ADManager Plus Fixes and Enhancements

ADManager Plus Fixes and Enhancements


7112 (September 2021)
Enhancements
  • GPO management
    • Manage GPO scope with Security filtering and WMI filtering options.
    • Options to configure the GPO permissions (edit, modify security, read or delete) for desired users, groups and computers.
  • Microsoft 365 reporting: Two new reports, Last User Activity by Service and Last User Activity by date, have been added for enhanced Microsoft 365 reporting.
  • User Modification templates: Rules can now be set up to check for 'is not' condition, besides the existing 'is' condition.
  • Workflow: Option to resolve workflow requests in bulk irrespective of the ticket status.
  • AD Explorer will now display Object GUID attribute values for all objects.
  • IP restrictions for enhanced security: Options to restrict the inbound and outbound connections based on IPs or IP ranges.
  • Custom SMS notification options
    • Enhanced customization options for HTTP parameters and HTTP request headers configuration.
    • Options to choose the type of message encoding (URL or Base64) and the parameters to be encoded.
Fixes
The following issues have been fixed in this release.
  • Scheduled reports emailing failing randomly.
  • 'Choose member' popup window of the Modify Single group window having a longer loading time.
  • Issue in configuring the scheduled custom report to be sent only if data is available.
  • Issue in setting the allowed logon hours to 'All allow' via user modification templates.
  • Values of multi-line attributes like 'Street' being displayed as multiple lines in the product and as a single line in AD.
  • Issue in updating Microsoft 365 licenses in non OU-based delegation setups.
  • When a manager is assigned as an approver to a workflow task, only the specific approver will be notified in case of any helpdesk requests assigned for approval. The other approvers will not be notified.
  • Cross site scripting and Remote code execution vulnerabilities reported by bmtd from ECQ.
  • Cross site scripting and Path traversal vulnerabilities reported by Adcorkilol from ECQ.
  • Authentication bypass vulnerability (CVE-2021-40539) affecting REST API URLs.

7111 (July 2021)

Issue Fixes
This release fixes the following vulnerabilities:
  • Pre-authentication RCE vulnerabilities (CVE-2021-37539, CVE-2021-37762, CVE-2021-37741, and CVE-2021-37761) reported by bmtd from ECQ.
  • Post-Auth OS command injection vulnerability (CVE-2021-37925) reported by Thai Nguyen of ECQ.
  • Post-Authentication RCE vulnerabilities (CVE-2021-37919, CVE-2021-37920, CVE-2021-37921, CVE-2021-37923 and CVE-2021-37924) reported by Nam kn Nguyen from ECQ.
  • Path traversal vulnerability and unrestricted file upload leading to RCE vulnerability (CVE-2021-37922 and CVE-2021-37918) reported by qbao from ECQ.
  • Account take over via SSO with Signature Stripping vulnerability (CVE-2021-37927) reported by HaYiCle from ECQ.
  • Arbitrary file upload vulnerabilities (CVE-2021-37931, CVE-2021-37930, CVE-2021-37929, and CVE-2021-37928) reported by Duc Nguyen from ECQ.
  • Unrestricted file uploading leading to RCE vulnerability (CVE-2021-37926) reported by no3g from ECQ.

7100 (March 2021)
New Features:
  • Microsoft 365 management templates: Create Microsoft 365 groups, Distribution/Security Mail enabled groups and Dynamic distribution groups in single and bulk, with all entitlements easily and quickly, using the new group creation templates.
  • New GPO reports: Enhanced reporting on GPOs with the addition of four new reports - GPOs with specific settings, GPO settings, GPOs with Script, and Compare GPO Versions report.
  • Netapp and Isilion support: Manage and report on access permissions in NetApp and Isilion storage.
  • Integration with ServiceDesk Plus Cloud, Jira and Freshservice: In addition to ServiceNow, Zendesk and ServiceDesk Plus, ADManager Plus now offers out-of-the-box integration with ServiceDesk Plus Cloud, Jira and Freshservice to perform IAM actions like user onboarding and offboarding, enabling, disabling, unlocking and deleting user accounts, and resetting passwords from within the helpdesk console.
  • TLS Support: Option to configure TLS protocol with cipher suites, for greater security.
  • User logon security: Option to block users or technicians from logging onto ADManager Plus after the specified number of failed logon attempts.
Enhancements:
  • Microsoft 365 management: Microsoft 365 accounts can be configured using Microsoft 365 modern authentication.
  • GPO management: Enhanced GPO management with options to configure security settings like Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry, and File System for computer objects.
  • Option to enable LDAP SSL for only the desired domains.
  • Notification profile:
    • Spruced up UI, which displays the technicians names in a pop-up, making it easier to select the desired technicians.
    • Options to add additional attributes like alternate email ID, proxy mail ID, and fax, etc. for email and mobile notification.
  • Organization attributes: The organization attributes can be imported in bulk from csv files.
  • Automation:
    • Integration with external databases will also support configuration of Auto Reply, Disable Lync, Delete Home Folder, Move Home Folder, Manage User Photos and Disable/Delete Mailbox actions.
    • Option to use 'modify users by templates' in Automation Policy as the last task, or any of the instant tasks, other than the first one.
    • For all HRMS based automation tasks, all the records in the database can be processed fully or incrementally depending on the task, every time the automation is executed.
  • Workflow: While configuring requestor roles, Choose Template option can be enabled or disabled for help desk technicians.
  • Scheduled reports:
    • Search for report schedules from column based search, besides the schedule name search option.
    • Execute the advanced scheduled reports instantly from the Run Now column options.
  • Delegation: When configuring help desk roles, customize the Schedule Report, View Archives, and Archive Settings options to be enabled or disabled for the technicians.
  • ADManager Plus now uses an updated version of JRE (jre_1_8_0_162) for enhanced security.
  • Unique encryption key for each instance of the product.
  • Mobile app authorization: Options to customize logon settings to allow or disallow logon from the ADManager Plus Android or iOS applications.
Fixes:
The following issues have been fixed in this release:
  • Vulnerability issues in JSON .jar files and login password encryption.
  • Issues in delegated OUs and group memberships in the Workflow module.
  • Issues in scheduled reports listing nested group member values despite checking the 'Exclude nested groups' option while configuring scheduled reports.
  • Issues in configuring Microsoft 365 settings for AzureUSGovernment and the Chinese environments.
  • Product crashing during the generation of scheduled 'Group for users' report.
  • The groups selected and the commands added in the custom scripts section in the 'Add to Groups' task in Automation were not getting saved.
  • Issues in disabling the Hide from Exchange address list when modifying a single user.
  • Error in accessing Computer modification templates.
  • The OUs list for choosing group members during single group modification takes a long time to load.
  • Issues in setting a photo for an AD user account through the user modification template.
  • Time taken for modifying groups with more than 4000 users had been optimized.
  • Unable to get shares from the server when there is a mismatch between the machine name and the DNS name.
  • When a helpdesk technician has been delegated two domains, one with only a few OUs and the other being fully delegated, and a group is modified to remove a few group members, all the members of the group are removed.
  • Multiple Cross site scripting vulnerabilities reported by Alexander.


7065 (December 2020)
Fixes:
This release includes fixes for the following issues:
  • Not being able to navigate to other tabs in a user creation template, after clicking on its Office 365 tab.
  • Password never expires users report fetching incorrect data when generated through the report scheduler.
  • Recently deleted users report displaying the 'no data available' message when generated through the scheduler.

7064 (October 2020)  

Fixes:

This release includes fixes for the following issues:

  • Issue in updating to build 7063 using the service pack.

  • Error in displaying user details while modifying users using the Single User Modification feature.

  • Issue in locating a user account using the AD search if all domains configured in the product are selected in the search scope.



7063 (October 2020)

Enhancements:
  • Automation - Options to enable, disable and delete the automations as required.

  • User management templates - You can now configure rules to remove users from groups with user management templates.

  • Microsoft 365 management - Employee ID is automatically assigned to Microsoft 365 (formerly Office 365) users being created through user provisioning templates if Azure AD is configured in ADManager Plus

  • ElasticSearch - for backup module is now available by default with the product. Options to manage add or remove, the users' auth tokens.

  • Traditional Chinese and Korean language support - Besides English, ADManager Plus is available in ten other languages, viz., French, German, Spanish, Italian, Chinese, Dutch, Turkish, Arabic, Hebrew and Japanese languages.

Fixes:

The following issues have been fixed in this release:

  • Issues with displaying thumbnails for photo based reports.

  • Permissions details were not displayed in exported Folders Accessible by Accounts report, when used with SQL DB.

  • Issues in utilizing the CPU memory efficiently.

  • Issues in starting the product in compatibility mode with Internet Explorer versions 11 or older.

  • The issue of one record missing for every 500 records added in the CSV file, when the Report from CSV option is used for report generation.

  • An error message being displayed when the new attribute values added during GPO modification were in the long decimal format.

7062 (September 2020)
Fixes:

Password change alert to change the default password of ADManager Plus' admin account.