Changes to Setup and Installation
Active Roles introduces the following changes to Setup and Installation:
Unified Setup Wizard
Table 1: Changes to Unified Setup wizard
| Numerous MSI files |
Single ActiveRoles.EXE |
| The components must be installed in the correct order. |
|
Silent Install
The Active Roles installer, Setup.exe has command-line options for a silent installation. For more details, refer to KB 185799
Example:
Setup.exe /quiet /install ADDLOCAL=Service,Console /IAcceptActiveRolesLicenseTerms
Configuration Center
The Configuration Center unifies management of core configuration for the Active Roles Administration Service and Web Interface, which allows administrators to perform the core configuration tasks from a single location.
Highlights include:
- Initial configuration tasks such as creation of Administration Service instances and default Web Interface sites.
- Import of configuration and management history from earlier Active Roles versions.
- Management of core Administration Service settings, such as the Active Roles Admin account, service account, and database connection.
- Creation of Web Interface sites based on site configuration objects of the current Active Roles version or site configuration objects imported from earlier Active Roles versions.
- Management of core Web Interface site settings, such as the site’s address on the Web server and configuration object on the Administration Service.
- Scriptable Configuration Center operations using Windows PowerShell command-line tools provided by the Active Roles Management Shell.
The following two methods are available for configuring the Active Roles instance:
- Graphical User Interface (Active Roles Configuration Center)
- PowerShell (Active Roles Management Shell)
Management Shell Integration
The Active Roles Management Shell, which provides Windows PowerShell based command-line tools (cmdlets) for executing and automating administrative tasks in Active Roles, is a part of the Management Tools component included in the Active Roles Setup.
Modules:
- ActiveRolesManagementShell
- ActiveRolesConfiguration
ActiveRolesManagementShell
- Provides cmdlets for managing users, group, computers, and other objects in Active Directory via Active Roles; managing digital certificates; and administering certain Active Roles objects.
- Cmdlets are prefixed with QAD or QARS, such as New-QADUser, Add-QADCertificate, or New-QARSAccessTemplateLink.
ActiveRolesConfiguration
- Provides cmdlets for configuring Active Roles Administration Service instances and Web Interface sites.
- Available on 64-bit (x64) systems only. It requires the Active Roles Administration Service or Web Interface to be installed; otherwise, the module does not provide all cmdlets.
- The cmdlets provided in this module have their noun prefixed with AR, such as New-ARDatabase, New-ARService, or New-ARWebSite.
Changes to System requirements
Active Roles introduces the following changes to system requirements:
- Active Roles can no longer be installed on Window Server 2008.
-
Microsoft SQL Server 2005 is no longer supported. Microsoft SQL Server versions 2012 and later including 2019 are supported. The Configuration Center may be used to import Active Roles databases from SQL Server 2012 to a later SQL Server version. For details, see “Upgrading the Administration Service” in the Active Roles Quick Start Guide.
- Active Roles supports Google Chrome, Mozilla Firefox, and Microsoft Edge web browsers only. Internet Explorer is no longer supported.
- Web Interface is optimized for screen resolutions of 1280 x 800 or higher. The minimum supported screen resolution is 1024 x 768.
Active Roles 7.3 introduces the following changes to supported platforms:
For the complete system requirements, please refer the latest Active Roles Release Notes. The following are the important system requirements for Active Roles installation:
Resource Usage
The sizing of disk space and the SQL database capacities are best planned out by using the Resource Usage Calculator, which is found in the Documentation folder on the installation disk or image.
The Resource Usage Calculator is included with the installation media and can be found under:
Documentation\ ActiveRoles_7.4_ResourceUsageCalc.xls
For more information on the system requirements, please see the Pre-Installation and Upgrade section for the Active Roles Diagnostic and System Readiness Checker tools.
If the environment managed by Active Roles is located behind a firewall, then the following ports must be open between Active Roles Administration Service and the managed environment:
Access to DNS Servers
- Port 53 TCP/UDP Inbound/Outbound
Access to domain controllers
- Port 88 (Kerberos) TCP/UDP Inbound/Outbound
- Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
- Port 139 (SMB/CIFS) TCP Inbound/Outbound
- Port 445 (SMB/CIFS) TCP Inbound/Outbound
- Port 389 (LDAP) TCP/UDP Outbound
- Port 636 (LDAP SSL) TCP Outbound
- Port 3268 (Global Catalog LDAP) TCP Outbound
This port is required if Active Roles is configured to access the domain by using SSL.
- Port 3269 (Global Catalog LDAP SSL) TCP Outbound
This port is required if Active Roles is configured to access the domain by using SSL.
- The TCP port allocated by RPC endpoint mapper for communication with the domain controller
Active Directory domain controllers can be configured to use specific port numbers for RPC communication. For instructions, see http://support.microsoft.com/kb/224196.
Access to Exchange servers
- Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
- The TCP port allocated by RPC endpoint mapper for communication with the Exchange server
Exchange servers can be configured to use specific port numbers for RPC communication. For instructions, see http://support.microsoft.com/kb/270836.
Computer resource management
- Port 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
- Port 445 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
Computer restart
- Port 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
- Port 137 (WINS) UDP Outbound
- Port 138 (NetBIOS datagrams) UDP Outbound
Home folder provisioning and deprovisioning
- Port 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
- Port 445 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
Access to SMTP server for e-mail integration
- Port 25 (Default SMTP port) TCP Outbound
Active Roles uses SMTP port 25 by default. The default port number can be changed in the properties of the Mail Configuration object in the Active Roles console. If Mail Configuration specifies a different port, open that port rather than port 25.
Access to AD LDS instances
- The TCP port specified when registering the AD LDS instance with Active Roles
Access to SQL Server
If SQL Server that hosts the Active Roles database is located behind the firewall, open the following ports between Active Roles Administration Service and SQL Server:
- Port 1433 (Default SQL Server instance) TCP Inbound/Outbound
Open this port if the Active Roles database is on the default instance of SQL Server. If a different port is assigned to the default instance, open that port rather than port 1433.
- Port 1434 (SQL Server Browser service) UDP Inbound/Outbound
Open this port if the Active Roles database is on a named instance of SQL Server. In this case Active Roles uses UDP port 1434 to determine the port assigned to the named instance, open port 1434 along with the TCP port assigned to the named instance.
Access to Active Roles Administration Service
If a firewall is required between Active Roles clients, such as MMC Interface, Web Interface, ADSI Provider or Management Shell, and Active Roles Administration Service, open the following ports in the firewall:
- Port 15172 TCP Inbound/Outbound
Access to Web Interface
If the Active Roles Web Interface will be accessed through a firewall, open the following ports:
- Port 80 (Default HTTP) TCP Inbound/Outbound
- Port 443 (Default HTTPS) TCP Inbound/Outbound
The Web Interface normally runs over port 80, or over port 443 if SSL is enabled (off by default).
Synchronization Service
The Synchronization Service requires the following port to be open:
The Capture Agent requires this port to be open (on the Domain Controller):
