Introduction
The Active Roles Administration Guide provides detailed information about how to configure and maintain an installed Active Roles deployment for day-to-day administrative operations.
The document describes how to:
-
Configure rule-based and role-based administration settings.
-
Configure automatic resource provisioning and deprovisioning.
-
Set up automation and approval workflows for administrators or helpdesk personnel.
-
Manage groups via temporal group memberships, group families or dynamic groups.
-
Configure and monitor Active Roles reporting and Management History settings.
-
Configure entitlement profiles to give access to specific information resources.
-
Use the Active Directory Recycle Bin with Active Roles.
-
Integrate Active Roles with One Identity Starling.
-
Configure linked and remote Exchange mailboxes.
-
Register Azure AD tenants with Active Roles to manage Azure AD objects and resources.
-
Configure SQL Server replication.
-
Use Administrative Templates to set the behavior and appearance of the Active Roles Console with Group Policies.
-
Integrate Active Roles with other One Identity, Quest or third-party products and services.
-
Use optional utilities (the Configuration Transfer Wizard, Diagnostic Tools, Add-on Manager or the Active Roles Language Pack) to enhance and maintain your Active Roles deployment.
NOTE: For information about how to perform day-to-day administrative tasks, see the following documents:
-
For information about how to administer Active Directory resources in the Active Roles Console, see the Active Roles Console User Guide.
-
For information about how to administer Active Directory and Azure AD resources with the Active Roles Web Interface, see the Active Roles Web Interface User Guide.
In addition, for information about how to configure and customize the Active Roles Web Interface component, see the Active Roles Web Interface Configuration Guide.
Getting started with Active Roles
Getting started with Active Roles
This section describes how to start using Active Roles to prepare it for day-to-day administration operations.
NOTE: The Active Roles Administration Guide only describes product configuration procedures. For the in-depth description of its features and user interfaces, see the following documents:
-
For more information on the product features, see the Active Roles Feature Guide.
-
For more information on the Active Roles Console and the day-to-day operations you can perform with it, see the Active Roles Console User Guide.
-
For more information on the Active Roles Web Interface and the day-to-day operations you can perform with it, see the Active Roles Web Interface User Guide.
-
For more information on customizing and configuring the Web Interface and its sites, see the Active Roles Web Interface Configuration Guide.
Starting the Active Roles Console
The Active Roles Console, also referred to as MMC Interface, is a comprehensive administrative tool that you can use to:
-
Manage Active Directory and Microsoft Exchange resources.
-
Configure organization-level access and administration policies.
-
Set up automation or approval workflows for your administrators or helpdesk personnel.
To start the Active Roles Console
-
Log in to the system where Active RolesConsole is installed.
-
Depending on the version of your operating system:
-
In the Apps page, click Active Roles 8.1.3 Console.
-
From the Start menu, select All Programs > One Identity Active Roles 8.1.3 > Active Roles 8.1.3 Console.
NOTE: By default, the Active Roles Console automatically chooses an Administration Service instance and establishes a connection. If the Console cannot connect to the Administration Service or you want to manually select the Administration Service, see Connecting to the Administration Service.
Restricting access to the Active Roles Console
By default, after installing Active Roles, every user can log in to the Active Roles Console. To restrict access:
-
Use the MMC Interface Access setting of the Active Roles Configuration Center. This setting lets you restrict Console access only to Active Roles Admin users (or allow Console access again for all users, if the access is restricted). For details, see Restricting access to the Active Roles Console.
-
If Console access is already restricted to Active Roles Admin users, you can give Console access to individual users by assigning them to the User Interface Management - MMC Full controlAccess Template (AT). This AT gives access permission to the Server Configuration > User Interfaces > MMC Interface object. For details, see Restricting access to the Active Roles Console.
For more information, see Restricting access to the Active Roles Console in the Active Roles Installation Guide.