executed on multiple occasions by different automated
workflows. For example, here I have a Business Rule that
is launched every time a new user account is created in AD and executes all the onboarding
procedures for the new user. One of the actions that it automatically runs
launches the ‘Update Location’ Custom Command, which, as you can see, moves users
to OUs based on their City. Now, if I want users to be moved to correct
OUs not only after creating new accounts, but also, for example, after updating existing
ones, I can use the exact same Custom Command in other Business Rules. Here the command is launched every time a
user is updated, and the City property of that user is changed. The same thing applies to Scheduled Tasks,
in case I want to update users’ location on a regular basis. Sharing business logic this way not only makes
the workflows tidier and easier to manage, but also makes it much easier to adopt any
changes. Which means that, if, for example, a new office
is opened in a different city, you’ll simply need to update a single Custom Command in
one place, instead of going through every Business Rule and Scheduled Task that does
something with user location. So, with Custom Commands, you can simplify
a lot of multi-step management activities in AD, Exchange and Office 365 by turning
them into one-click actions, which take less time to execute, are more reliable and less
prone to mistakes. It also enables you to safely delegate complex
tasks to users, even if they have no IT skills whatsoever. Thanks for watching.
