Chatee ahora con Soporte
Chat con el soporte

Active Roles 8.0.1 LTS - SP3 Release Notes

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 21: General known issues
Known Issue Issue ID

Activating the EnableAntiForgery key (<add key="EnableAntiForgery" value="true"/> in web.config) may cause the following error message:

Session timeout due to inactivity. Please reload the page to continue.


Update the IgnoreValidation key in the<appSettings> section by adding a property value in lowercase:

  1. Open IIS Manager.

  2. In the left pane, under Connections, expand the tree view to Sites > Default Web Site.

  3. Under Default Web Site, click on the Active Roles application (ARWebAdmin by default).

  4. Double-click Configuration Editor.

  5. From the Section drop-down, select appSettings.

  6. Find the IgnoreForValidation key.

  7. Append the comma-separated value to IgnoreForValidation, for example: lowercasecontrolname.

  8. In the right pane, under Actions, click Apply.

  9. Recycle the App pool.


Table 22: Configuration Center known issues
Known Issue Issue ID

If you upgrade Active Roles to a newer version, starting the Active Roles Configuration Center to perform the in-place upgrade can fail with the following error messages:

  • Connect failed: The system cannot find the file specified.

  • Delegate to an instance method cannot have null 'this'.

At the same time, Active Roles logs the following error in the Event Viewer:

Critical error occurred upon starting Active Roles Administration Service. Details: Database <active-roles-database> on SQL Server <sql-server-name> is unavailable.

This issue occurs if the SQL Server used by Active Roles is not already running when attempting to start the Active Roles Configuration Center after a restart to perform the upgrade process. The issue is more likely to occur if the SQL Server and Active Roles are installed on the same machine.


To avoid this issue from occuring:

  • Install SQL Server and Active Roles on different machines.

  • Make sure that the SQL Server installation used by Active Roles is up and running before starting the upgrade process.

If you have your SQL Server and Active Roles installed on the same machine, and the error occurs, then close and reopen the Active Roles Configuration Center after SQL Server started running.


When configured for Groups and Contacts, the Office 365 and Azure Tenant Selection policy displays additional tabs.


Tenant selection supports selecting only a single tenant.


In the Starling Connect Connection Settings link, clicking Next displays progress, but the functionality is not affected, so the button is not required.


Table 23: Console (MMC Interface) known issues
Known Issue Issue ID

In Managed Units, when querying Azure objects, the following operators do not work due to a Graph API limitation:

  • Ends with

  • Contains

  • Present

For more information, see Support for filter by properties of Microsoft Entra ID (directory) objects in the Microsoft Graph documentation.


The format of the edsaAzureSubscribedSKUs attribute for hybrid Active Directory users has changed between Active Roles 7.6 and 8.0. As a result of this change, from Active Roles 8.0, in the Active Roles Console, you cannot modify this attribute to assign licenses to hybrid AD users.


Automation workflows with the Microsoft 365 script fail, if multiple workflows share the same script and the script is scheduled to execute at the same time.


One Identity recommends scheduling the workflows with different scripts or at a different time.


When a workflow is copied from a built-in workflow, it may not run as expected.


Azure Group Properties are not available if they are added to the Microsoft 365 Portal or Hybrid Exchange Properties from the forwarding address attribute of Exchange online users.


In Active Roles with the Office 365 Licenses Retention policy applied, after deprovisioning the Azure AD user, the Deprovisioning Results for the Office 365 Licenses Retention policy are not displayed in the same window.


To view the deprovisioning results of an Azure AD user:

  • In the Active Roles Console, right-click and select Deprovisioning Results.

  • In the right pane of the Active Roles Web Interface, click Deprovisioning Results.

  • To refresh the form, press F5.


Table 24: Installer known issues
Known Issue Issue ID

After upgrading Active Roles, the pending approval tasks are not displayed in the Active Roles Web Interface.


Table 25: Language Pack known issues
Known Issue Issue ID

In the Active Roles Configuration Center, changing the language in Global settings does not work properly.


To change the language of the Web Interface, configure the language with the Active Roles 8.0.1 SP3 LTS > Settings > User interface language option of the Web Interface.


In the Active Roles Console, the O365 script execution configuration activity of the Workflow Designer is not completely localized to German.


In the Active Roles Console, the German localization may contain visual issues and truncated texts.


In the Active Roles Console, some strings are displayed in English instead of German in the German localization.


In the Active Roles Synchronization Service, the Event Viewer messages are not translated to German.


In the Active Roles Synchronization Service, the German localization does not have all connector strings translated.


In the Active Roles Web Interface, some Azure-related strings are translated incorrectly for the supported languages. Translated texts may also contain link inconsistencies.


In Active Roles, several German localization issues are present.


In Active Roles, strings on the notification page are not localized.


In the Language Pack installer, the link of the online EULA agreement in the EULA text does not work.


Table 26: Synchronization Service known issues
Known Issue Issue ID

The Microsoft 365 Connector (formerly known as Microsoft Office 365 Connector) can only synchronize up to 1,000 mail users.


Azure BackSync can only synchronize up to 1,000 contacts.


In the Active Roles Synchronization Service, the following attributes of the Microsoft Azure AD Connector are currently not supported and cannot be queried via the Microsoft Graph API:

  • user attributes:

    • aboutMe

    • birthday

    • contacts

    • hireDate

    • interests

    • mySite

    • officeLocation

    • pastProjects

    • preferredName

    • responsibilites

    • schools

    • skills

  • group attributes:

    • acceptedSenders

    • allowExternalSenders

    • autoSubscribeNewMembers

    • hasMembersWithLicenseErrors

    • hideFromAddressLists

    • hideFromOutlookClients

    • isSubscribedByMail

    • membersWithLicenseErrors

    • rejectedSenders

    • unseenCount

This means that although these attributes are visible, they cannot be set in a mapping rule.


After running the get-qcworkflowstatus cmdlet in the Synchronization Service, the workflow status is not accurate.


Table 27: Web Interface known issues
Known Issue Issue ID

If you click Azure > Resource Mailboxes to query room mailboxes after being idle for approximately 15-20 minutes, the Active Roles Web Interface will not list any room mailboxes.


Restart the Administration Service.


In the Active Roles Web Interface, Azure roles are not restored automatically after performing an Undo Deprovision action on a user.


After the Undo Deprovision action is completed, assign the Azure roles to the user manually.


Active Roles does not support creating Azure groups for existing groups.


Active Roles Web Interface does not support setting the Exchange Online Property of the ProhibitSendQuota value in Storage Quotas.


Table 28: Known Issues – Active Roles Add-on Manager
Known Issue Issue ID

After installing an add-on that creates Web Interface customization items, the Web Interface may not display the customization items created by the add-on.


In the Web Interface, click Reload.


After installing an add-on that creates a virtual attribute, the virtual attribute may not appear in the Advanced Properties dialog of the affected object.


After installing the add-on, reconnect to the Administration Service.


After installing an add-on that creates a virtual attribute and a Web Interface customization item using that virtual attribute, an error may occur when opening any Web Interface site.


Restart Internet Information Services (IIS) on the web server running the Web Interface (for example, by running the iisreset command in the Windows command prompt).

If there is a replication group in your Active Roles environment, do the following:

  1. After the changes are propagated to all replication partners, click Reload in the Web Interface.

  2. If the Web Interface does not open, enter the following in the address bar of your browser to reload the Web Interface:

    <site url>/customization/metadata-Reload.aspx?ReloadFromWorkingCopy=1
  3. After the changes are propagated to all replication partners, restart Internet Information Services (IIS) on the web server running the Web Interface (for example, by running the iisreset command in the Windows command prompt).


When you use Add-on Manager to uninstall an add-on, the following error may occur:

Object 'objectDN' was not found.

This error can occur if the add-on modifies an existing object during installation, and then the modified object is deleted by a user after the add-on has been installed.


Uninstall the add-on from the command line using the /ForceUninstall parameter. For example:

AddOnManager.exe /UninstallAddon /AddonName:"my-addon" /ForceUninstall /Service:"servicename" /User:"domain\user" /Password:"password"


After uninstalling an add-on that creates a virtual attribute and a Web Interface customization item that uses that virtual attribute, the Web Interface customization item created by the add-on may not be removed, and the Web Interface may return the following error:

An error occurred during the last operation.


Perform the following steps:

  1. In the Web Interface, click the Reload command.

    If the Web Interface does not open, reload the Web Interface by entering the following URL in the address bar of your browser:

    <site url>/customization/metadata-Reload.aspx?ReloadFromWorkingCopy=1

    NOTE: If there is a replication group in your Active Roles environment, reload the Web Interface only after the changes are propagated to all replication partners.

  2. Restart Internet Information Services (IIS) on the web server running the Web Interface (for example, by running the iisreset command in the Windows command prompt).

    NOTE: If there is a replication group in your Active Roles environment, restart IIS only after the changes are propagated to all replication partners.


After installing an add-on that creates Web Interface customization items, the Web Interface customization items created by the add-on may not be displayed.

This issue may occur if you provide incorrect user name and password for reloading Web Interface sites.


In the Web Interface, click the Reload command.


When you install Add-on Manager from the command-line, you may encounter the following error:

Command line option syntax error. Type Command /? for Help.

This error may occur if one or several parameters of the command contain more than 255 characters.


Edit the command-line parameters (for example, the path to a file) so that each parameter is not longer than 255 characters.


System requirements

Before installing Active Roles 8.0.1 SP3 LTS, ensure that your system meets the following minimum hardware and software requirements, and install the following required software.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. For more information about environment virtualization, see One Identity's Product Support Policies.

TIP: To run these PowerShell commands, use the 64-bit version of Windows PowerShell.



Exchange Online PowerShell V3 module 3.0.0

The Exchange Online PowerShell V3 module version 3.0.0 (or newer) must be installed on the computer(s) running the Administration Service.For more information, see Exchange Online PowerShell in the Microsoft Exchange PowerShell documentation.

Az.Accounts PowerShell module 2.5.3

You must install Az.Accounts PowerShell module version 2.5.3 (or older) on the computer(s) running Active Roles Administration Service and Active Roles Synchronization Service. For installation instructions, see Az.Accounts 2.5.3 in the Microsoft PowerShell Gallery.

Microsoft Edge WebView2 Runtime

You must install Microsoft Edge WebView2 Runtime on the computer running Active Roles Administration Service. For more information, see Introduction to Microsoft Edge WebView2 in the Microsoft Edge Developer documentation.

(Optional) One Identity certificate

If your organization enforces the AllSigned policy, you must install the One Identity certificate during the installation of Active Roles.

For the system requirements of each Active Roles component, see the following sections:

Hardware requirements

Table 29: Hardware requirements
Requirement Details


NOTE: The number of cores required depends on the size of the environment and the total number of managed objects.

For Administration Service, Web Interface and Synchronization Service, any of the following:

  • Intel 64 (EM64T)

  • AMD64
  • Minimum 2 cores
  • CPU speed: 2.0 GHz or faster.

NOTE: For Synchronization Service, One Identity recommends using a multi-core CPU for the best performance.

For Console and Management Tools, any of the following:

  • Intel x86

  • Intel 64 (EM64T)

  • AMD64

  • CPU speed: 1.0 GHz or faster.


NOTE: The amount of RAM required depends on the size of the environment and the total number of managed objects.

Administration Service:

A minimum of 4 GB of RAM.

Web Interface, Synchronization Service:

A minimum of 2 GB of RAM.

Console, Management Tools:

A minimum of 1 GB of RAM.

Hard disk space

Administration Service, Web Interface, Console, Management Tools:

A minimum of 100 MB of free disk space.

Synchronization Service:

A minimum of 250 MB of free disk space.

NOTE: If SQL Server and Synchronization Service are installed on the same computer, the amount required depends on the size of the Synchronization Service database.

Operating system

NOTE: Active Roles is not supported on Windows Server Core mode setup.

You can install any of the Active Roles components on a computer running:

  • Microsoft Windows Server 2022

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

Active Roles supports the Standard or Datacenter edition of these operating systems.

In addition, you can install the Active Roles Console and Management Tools on a computer running:

  • Microsoft Windows 10, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64).

  • Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64).

Administration Service requirements

Administration Service requirements

This section lists the system requirements of Active Roles Administration Service.

All Active Roles components require:

Table 30: Administration Service requirements


SQL Server

You can host the Active Roles database on the following SQL Server versions:

  • Microsoft SQL Server 2022, any edition.

  • Microsoft SQL Server 2019, any edition.

  • Microsoft SQL Server 2017, any edition.

  • Microsoft SQL Server 2016, any edition.

  • Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack.

  • Azure SQL hosted databases.

To connect Active Roles to a Microsoft SQL Server deployment, the following driver is required:

  • Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL).

Windows Management Framework

Windows Management Framework 5.1 (download here) is required on all supported operating systems.

Operating system on domain controllers

Active Roles retains all features and functions when managing Active Directory on domain controllers running any of these operating systems, any edition, with or without any Service Pack:

  • Microsoft Windows Server 2022

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

NOTE: Active Roles deprecates managed domains with the domain functional level lower than Windows Server 2008 R2. One Identity recommends that you raise the functional level of the domains managed by Active Roles to Windows Server 2008 R2 or higher.

Exchange Server

Active Roles is capable of managing Exchange recipients on:

  • Microsoft Exchange Server 2019

  • Microsoft Exchange Server 2016

NOTE: Microsoft Exchange 2013 and 2013 CU11 are not supported. For more information, see Knowledge Base Article 202695.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación