What is the purpose of the Encryption key used in Active Roles (ARS)?
The encryption key is only used to encrypt passwords for domain override accounts (including AD LDS instances).
Other than passwords, we do not encrypt any other data.
By default, the encryption key will be created in the following folder:
C:\Documents and Settings\All Users\Application Data\Quest Software\ActiveRoles Server\
... with a default name of: ARS_encryption_keys.bin
Scenario Questions
Question: If I lose my encryption key, does that mean I won't be able to use ARS?
Answer: No. If you lose your encryption key, all is not lost. Since the encryption key is used for the Managed Domain password encryption, you can simply install ARS and use a NEW database and import the settings from the old database and it will prompt you to create a new encryption key file. Another method is to bring up an additional ARS service. It can retrieve the encryption key from an already running ARS service machine (you will be presented with the option to do so during installation).
If you do not have the encryption file for your original ARS service, you can still upgrade to 6.9 from 6.x (just create a new key if necessary)
If you have multiple ARS services sharing one database, you really do not need the encryption key as ARS can pull the encryption information from the existing running system
The encryption key file is not used during the upgrade
Question: Exactly what scenario would you absolutely need the ARS encryption key file?
Answer: The scenario is as follows:
* You would like to add another ARS service to an existing shared database
* You don't have any services connected to the same database up and running
* You cannot afford re-typing passwords for managed domains
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center