The Active Roles Web Interface Administration Guide is for individuals who are responsible for deploying and tailoring the Web Interface to suit the needs of their organization. This document provides a brief overview of the Web Interface, explains the customization capabilities, and provides instructions on how to customize the Web Interface and perform administrative tasks.
Deploying the Web Interface
You can deploy the Active Roles Web Interface on any computer that meets the product system requirements and is running Internet Information Services (IIS) 7.5 or later. For more information on the software and hardware requirements, see System Requirements in the Active Roles Release Notes.
NOTE: You do not need to deploy the Web Interface component on the same computer that runs the Active Roles Administration Service. However, the computer (or computers) hosting the Web Interface must have a reliable network connection to the computer (or computers) running the Administration Service component.
Before you begin deploying any Web Interface sites, make sure you meet the following requirements on the computer(s) where you will deploy the Web Interface component:
Table 1: Web Interface requirements
You can deploy the Active Roles Web Interface component on the following operating systems:
Windows Server 2022
Windows Server 2019
Windows Server 2016
Make sure that the computer where the Web Interface is deployed has the Web Server (IIS) server role installed, with the following role services:
- Web Server/Common HTTP Features/
- Default Document
- HTTP Errors
- Static Content
- HTTP Redirection
- Web Server/Security/
- Request Filtering
- Basic Authentication
- Windows Authentication
- Web Server/Application Development/
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
- Management Tools/IIS 6 Management Compatibility/
- IIS 6 Metabase Compatibility
NOTE: The Active Roles installer automatically configures the Web Server (IIS) server role when installing the Web Interface component.
To verify that the server role is configured properly on the computer, use the native Server Manager tool of the operating system after the Web Interface is installed.
Make sure that Internet Information Services (IIS) provides Read/Write delegation for the following features:
To confirm that these features have the Read/Write delegation configured, use the Feature Delegation option of the native Internet Information Services (IIS) Manager tool of the operating system.
.NET Trust Levels
Make sure that the .NET Trust Level is set to Full (internal) on every computer where the Web Interface component will be installed.
To configure this setting:
In the native Internet Information Services (IIS) Manager tool, under Connections, expand the node of the computer, and navigate to Sites > Default Web Site.
On the Default Web Site Home page, double-click .NET Trust Levels.
Under Trust level, select Full (internal).
NOTE: Setting the .NET Trust Level to any other value will result in a failure when attempting to load any of the configured Active Roles Web Interface sites.
About the Web Interface
The Active Roles (formerly known as ActiveRoles®) Web Interface is a highly customizable, easy-to-use Web-based application that facilitates the data administration and provisioning in Active Directory. Via the Web Interface, an intranet user can connect to Active Roles using a Web browser and perform day-to-day administrative tasks, including user management tasks such as modifying personal data or adding users to groups.
A Web Interface user can perform administrative tasks and view or modify directory data. However, the user’s scope of authority is limited by the rights delegated in Active Roles. A user sees only the commands, directory objects, and object properties to which the user’s role provides administrative access.
The Web Interface pages are easy to customize. An administrator can customize them without modifying a single line of code. Menu commands can be added or removed, and Web Interface pages can be modified by adding or removing fields that display property values.
The key features and benefits of the Active Roles Web Interface include:
- Role-based suite of interfaces Enables multiple interfaces to coexist on an intranet, with each interface providing a separate, administrative role-oriented, customizable set of menus, commands, and forms.
- Dynamic configuration based on roles Dynamically adapts to meet the roles assigned to Web Interface users. A user is only shown the commands, directory objects, and object properties for which the user’s role provides administrative access.
- Point-and-click customization An administrator can customize menus, commands, and pages without writing a single line of code.
- Full-featured management of Active Directory accounts Provides for all administrative tasks on Active Directory accounts, such as users, groups, and computers. The Web Interface can be tailored for any category of administrative personnel, whether day-to-day administrators, business data owners, help desk operators, or even regular end-users.
- Management of computer resources Provides the ability to manage computer resources such as printers, shares, services, devices, local users and groups.
- User Profile Editor Enables end users to manage personal or emergency data through a simple-to-use Web interface, provided that the users have the appropriate permissions specified with Active Roles.
- Instant application of corporate rules Efficiently supplements and restricts the user input based on corporate rules defined with Active Roles: displays property values generated according to the rules, and prohibits administrative users from entering data that violate the rules.
- Single sign-on with integrated Windows authentication Provides for single sign-on, without normally requiring users to type passwords again once they are logged on and authenticated by the operating system.
- International support Incorporates international support through the language-specific information and resource files that store user interface elements in multiple languages.
Different sites for different roles
Multiple instances of the Web Interface, referred to as Web Interface sites, can be installed with different configurations. The following is a list of configuration templates that are available out-of-the box.
- Default Site for Administrators Supports a broad range of tasks, including the management of directory objects and computer resources.
- Default Site for Help Desk Handles typical tasks performed by Help Desk operators, such as enabling/disabling accounts, resetting passwords, and modifying select properties of users and groups.
- Default Site for Self-Administration Provides User Profile Editor, allowing end users to manage personal or emergency data through a simple-to-use Web interface.
Each configuration template provides an individual set of commands installed by default. The Web Interface site can be customized by adding or removing commands, and by modifying Web pages (forms) associated with commands.
Although the Web Interface dynamically adapts to roles assigned to users, the ability to tailor separate Web Interface sites to individual roles gives increased flexibility to the customer. It helps streamline the workflow of directory administrators and help-desk personnel. Static configuration of interface elements ensures that Web Interface users have access to the specific commands and pages needed to perform their duties.
Active Roles administrators can use the customization capabilities of the Web Interface to add and remove commands and to modify Web pages (forms) associated with commands. For information about how to perform customization, see “Customizing the Web Interface” later in this document.
Multiple interfaces with different configurations can coexist on a network. Therefore, there is no need to re-configure the Web Interface for each particular role.