AD Client Extensions

SYNERGIX AD Client Extensions [ADCE] for Microsoft® Windows™ is a unique software solution that bridges major gaps between LAN connected computers and remote (VPN or WiFi) computers. Remote users access network resources over a VPN connection are presented with several challenges; these translate into poor user experience and increased systems management and support costs.

SYNERGIX ADCE delivers unsurpassed computing experience to remote Windows Users. It turns the table to the point that the LAN connected Windows computer users also benefit from Fast Logon Optimization on Windows 7.0, Secure Network Connections until a trusted user has not logged in and receive proper notifications on password expiration.

SYNERGIX ADCE delivers all of its features without requiring custom GINA extensions or schema changes in Active Directory infrastructure.

To read more about the value that ADCE can bring to your company visit the benefits page →

Built-in Administrator Account Password

Common Problem

In most cases, the Built-in Administrator Password is shared amongst many administrators and is a small set of static strings. This raises major security concerns specially when a very small set of passwords may be used on multiple computers and not changed frequently.

With AD Client Extensions installed, Built-in Administrator account passwords are system generated and stored in Active Directory in encrypted form. Passwords are validated regularly and reset to maintain the integrity. The password vault is infallible to the extend of AD Domain Infrastructure. Only designated administrators are allowed to retrieve and decrypt the password strings.

Password Expiration Notification

Common Problem

Default Domain Policy, specifically the Password Expiration policy, can cause resource access issues to VPN users who typically login with cached credentials. When their password is about to expire, they do not receive password expiration notification, which ultimately results in their account being locked out. This typically gets resolved by the users having to call the help desk to have their password reset, adding to the help desk cost. This translates into lost productivity and potential disruption of services to business users. Although sending EMail notifications is an option, it is not as effective solution. The users learn to treat it as spam and start ignoring such repetitive messages.

SYNERGIX ADCE software allows VPN connected users (even those using BYOD) to change their domain password seamlessly; there is no need to make any exception to the domain password policy or to apply fine-grained password policy. The users’ login behavior remains the same so no special instructions need to be provided to them. Upon establishing VPN connection to the corporate network, users are presented with a password change notification and then, with a secure form to change their domain credentials. The cached credentials are immediately synchronized with domain credentials and user continues with their normal business activities and without having to call the support desk.

Group Policy Updates

Common Problem

On remote Windows computers, the default Group Policy update mechanism is very unpredictable, leaving the systems administrators guessing whether the GPOs have applied or not.

With AD Client Extensions installed, there is no need to wait for the policies to download and to apply; they are refreshed as soon as corporate network connectivity is established via VPN, WiFi or LAN connection. The administrator can also specify additional parameters ex. /force to force all settings.

Synchronize cached credentials

Common Problem

When the domain password is reset by the administrator or by the user using a password reset portal, the cached credentials immediately becomes obsolete and can cause subsequent account lockouts.

Remote users generally log into their Windows based domain computers using cached credentials. AD Client Extensions seemlessly updates the cached credentials when the user updates their domain credentials. Additionally, when the administrators updates the user password, AD Client Extensions can remotely log off the user allowing them to login with new credentials and to avoid account lockout scenarios.

VPN Client Agnostic

Common Problem

VPN Client applications from different vendors may implement propretiary methods to overcome specific issues.

AD Client Extensions is compatible with all VPN Client Applications. Its architecture is free of custom GINA extensions and makes it work seemlessly with Cisco VPN Client, Cisco AnyConnect VPN Client, Juniper Networks SSL VPN, Nortel, OpenVPN and many others

Secure Network Connections

Common Problem

Computers that are left powered on and unattended by the user may become vulnerable to data theft and other unwanted activities.

The physical network is fully secured until an authorized and previously active user logs into the computer. The network connection state change is completely transparent to the end user. The administrator may choose to secure the network connection even when the workstation is locked by the user. The maintenance window option allows for running system maintenance tasks.

Duplicate DNS Records

Domain computers connecting to the corporate network from multiple locations via VPN, WiFi and LAN dynamically update multiple DNS A record entries in the domain DNS zone. With the DNS Server and Zone scavenging option generally set to several days, stale records exist for an extended period of time causing DNS name resolution errors. It significantly impacts the SLA established for desktop support software that heavily relies upon DNS name resolution of client computers.

Only the most recent hostname entries for each client computer are maintained in domain DNS zone. This feature works independently of DNS Server Scavenging feature.

No DC in Branch Offices

Secure your Branch Office Infrastructure by deploying no DC, not even RoDC ! All users logon fast with cached credentials. Foreground synchronous processing of Group Policies, logon scripts and home drive mapping are deferred to background processing.

Secure your Branch Office Infrastructure by deploying no DC, not even RoDC ! All users logon fast with cached credentials. Foreground synchronous processing of Group Policies, logon scripts and home drive mapping are deferred to background processing.

Practical IT Solutions