Active Roles can be upgraded from 8.0.0 LTS to Active Roles 8.0.x LTS using one of the following methods:
This article will be detailed the method of an in-place upgrade, for instructions on how to install and initially configure Active Roles, see the Active Roles Quick Start Guide.
NOTE: Although this is just a patch release with no new features or functionality, it will be required to create a new Configuration and Management History DB and import them from the previous database into the new one.
IMPORTANT: During in-place upgrade, when importing from the source database (Configuration and Management History database), the following database permissions are automatically migrated from the previously used (source) SQL database to the new (destination) SQL database:
The service account that is used for performing the in-place upgrade or the import or migration operation should have the following permissions in the SQL Server to perform the operation:
By default, the database users, permissions, logins, and roles are imported to the destination database. You can clear the Copy database users, permissions, logins, and roles check box in the following locations depending on the operation:
Changes related to Azure tenants
NOTE: If the organization has any Azure tenants that are managed with Active Roles, it will be required to reauthenticate and reconsent them after installing Active Roles 8.0.x LTS. Otherwise, Active Roles will not receive the required permissions for managing existing Azure tenants, and tenant administration in Active Roles 8.0.x LTS will not work correctly.
Changes related to Active Roles Synchronization Service
NOTE: Active Roles 7.5 has introduced support for Modern Authentication in the Azure BackSync workflows of the Active Roles Synchronization Service. After upgrading to Active Roles 8.0.x LTS from an earlier version, if previously had an Azure BackSync workflow configured, it will be prompted to reconfigure it in the Active Roles Synchronization Service Console.
CAUTION: If previously had an Azure BackSync workflow configured in Active Roles Synchronization Service, and more than one Azure Active Directory (Azure AD) service is configured, it must specify the Azure AD for which want to configure Azure BackSync. Failure to do so may either result in directory objects not synchronized at all, or synchronized to unintended locations.
The following steps describe the in-place upgrade scenario for Active Roles 8.0.1
1. Log on with a user account that has administrator rights on the computer.
2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe
3. Accept the licensing agreement and click Next.
4. Review the summary and warning. If the Office 365 Add-On is installed in the instance, uninstall it before continuing.
5. Make sure the minimum requirement are matches, otherwise the upgrade button will be greyed out.
6. Check the box "I want to perform configuration" and click finish, wait until the wizard upgrades all components listed in step 5;
7. Once Active Roles is installed, open the Active Roles Configuration Center in Windows. The Upgrade configuration wizard will automatically appear.
8. On the Upgrade configuration wizard, select the check box to confirm that you have read the instructions in the Quick Start guide regarding "Configuring Active Roles for in-place upgrade".
NOTE: If the disk space in SQL server is insufficient, then an error is displayed prompting you to increase the disk space.
9. To reauthenticate existing Azure tenants, proceed to the Reauthenticate tenants step and click Reauthenticate next to each Azure tenant.
10. Consider the following when reauthenticating existing Azure tenants:
NOTE: Consent permission once the upgrade has finished through the Configuration Center.
11. The Services association page allows the Active Roles Admin to configure the Administration services for executing Dynamic Groups, Group Families, and Scheduled tasks from the drop-down list.
The available options in the drop-down list are This Server and Other, where choosing Other allows to specify any other Administration Service in a fully qualified domain name (FQDN) format. If the value is empty, then the current administration service is used.
NOTE: Services association does not update certain scheduled tasks, For example, scheduled tasks that cannot be edited (Managed Object Counter) or scheduled tasks that are set to All servers option. It can choose to run the Services association immediately or schedule Services association.
NOTE: If Services association is scheduled at a certain time and the upgrade/import operation is still in progress or completes after the Services association scheduled time, the services are not associated. You have to run the built-in scheduled task Update Services To ExecuteOn from the Active Roles console to manually associate the Services.
To ensure Dynamic Groups, Group Families, and Scheduled tasks continue to function after an import the installation configures the new Active Roles server as the executing server for the tasks mentioned above. The configuration mentioned here runs after an upgrade.
NOTE: Alternatively, Services association can be performed at any time using the template workflow Update Services To Execute On available in the built-in Workflow Container. The parameters in the script used by the workflow can be configured to the required administration services, such as Dynamic Group Service, Group Family Service, and Scheduled Task Service. You can select the Administration Service from the drop-down list. The drop-down list displays all the currently running Administration Services that are connected to the current configuration database. If the parameter value is not selected, then the current Administration Service is used.
12. Review the details provided and click Upgrade to start the upgrading process.
13. The upgrade starts and the Execution tab displays the Progress bar for the upgrade. After the database upgrade is complete, the Active Roles Service is automatically started and ready for use.
14. The Management History database is not imported during the in-place upgrade. In this case, it should be imported manually through Configuration Center. In order to further assist you, please refer to our KB146810
After the database upgrade is complete, the Active Roles Service is ready for use.
NOTE: To upgrade multiple Active Roles Service instances, log in to the individual systems where Active Roles Service was upgraded, and perform the in-place upgrade steps for each Service.
If multiple instances of the Administration Service use a single database, then the upgrade can be performed as follows:
In case of any errors during the in-place upgrade, it must resolve the errors and re-open the Configuration Center to continue the in-place upgrade.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center