ADManager Plus Fixes and Enhancements

ADManager Plus Fixes and Enhancements

7122 (December 2021)
  • This release includes precautionary measures to protect against the Apache Log4j library vulnerability.

7120, 7121 (November 2021)
  • Flexibility to pause, resume, retry and delete actions configured in the delayed management tasks section.
  • Custom Reports:
    • Option to retrieve user accounts that will be expiring in the next N days in custom reports.
    • proxyAddress can be added as a filter while creating custom reports
  • HRMS Integration: Automatically detect the user accounts removed from the HRMS application and delete their corresponding AD accounts.
  • All the latest features have been updated in all non-English language builds viz., Chinese, Japanese, German, French, Italian, Dutch, Turkish, and Spanish.
  • Third-party Javascript libraries have been upgraded to the following versions for enhanced security: Bootstrap 3.4.1, jQuery UI 1.12.1, and Moment 2.29.
  • Java Runtime Environment (JRE) package has been upgraded to ZULU JRE version 8.
The following issues have been fixed in this release:
  • Issues in enabling Mobile Services/Protocols option in Exchange while modifying single user using templates.
  • Employee's manager not receiving email/SMS alerts from Workflow when the manager is assigned as a Workflow technician
  • Wrong password expiry value shown for users with fine grained password policy configured in custom reports
  • Logs are not forwarded to the Syslog server after it has been restarted
  • Error in generating random numbers while defining naming format for user principle name (UPN), sAMAccountName and full name.
  • Mismatch in displaying Microsoft 365 licenses in ADManager Plus

7118 (November 2021)
  • Cluster Shared Volume support: Manage and report on Cluster Shared Volumes (CSV) access permissions using File Server Management and NTFS reports respectively.

7117 (October 2021)
  • Added cross domain support for configuring memberOf attribute for supported objects in Management, Workflow and Automation.
  • Multiple cross-site scripting issues have been fixed in this release.

7116 (October 2021)
  • In-product and email alerts to change the default password of the built-in help desk technician accounts.
  • Product security score calculated based on the configuration/enabling of various security-related settings such as HTTPS, TFA and LDAP SSL. The security score will be displayed in the product after login and also in the license pop-up.
The following issues have been fixed in this release:
  • Issue in delivering SMS notifications when a proxy is configured.
  • Remove users from all groups' option in Disable Policy does not execute correctly for some users. For these users, there are also issues in performing the 'Clear all Group Memberships' operation from Management, Workflow, and Automation.
  • Automation tasks were executed even in cases where there is a mismatch between the supervisorName fetched from UltiPro and the corresponding display name in AD.
  • User accounts not being removed from a group after the specified duration, when they are added to a group using the 'Create Request' option in Workflow.
  • Copy help desk technicians option, in Delegation, not working properly.
  • Issue in exporting the NTFS report in XLSX format in standard mode.
  • Administrators can now search for users involved in a particular task in a request ID, using the AD search option.
  • The requests created in Workflow not sending the password notifications to Executor and Requester.
  • The FirstName attribute has been added in User Creation Rules and the FirstName and LastName attributes have been added in User Modification Rules.
  • Issue in Syslog forwarder due to socket exception.
  • Issue in generating the Microsoft 365 Inactive Users report.
  • Issue in deleting the user mailboxes after exporting them, using the Delete/Disable Policy.

7115 (October 2021)
The following issues have been fixed in this release:
  • Filter bypass leading to file-upload remote code execution vulnerability (CVE-2021-42002), reported by moon.
  • Issue in performing SAML-based login to the product when a custom SAML URL is configured.

7114 (September 2021)
  • Issue in generating the Microsoft 365 License Details report, due to a change in an MS API has been fixed.

7113 (September 2021)
This release includes fixes for the following issues:
  • Multiple unrestricted file uploads leading to RCE vulnerabilities reported by Jimi Sebree from Tenable.
  • Countries list not being displayed in the Country field while creating a Request Demo, Get Quote or Extend Trial request from the feedback icon in the product.

7112 (September 2021)
  • GPO management
    • Manage GPO scope with Security filtering and WMI filtering options.
    • Options to configure the GPO permissions (edit, modify security, read or delete) for desired users, groups and computers.
  • Microsoft 365 reporting: Two new reports, Last User Activity by Service and Last User Activity by date, have been added for enhanced Microsoft 365 reporting.
  • User Modification templates: Rules can now be set up to check for 'is not' condition, besides the existing 'is' condition.
  • Workflow: Option to resolve workflow requests in bulk irrespective of the ticket status.
  • AD Explorer will now display Object GUID attribute values for all objects.
  • IP restrictions for enhanced security: Options to restrict the inbound and outbound connections based on IPs or IP ranges.
  • Custom SMS notification options
    • Enhanced customization options for HTTP parameters and HTTP request headers configuration.
    • Options to choose the type of message encoding (URL or Base64) and the parameters to be encoded.
The following issues have been fixed in this release.
  • Scheduled reports emailing failing randomly.
  • 'Choose member' popup window of the Modify Single group window having a longer loading time.
  • Issue in configuring the scheduled custom report to be sent only if data is available.
  • Issue in setting the allowed logon hours to 'All allow' via user modification templates.
  • Values of multi-line attributes like 'Street' being displayed as multiple lines in the product and as a single line in AD.
  • Issue in updating Microsoft 365 licenses in non OU-based delegation setups.
  • When a manager is assigned as an approver to a workflow task, only the specific approver will be notified in case of any helpdesk requests assigned for approval. The other approvers will not be notified.
  • Cross site scripting and Remote code execution vulnerabilities reported by bmtd from ECQ.
  • Cross site scripting and Path traversal vulnerabilities reported by 'nothing'.
  • Authentication bypass vulnerability affecting REST API URLs.

7111 (July 2021)

Issue Fixes
This release fixes the following vulnerabilities:
  • Pre-authentication RCE vulnerabilities (CVE-2021-37539, CVE-2021-37762, CVE-2021-37741, and CVE-2021-37761) reported by bmtd from ECQ.
  • Post-Auth OS command injection vulnerability (CVE-2021-37925) reported by Thai Nguyen of ECQ.
  • Post-Authentication RCE vulnerabilities (CVE-2021-37919, CVE-2021-37920, CVE-2021-37921, CVE-2021-37923 and CVE-2021-37924) reported by Nam kn Nguyen from ECQ.
  • Path traversal vulnerability and unrestricted file upload leading to RCE vulnerability (CVE-2021-37922 and CVE-2021-37918) reported by qbao from ECQ.
  • Account take over via SSO with Signature Stripping vulnerability (CVE-2021-37927) reported by HaYiCle from ECQ.
  • Arbitrary file upload vulnerabilities (CVE-2021-37931, CVE-2021-37930, CVE-2021-37929, and CVE-2021-37928) reported by Duc Nguyen from ECQ.
  • Unrestricted file uploading leading to RCE vulnerability (CVE-2021-37926) reported by no3g from ECQ.

7100 (March 2021)
New Features:
  • Microsoft 365 management templates: Create Microsoft 365 groups, Distribution/Security Mail enabled groups and Dynamic distribution groups in single and bulk, with all entitlements easily and quickly, using the new group creation templates.
  • New GPO reports: Enhanced reporting on GPOs with the addition of four new reports - GPOs with specific settings, GPO settings, GPOs with Script, and Compare GPO Versions report.
  • Netapp and Isilion support: Manage and report on access permissions in NetApp and Isilion storage.
  • Integration with ServiceDesk Plus Cloud, Jira and Freshservice: In addition to ServiceNow, Zendesk and ServiceDesk Plus, ADManager Plus now offers out-of-the-box integration with ServiceDesk Plus Cloud, Jira and Freshservice to perform IAM actions like user onboarding and offboarding, enabling, disabling, unlocking and deleting user accounts, and resetting passwords from within the helpdesk console.
  • TLS Support: Option to configure TLS protocol with cipher suites, for greater security.
  • User logon security: Option to block users or technicians from logging onto ADManager Plus after the specified number of failed logon attempts.
  • Microsoft 365 management: Microsoft 365 accounts can be configured using Microsoft 365 modern authentication.
  • GPO management: Enhanced GPO management with options to configure security settings like Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System for computer objects.
  • Option to enable LDAP SSL for only the desired domains.
  • Notification profile:
    • Spruced up UI, which displays the technicians names in a pop-up, making it easier to select the desired technicians.
    • Options to add additional attributes like alternate email ID, proxy mail ID, and fax, etc. for email and mobile notification.
  • Organization attributes: The organization attributes can be imported in bulk from csv files.
  • Automation:
    • Integration with external databases will also support configuration of Auto Reply, Disable Lync, Delete Home Folder, Move Home Folder, Manage User Photos and Disable/Delete Mailbox actions.
    • Option to use 'modify users by templates' in Automation Policy as the last task, or any of the instant tasks, other than the first one.
    • For all HRMS based automation tasks, all the records in the database can be processed fully or incrementally depending on the task, every time the automation is executed.
  • Workflow: While configuring requestor roles, Choose Template option can be enabled or disabled for help desk technicians.
  • Scheduled reports:
    • Search for report schedules from column based search, besides the schedule name search option.
    • Execute the advanced scheduled reports instantly from the Run Now column options.
  • Delegation: When configuring help desk roles, customize the Schedule Report, View Archives, and Archive Settings options to be enabled or disabled for the technicians.
  • ADManager Plus now uses an updated version of JRE (jre_1_8_0_162) for enhanced security.
  • Unique encryption key for each instance of the product.
  • Mobile app authorization: Options to customize logon settings to allow or disallow logon from the ADManager Plus Android or iOS applications.
The following issues have been fixed in this release:
  • Vulnerability issues in JSON .jar files and login password encryption.
  • Issues in delegated OUs and group memberships in the Workflow module.
  • Issues in scheduled reports listing nested group member values despite checking the 'Exclude nested groups' option while configuring scheduled reports.
  • Issues in configuring Microsoft 365 settings for AzureUSGovernment and the Chinese environments.
  • Product crashing during the generation of scheduled 'Group for users' report.
  • The groups selected and the commands added in the custom scripts section in the 'Add to Groups' task in Automation were not getting saved.
  • Issues in disabling the Hide from Exchange address list when modifying a single user.
  • Error in accessing Computer modification templates.
  • The OUs list for choosing group members during single group modification takes a long time to load.
  • Issues in setting a photo for an AD user account through the user modification template.
  • Time taken for modifying groups with more than 4000 users had been optimized.
  • Unable to get shares from the server when there is a mismatch between the machine name and the DNS name.
  • When a helpdesk technician has been delegated two domains, one with only a few OUs and the other being fully delegated, and a group is modified to remove a few group members, all the members of the group are removed.
  • Multiple Cross site scripting vulnerabilities reported by Alexander.

7065 (December 2020)
This release includes fixes for the following issues:
  • Not being able to navigate to other tabs in a user creation template, after clicking on its Office 365 tab.
  • Password never expires users report fetching incorrect data when generated through the report scheduler.
  • Recently deleted users report displaying the 'no data available' message when generated through the scheduler.

7064 (October 2020)  


This release includes fixes for the following issues:

  • Issue in updating to build 7063 using the service pack.

  • Error in displaying user details while modifying users using the Single User Modification feature.

  • Issue in locating a user account using the AD search if all domains configured in the product are selected in the search scope.

7063 (October 2020)

  • Automation - Options to enable, disable and delete the automations as required.

  • User management templates - You can now configure rules to remove users from groups with user management templates.

  • Microsoft 365 management - Employee ID is automatically assigned to Microsoft 365 (formerly Office 365) users being created through user provisioning templates if Azure AD is configured in ADManager Plus

  • ElasticSearch - for backup module is now available by default with the product. Options to manage add or remove, the users' auth tokens.

  • Traditional Chinese and Korean language support - Besides English, ADManager Plus is available in ten other languages, viz., French, German, Spanish, Italian, Chinese, Dutch, Turkish, Arabic, Hebrew and Japanese languages.


The following issues have been fixed in this release:

  • Issues with displaying thumbnails for photo based reports.

  • Permissions details were not displayed in exported Folders Accessible by Accounts report, when used with SQL DB.

  • Issues in utilizing the CPU memory efficiently.

  • Issues in starting the product in compatibility mode with Internet Explorer versions 11 or older.

  • The issue of one record missing for every 500 records added in the CSV file, when the Report from CSV option is used for report generation.

  • An error message being displayed when the new attribute values added during GPO modification were in the long decimal format.

7062 (September 2020)

Password change alert to change the default password of ADManager Plus' admin account.

                  New to ADSelfService Plus?