ADMS Release Notes

Version 2.6.2 Released 2023-07-12

New Features

  • [ADMS-177] Custom date formats

    Enables custom date formats required for integration with the Ministry of Education's DI4OL project.

    Custom date formats are available for the date type placeholders sent from KAMAR such as datebirth and startingdate

    Examples of supported formats can be found in the Help Center

Bug Fixes

  • [ADMS-178] Left staff users not disabled

    v2.6.0 introduced a regression where by staff accounts were not being disabled due to a password not being present in the update request. This is now handled correctly and existing staff that have left and are still being sent by KAMAR will be processed as expected.

    Any staff that have past stopped being sent by KAMAR will need to be disabled manually in Active Directory. They should be easily located in the Left OU.

  • Miscellaneous

    • Revert regression introduced with v2.6.0 where some script parameters were supplied in a strange order

Version 2.6.0 Released 2023-04-04


  • [ADMS-174] KAMAR 2023 changes

    Due to security improvements in KAMAR 2023.01, ADMS will now only receive a staff password when a KAMAR administrator or user has changed their password. If this password change event is missed, the AD password may become out of sync until a new password is set in KAMAR.

  • [ADMS-175] Lower case the <emailaddress> placeholder

In the name of consistency the placeholder and mail attribute in AD will be lowercased. A future update of ADMS will also lower case, userPrincipalName and sAMAccountName

  • Miscellaneous

    • Update Admin Console title

    • Only update attributes when they are not null

      Addresses an issue where an attribute will be cleared if the value from the request is null (i.e password missing). Only the placeholder can set a null value into an attribute.

    • Do not send the users password as a script argument.

      This was a feature carried over from KDMS and could be used to retrieve a users password in plaintext. The script parameter order remains the same, with the password parameter set to an empty string.

Bug Fixes

  • [ADMS-162] Stop a user's groups from being processed if the user failed to update

  • [ADMS-163] Create and enable a user separately from setting their attributes

    Changes the order of operations during account creation and update so that there is always an AD object created with the appropriate account flags before further processing, so that the user attributes can be updated independently of the password and account state.

New Features

  • [ADMS-171] Surface the student NSN field sent from KAMAR

    The MoE relaxed the rules around NSN usage so we are adding it back. This will primarily help with SSO integration with NZQA and the MoE DI4OL Broker.

    It is up to the school to manage the privacy of this information

  • [ADMS-172] Surface the custom fields fields sent from KAMAR

    Custom Fields are now available as the following placeholders in an Attribute Mapping.


    Placeholder length modifiers must now be separated by a semi-colon.

    e.g <username4> must be updated to <username;4>

  • [ADMS-133] Return error to KAMAR when XML is invalid

  • [ADMS-166] Validate and trim script paths

Version 2.5.2 Released 2021-12-11


  • [ADMS-169] Add infourl and privacystatement to Check response

    Comply with changes to KAMAR coming in Jan 2022

Version 2.5.1 Released 2021-01-24


  • [ADMS-164] - Only return limited success response to data requests

    Comply with the new slimline response KAMAR now expects for data requests (full, part, photo etc).

Version 2.5.0 Released 2020-11-25


  • [ADMS-148] - New Look KAMAR Changes

    Handle changes to data sent from New Look KAMAR and new 2021 requirements

  • [ADMS-149] - Update ADMS Certificate

    Updated self-signed TLS certificate with extended expiry date

Bug Fixes

  • [ADMS-106] - Left Users are still processed once in LeftOU

    Fixed an issue where Left users would still have their password validated and needlessly reset.

  • [ADMS-116] - sAMAccountName constraint is unclear

    Fixed the current behaviour of taking the first 10 and last 10 characters from the username when trimming the sAMAccountName. New behaviour truncates the sAMAccountName to 20 characters.

    Recommendation is to configure the username length limit in KAMAR first to avoid confusion.

  • [ADMS-142] - Left script never called

  • [ADMS-154] - Handle missing XML elements

New Features

  • [ADMS-141] - Mapping for MOE Type

    The placeholder can now be used in an AttributeMapping (eg. RE = Regular Student)

Version 2.4.1 Released 2019-09-15

Bug Fixes

  • [ADMS-140] - The Home Drive dropdown displays the default drive letter and writes a number to the service config

    Appeared in v2.4.0

    Only effects ADMS when the Home Drive letter in the ADMS Admin Console was changed to correct the display issue after upgrade

    ADMS will attempt to revert the incorrect drive letter back to the original specified

Version 2.4.0 Released 2019-09-01

New Features

  • [ADMS-138] - Update KAMAR Schema

    ADMS can now utilise data from KAMAR that has become available since the last update.


  • [ADMS-107] - Remove special processing of profilePath

  • [ADMS-112] - Add detail to logging in OU state checks

  • [ADMS-114] - Migrate profilePath to an AttributeMapping

  • [ADMS-139] - Update Options returned to KAMAR

Bug Fixes

  • [ADMS-110] - Staff users orphaned when no classification from KAMAR

    Fixed an issue with context validation that occurred when a staff user did not have a classification set in KAMAR. This prevented ADMS from updating the user until a classification was set and the user was manually moved into a sub OU.

  • [ADMS-113] - When the profilePath setting is empty, the AD attribute is cleared

ADMS no longer clears a user's profilePath if ADMS is not configured to update the profilePath and the profilePath was manually set.

  • [ADMS-117] - Staff photos are not processed

    ADMS now handles the staffphoto request type

Version 2.3.0 Released 2017-06-19

New Features

  • [ADMS-98] - Sync KAMAR photos

    ADMS can now save staff and student photos as a 96x96 thumbnail in the thumbnailPhoto and jpegPhoto attributes and to the local disk or network location for use elsewhere.

  • [ADMS-102] - Ability to use caregiver details

    Caregiver names and email addresses are now available to use in Attribute Mapping as <caregivernames> and <caregiveremails>. If there is more than one caregiver then the values will be comma separated.


  • [ADMS-96] - Remove NSN

    In an upcoming KAMAR update the NSN will no longer be sent in the Directory Services data.


    • The <nsn> placeholder has been removed and will no longer be parsed when used in an Attribute Mapping

    • The order of the student script parameters order will not change and the value of the NSN parameter will now be an empty string.

  • [ADMS-101] - Ensure Directory Services XML is valid before processing

    If the request data from KAMAR contains invalid XML ADMS will now return and log an error with the details instead of aborting without anything helpful.

  • [ADMS-103] - Migrate password hash into attribute mappings

    The password hash location will be migrated into an Attribute Mapping for each user type (staff & student). The hash format is still set globally in the Service section of the Admin Console.

    Resolves issues where a user's password hash is not set/updated when:

    • the user's password is in sync
    • the hash location is changed
    • the hash type is changed

Bug Fixes

  • [ADMS-91] - INF and ERR logs for an invalid user location do not provide enough detail

  • [ADMS-92] - Removing left users group memberships unhandled exception

    Worked around an issue where ADMS would occasionally throw an execption (that we didn't expect) when attempting to enumerate a user's group memberships.

  • [ADMS-93] - Left user group memberships not being removed

    When a user is identified as left ADMS would clear the group memberships and then add the groups back during group processing.

Version 2.2.0 Released 2017-04-11

New Features

  • [ADMS-82] - Individual config for expire and change password

    An Admin can now opt to have the Password Never Expires & Users cannot change password flags set on a user when password syncing from KAMAR is disabled.

  • [ADMS-86] - Add TeamViewer support session link in Admin Console

  • [ADMS-89] - Prompt admin to verify config after upgrade

    ADMS now compares the current config version with the service version and will not process sync requests from KAMAR until the config is verified and saved after an upgrade


  • [ADMS-54] - Improve request startup logging

  • [ADMS-73] - Use new startingdate element sent from KAMAR

    In KAMAR v912.27 the teacher start date was added to Directory Services. ADMS can now use this value and the Starting Threshold to provision staff accounts before they start, rather than as soon as they appear in a sync request.

  • [ADMS-87] - Display an alert when the license is about to expire

    ADMS will now display an alert in the Admin Console if the license is due to expire within 7 days.

  • [ADMS-88] - Update password management interface

Bug Fixes

  • [ADMS-40] - Improve the log messages when a script timeout occurs

  • [ADMS-42] - Prevent scripts running indefinitely

    To prevent long running user scripts from holding or blocking the script queue, a max timeout of 3600 seconds (1 hour) is now enforced. Script execution that exceeds this time will be terminated.

  • [ADMS-80] - <empty> placeholder does not work in the email format configuration

  • [ADMS-83] - SMSData missing element types

    The <althomedrive> and <altdescription> placeholders are now available.

  • [ADMS-85] - Staff Move and Disable Config

    The staff "Move and Disable" configuration option was incorrectly linked to the student "Move and Disable" option.

Version 2.1.0 Released 2017-03-06

New Features

  • [ADMS-5] Provide placeholder for staff department list

    The <departments> placeholder will output a comma separated list (CSV) of a staff user departments without Staff- or Dept- prepended

    For example: A user with Staff-Teacher and Dept-English will output Teacher,English

  • [ADMS-12] Map KAMAR Placeholders to LDAP attributes

    Admins can now specify a list of AD attributes and the values they should be set to, either based on data from the sync request or static strings

    See the Attributes Mapping section on the Student & Staff config areas within the ADMS Admin Console

  • [ADMS-14] Config item to allow password resets

    When ADMS is not syncing passwords (i.e only setting them on user creation) it will now obey a Reset Password request from KAMAR. This enables a teacher to easily reset the AD password for a student to the one defined in KAMAR

    The student will then be able to login and change their password as normal.

    Password Resets do not apply when ADMS is syncing passwords because the AD password will always be the KAMAR password

  • [ADMS-34] Sync photocopy code from KAMAR

    KAMAR is now sending the staff photocopierid field in a request. The <photocopierid> placeholder is now available for staff.

    A Photocopier ID can be set against a staff user in KAMAR under Main Menu > Setup > Users > Personal > Other


  • [ADMS-60] Enable setting group email for each group type

    Admins now have the option to enable setting an email address and specify a custom format for each type of group (year groups, subject & class groups, staff groups, etc).

    ADMS will not update or clear an email address when the config option for a group type is disabled

  • [ADMS-67] Ability to have shortname placeholder for group emails

    The <shortname> placeholder will shorten the Subject/Class and Staff group names.

    • Dept-English will be shortened to English

    • Staff-Teacher will be shortened to Teacher

    • Subject301Eng will be shortened to 301Eng

    • Subject301EngClass1-1 will be shortened to 301Eng-1-1

    For groups that don't have a shortname the output of <groupname> will be used

  • [ADMS-68] Re-request license without service restart

    Previously, when the license expired and is renewed while the service is running, a service restart was required before the service will start processing requests again

  • [ADMS-72] Only update user AD attributes if there is a config value specified

    AD attributes for a user will now only be updated if they have a configured value. This allows special cases where an attribute may need to be manually set to a value that ADMS does not provide

    For example: If the config value for Logon Script is empty, any value manually set in AD or previously set by ADMS will not be cleared.

Bug Fixes

  • [ADMS-61] Set OU description

    ADMS will now set all Managed OU descriptions to ADMS managed Organizational Unit

  • [ADMS-64] Installer should not re-install service

    In future versions, the MSI installer will skip service re-install if it is preforming an upgrade. This fixes an issue when the service is configured to run under an account other than Local System and was reset back to Local System

    Due to the way MSI works, this change only applies to future updates and the service account will have to be reconfigured after installing this version

  • [ADMS-66] Staff Set Password On Creation setting not persisting to config

    ADMS Admin Console was attempting to save the bool to an invalid configuration option

  • [ADMS-70] Groups are processed for an invalid user

    When an invalid user (users found in an unmanaged ADMS context) was located, they were correctly excluded from user processing; however their groups were still processed. This has been corrected and a user will be completely excluded when they are found outside the ADMS context

Have more questions? Submit a request