This public hotfix resolves the following issues:
Improved the Search filter used to find Dynamic groups in the Active Roles service.
In Active Roles Management shell, Executing Get-QADGroupMember cmdlet takes additional time to complete the operation.
In the Active Roles version 7.4.3 Web Interface, a timeout error is displayed while reading the user object's general properties by a delegated logged-on user without appropriate permissions in the Password Settings Container (CN=Password Settings Container, CN=System) under each managed domain.
NOTE: Active Roles now give precedence to Fine-Grained Password Policy over Domain policy while evaluating the User account and password information. The User account information and Account Policies are displayed based on the configured policy applied on the container.
To read password expiry from the Fine-Grained Password Policy and display the information on the Web Interface, assign the below permissions to the delegated trustee on Active Directory | | System | Password Settings Container (CN=Passsword Settings Container,CN=System) under each managed domain. The password expiry value is evaluated by default based on the Domain policy if the below permissions are not set.
- List Object - msDS-PasswordSettings
- Read All Properties - msDS-PasswordSettings