This cumulative hotfix addresses the following issues:
This issue has been resolved and Federated Authentication now revalidates without error.
This issue has been resolved and the memory utilization of the Active Roles server is now stable. However, the preferred solution to this issue is to update to Active Roles version 7.4.3 so that the MsOnline module is imported using Modern Authentication.
In addition, this update also contains the hotfixes of the following previously-reported issues.
When running a deprovisioning workflow (for example, between an Azure AD and an on-premises AD), synchronization could unexpectedly stop after some time with a Compiling error log message. When that happened, the Synchronization Service had to be restarted to resume synchronization. This issue occurred because one of the required Azure AD schema DLLs could not be generated in runtime, and has been fixed by resolving the compiling error.
Previously, changing the primary email address domain of an O365 Group resulted in the O365 Group disappearing in Active Roles after the next synchronization. This issue occurred because Active Roles listed the O365 Groups of an Azure Tenant only by checking their primary address domain (and ignoring the value of their alias email property). This has been fixed by having Active Roles list all O365 Groups of an Azure Tenant, regardless of whether their primary domain address is specified as their primary email address or as their alias email address.
Textboxes affected by custom script modules may have not fit the Web Interface horizontally if the scripts have added custom user interface elements (such as buttons) to the textboxes. This issue was caused by outdated formatting settings that contained incorrect width settings for such textboxes. The problem has been fixed by implementing a maximum width value (corresponding to the width of the Active Roles Web Interface) to prevent textboxes becoming horizontally oversized.
This issue is now fixed, so that the Alias and Associated administrative group attributes are now grayed out when the Create an Exchange e-mail address checkbox is unchecked, and their respective mailNickname and edsaAdminGroup attributes are also not included in the group creation request in such cases.
This issue was caused by an authentication failure of the Capture Agent, due to differences between the certificates of the Capture Agent and the Sync Service. This authentication issue has now been fixed to resolve the problem.
Active Roles logs may have unintentionally displayed privileged credentials. This issue is now fixed.
Previously, users could continue working in an active session after their passwords had been reset. This has been fixed.
Fixed an issue where modifying or updating Exchange Online Properties, such as the Delegate Send As Rights and Full Access permissions removed the Trustees and then added them back.
Previously, when having a New User form with customization and extended controls set, the control value of OnGetEffectivePolicy in the script was not populated. This has been fixed.
Fixed some discrepancies observed during Tenant information updates.
Improved the Search filter used to find Dynamic Groups.
Improved the time of completing the Get-QADGroupMember command-let operation.
Fixed a timeout error that occurred while reading the general properties of a user object by a delegated user logged in without appropriate permissions in the Password Settings Container (CN=Password Settings Container, CN=System) under each managed domain.
Fixed poor performance in Active Roles Web Interface when opening the members of a Group in multiple tabs / sessions containing a large group membership.
Please download the hotfix here.
Installing this hotfix:
To install this hotfix
To enable or disable the hotfix for bug 255755 after installation
NOTE: Perform the following steps only if you are specifically affected by the issue described under bug 255755.