Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles 8.2 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Configuring a custom generation rule

To configure a custom rule, click Other combination of user properties, then click Configure. This displays the Configure Value dialog, as described in Configuring a Property Generation and Validation policy. You can use that dialog to set up a value for the ‘Alias’ must be condition, the same way you configure a Property Generation and Validation policy.

To start configuring a value, click Add in the Configure Value dialog. This displays the Add Entry window.

A value is a concatenation of one or more entries. In the Add Entry window, you can select the type of the entry to add, and then configure the entry. The following table summarizes the available types of entries.

Table 5: Available entries

Type of entry

Description

Text

Adds a text string to the value.

Uniqueness Number

Adds a numeric value the policy will increment in the event of an alias naming conflict.

User Property

Adds a selected property (or a part of a property) of the user account to which the policy will assign the alias.

Parent OU Property

Adds a selected property (or a part of a property) of an Organizational Unit in the hierarchy of containers above the user account to which the policy will assign the alias.

Parent Domain Property

Adds a selected property (or a part of a property) of the domain of the user account to which the policy will assign the alias.

Instructions on how to configure an entry depend on the type of the entry. For more information on how to configure each entry type, see the following resources:

When you are done configuring a value, click OK to close the Configure Value dialog. This will add the value to the policy rule. If necessary, you can modify the value by clicking Configure, then managing the list of entries in the Configure Value dialog.

When you are done configuring the policy rule, click Next on the E-mail Alias Generation Rule page and follow the instructions in the wizard to create the Policy Object.

Scenario: Generating e-mail alias based on user names

The policy described in this scenario generates the e-mail alias in accordance with this rule: user first name, optionally followed by a three-digit uniqueness number, followed by a period, followed by the user last name. Examples of aliases generated by this rule are as follows:

  • John.Smith

  • John001.Smith

  • John002.Smith

The policy generates the alias John001.Smith for the user John Smith if the alias John.Smith is in use. If both John.Smith and John001.Smith are in use, the policy generates the alias John002.Smith, and so on.

To implement this scenario, you must perform the following actions:

  1. Create and configure the Policy Object that defines the appropriate policy.

  2. Apply the Policy Object to a domain, OU, or Managed Unit.

As a result, when assigning an email alias to a user account in the container you selected in Step 2, the Active Roles user interfaces provide a Generate button to create the alias in accordance with the policy rule. In the event of an alias naming conflict, clicking Generate causes the policy to add a uniqueness number to the alias.

The following two sections elaborate on the steps to implement this scenario.

Creating and configuring the Policy Object

You can create and configure the Policy Object you need by using the New Provisioning Policy Object Wizard.

To configure the policy, click E-mail Alias Generation on the Select Policy Type page of the wizard. Then, click Next.

On the E-mail Alias Generation Rule page, click Other combination of user properties, and then click Configure.

Complete the Configure Value dialog as follows:

  1. Click Add.

  2. Configure the entry to include the user first name:

    1. Under Entry type, click User Property.

    2. Under Entry properties, click Select.

    3. In the Select Object Property window, click First Name in the Object property list, and then click OK.

    4. Click OK.

  3. Click Add.

  4. Configure the entry to optionally include a uniqueness number:

    1. Under Entry type, click Uniqueness Number.

    2. Under Entry properties, set the entry options:

      • Click Add if the property value is in use.

      • Select the Fixed-length number, with leading zeroes check box.

      • In the box next to Length of the number, in digits, type 3.

    3. Click OK.

  5. Click Add.

  6. Configure the entry to include the period character:

    1. In Text value under Entry properties, type the period character.

    2. Click OK.

  7. Click Add.

  8. Configure the entry to include the user last name:

    1. Under Entry type, click User Property.

    2. Under Entry properties, click Select.

    3. In the Select Object Property window, click Last Name in the Object property list, and then click OK.

    4. Click OK.

    After you complete these steps, the list of entries in the Configure Value dialog must look like the following figure.

  9. Click OK to close the Configure Value dialog. Then, click Next and follow the instructions in the wizard to create the Policy Object.

Applying the Policy Object

To apply the Policy Object:

  • Use the Enforce Policy page in the New Policy Object Wizard.

  • Alternatively, complete the New Policy Object Wizard, then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.

For more information on how to apply a Policy Object, see Linking Policy Objects to directory objects.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation