サポートと今すぐチャット
サポートとのチャット

Active Roles 7.5.4 - Release Notes

Known issues

The following is a list of issues known to exist at the time of release.

Table 2: General known issues
Known Issue Issue ID

Activating the EnableAntiForgery key (<add key="EnableAntiForgery" value="true"/> in web.config) may cause the following error message:

Session timeout due to inactivity. Please reload the page to continue.

Workaround

Update the IgnoreValidation key in the<appSettings> section by adding a property value in lowercase:

  1. Open the IIS Manager.

  2. In the left pane, under Connections, expand the tree view to Sites > Default Web Site.

  3. Under Default Web Site, click on the Active Roles application (ARWebAdmin by default).

  4. Double-click Configuration Editor.

  5. From the Section drop-down, select appSettings.

  6. Find the IgnoreForValidation key.

  7. Append the comma-separated value to IgnoreForValidation, for example: lowercasecontrolname.

  8. In the right pane, under Actions, click Apply.

  9. Recycle the App pool.

91977

Table 3: Known Issues – Active Roles Configuration Center
Known Issue Issue ID
When configured for Group and Contacts, the Office 365 and Azure Tenant Selection policy displays additional tabs. 229031
Tenant selection supports selecting only a single tenant. 229030

In the Starling Connect Connection Settings link, clicking Next displays progress, but the functionality is not affected, so the button is not required.

126892

Table 4: Known Issues – Active Roles Console (MMC Interface)

Known Issue

Issue ID

Automation workflow with Office 365 script fails, if multiple workflows share the same script and the script is scheduled to execute at the same time.

Workaround

One Identity recommends scheduling the workflows with different scripts or at a different time.

200328

When a workflow is copied from built-in workflows, it may not be executed as expected.

153539

Azure Group Properties are not available if they are added to the Office 365 Portal or Hybrid Exchange Properties from the forwarding address attribute of Exchange online users.

98186

In Active Roles with the Office 365 Licenses Retention policy applied, after deprovisioning the Azure AD user, the Deprovisioning Results for the Office 365 Licenses Retention policy are not displayed in the same window.

Workaround

To view the Deprovisioning Results after deprovisioning the Azure AD user:

  • In Active Roles MMC Console, right-click and select Deprovisioning Results.

  • In the right pane of the Active Roles Web Interface, click Deprovisioning Results.

  • To refresh the form, press F5.

91901

Table 5: Known Issues – Active Roles Installer

Known Issue

Issue ID

After upgrading Active Roles, the pending approval tasks are not displayed in the Active Roles Web Interface.

91933

Table 6: Known Issues – Active Roles Synchronization Service

Known Issue

Issue ID

In the Active Roles Synchronization Service, the following new attributes of the AzureAD Connector are currently not supported and cannot be queried via the Microsoft Graph API:

user

group

aboutMe

allowExternalSenders

birthday

autoSubscribeNewMembers

hireDate

hideFromAddressLists

interests

hideFromOutlookClients

mySite

isSubscribedByMail

officeLocation

unseenCount

pastProjects

acceptedSenders

preferredName

membersWithLicenseErrors

responsibilities

rejectedSenders

schools

hasMembersWithLicenseErrors

skills

 

contacts

 

This means that although these attributes are visible, they cannot be set in a mapping rule.

304074

After running the get-qcworkflowstatus cmdlet in the Synchronization Service, the workflow status is not accurate.

125768

Table 7: Known Issues – Active Roles Web Interface
Known Issue Issue ID

In the Active Roles Web Interface, Azure roles are not restored automatically after performing an Undo Deprovision action on a user.

Workaround

After the Undo Deprovision action is completed, assign the Azure roles to the user manually.

 172655

Active Roles does not support creating Azure groups for existing groups.

117015

Active Roles Web Interface does not support setting the Exchange Online Property of the ProhibitSendQuota value in Storage Quotas. 91905

In the Active Roles Web Interface, when you click Azure > Resource Mailboxes to query room mailboxes after being idle for approximately 15-20 minutes, the Active Roles Web Interface will not list any room mailboxes.

Workaround

Restart the Administration Service.

293380

Trying to reset the password of an Azure user in the Active Roles Web Interface returns the following error message:

One or more errors occurred. Http Exception - Status Code Forbidden. Reason phrase Forbidden {"error":{"code":Authorization_RequestDenied","message":"Insufficient privileges to complete the operation"}}

This error occurs because of a Microsoft Graph API-related issue, described in the Authorization_RequestDenied error when you try to change a password using Graph API article of the Microsoft Azure Troubleshooting documentation.

Workaround

To solve this problem, assign the Company Administrator Office 365 administrative role to Active Roles with the following PowerShell cmdlets:

Connect-MsolService
$displayName = "ActiveRoles"
$objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId
$roleName = "Company Administrator"
Add-MsolRoleMember -RoleName $roleName -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId

293601

System requirements

Before installing Active Roles 7.5.4, ensure that your system meets the following minimum hardware and software requirements.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Before installing Active Roles 7.5.4, ensure that your system meets the following minimum hardware and software requirements, and install the following required software:

NOTE: To run these PowerShell commands, use the 64-bit version of Windows PowerShell.

Requirement

Details

Exchange Online PowerShell V2 module 2.0.3

The Exchange Online PowerShell V2 module version 2.0.3 (or newer) must be installed on the computer(s) running the Administration Service. For installation instructions, see Install and maintain the EXO V2 module in the Microsoft Azure Exchange PowerShell documentation.

Azure AD PowerShell module

The latest version of the Azure Active Directory (AD) PowerShell module must be installed on the computer(s) running the Administration Service. For installation instructions, see Installing the Azure AD Module in the Microsoft Azure PowerShell documentation.

Azure Az PowerShell module 2.5.3

The Azure Az PowerShell module version 2.5.3 (or older) must be installed on the computer(s) running the Administration Service and the Synchronization Service. For installation instructions, see Install the Azure Az PowerShell module in the Microsoft Azure PowerShell documentation.

SharePoint Online Management Shell - x64

The SharePoint Online Management Shell must be installed on the computer running the Administration Service. For installation instructions, see Get started with SharePoint Online Management Shell in the Microsoft SharePoint PowerShell documentation.

For the system requirements of each Active Roles component, see the following sections:

This section lists the hardware and software requirements for installing and running each of these components.

Hardware requirements

Table 8: Hardware requirements
Requirement Details

Processor

NOTE: The amount of processors required depends on the total number of managed objects. Depending on the size of the environment, the number of processors required may vary.

For Administration Service, Web Interface, and Synchronization Service, any of the following:

  • Intel 64 (EM64T)

  • AMD64
  • Minimum 2 processors
  • Processor speed: 2.0 GHz or faster.

NOTE: For Synchronization Service, One Identity recommends using a multi-core processor for the best performance.

For Console and Management Tools, any of the following:

  • Intel x86

  • Intel 64 (EM64T)

  • AMD64

  • Processor speed: 1.0 GHz or faster.

Memory

NOTE: The amount of memory required depends on the total number of managed objects. Depending on the size of the environment, the amount of memory required may vary.

Administration Service:

A minimum of 4 GB of RAM.

Web Interface, Synchronization Service:

A minimum of 2 GB of RAM.

Console, Management Tools:

A minimum of 1 GB of RAM.

Hard disk space

Administration Service, Web Interface, Console, Management Tools:

A minimum of 100 MB of free disk space.

Synchronization Service:

A minimum of 250 MB of free disk space.

NOTE: If SQL Server and Synchronization Service are installed on the same computer, the amount required depends on the size of the Synchronization Service database.

Operating system

NOTE: Active Roles is not supported on Windows Server Core mode setup.

You can install any of the Active Roles components on a computer running:

  • Microsoft Windows Server 2022, Standard or Datacenter edition.

  • Microsoft Windows Server 2019, Standard or Datacenter edition.

  • Microsoft Windows Server 2016, Standard or Datacenter edition.

In addition, you can install Console and Management Tools on a computer running:

  • Microsoft Windows 10, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64).

  • Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64).

Administration Service requirements

Administration Service requirements

This section lists the system requirements of the Active Roles Administration Service.

All Active Roles components require:

Table 9: Administration Service requirements
Requirement

Details

SQL Server

You can host the Active Roles database on:

  • Microsoft SQL Server 2019, any edition.

  • Microsoft SQL Server 2017, any edition.

  • Microsoft SQL Server 2016, any edition.

  • Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack.

  • Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL).

Active Roles also supports Azure SQL hosted database.

Windows Management Framework

On all supported operating systems, the Active Roles Administration Service requires Windows Management Framework 5.1 (available for download here).

Operating system on domain controllers

Active Roles retains all features and functions when managing Active Directory on domain controllers running any of these operating systems, any edition, with or without any Service Pack:

  • Microsoft Windows Server 2022

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

Active Roles deprecates managed domains with the domain functional level lower than Windows Server 2008 R2. One Identity recommends that you raise the functional level of the domains managed by Active Roles to Windows Server 2008 R2 or higher.

Exchange Server

Active Roles is capable of managing Exchange recipients on:

  • Microsoft Exchange Server 2019

  • Microsoft Exchange Server 2016

  • Microsoft Exchange Server 2013

NOTE: Microsoft Exchange 2013 CU11 is no longer supported. For more information, see Knowledge Base Article 202695.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択