This cumulative hotfix resolves the following issues:
When running a deprovisioning workflow (for example, between an Azure AD and an on-premises AD), synchronization could unexpectedly stop after some time with a Compiling error log message. When that happened, the Synchronization Service had to be restarted to resume synchronization. This issue occurred because one of the required Azure AD schema DLLs could not be generated in runtime, and has been fixed by resolving the compiling error.
Previously, changing the primary email address domain of an O365 Group resulted in the O365 Group disappearing in Active Roles after the next synchronization. This issue occurred because Active Roles listed the O365 Groups of an Azure Tenant only by checking their primary address domain (and ignoring the value of their alias email property). This has been fixed by having Active Roles list all O365 Groups of an Azure Tenant, regardless of whether their primary domain address is specified as their primary email address or as their alias email address.
Textboxes affected by custom script modules may have not fit the Web Interface horizontally if the scripts have added custom user interface elements (such as buttons) to the textboxes. This issue was caused by outdated formatting settings that contained incorrect width settings for such textboxes. The problem has been fixed by implementing a maximum width value (corresponding to the width of the Active Roles Web Interface) to prevent textboxes becoming horizontally oversized.
Previously, when creating a new group in the Active Roles Web Interface with the Users > New Group menu, leaving the Create an Exchange e-mail address checkbox in its default unchecked state did not disable the Alias and Associated administrative group settings, resulting in the respective mailNickname and edsaAdminGroup attributes also being included in the group creation request when clicking Finish. This resulted in new groups being created with a broken Exchange state.
This issue is now fixed, so that the Alias and Associated administrative group attributes are now grayed out when the Create an Exchange e-mail address checkbox is unchecked, and their respective mailNickname and edsaAdminGroup attributes are also not included in the group creation request in such cases.
Previously, when mapping two objects (for example, two users from two separate OUs) by their Description field, and then setting up a synchronization workflow to synchronize their descriptions and SID histories, changing the description of the first user and then running the synchronization workflow could result in the following error message:
An error occurred while modifying the object : The identity check failed for the outgoing message.
This issue was caused by an authentication failure of the Capture Agent, due to differences between the certificates of the Capture Agent and the Sync Service. This authentication issue has now been fixed to resolve the problem.
This Update also contains the hotfixes of the following previously-reported issues.
Active Roles logs may have unintentionally displayed privileged credentials. This issue is now fixed.
Previously, users could continue working in an active session after their passwords had been reset. This has been fixed.
Fixed an issue where modifying or updating Exchange Online Properties, such as the Delegate Send As Rights and Full Access permissions removed the Trustees and then added them back.
Previously, when having a New User form with customization and extended controls set, the control value of OnGetEffectivePolicy in the script was not populated. This has been fixed.
Fixed some discrepancies observed during Tenant information updates.
Improved the Search filter used to find Dynamic Groups.
Improved the time of completing the Get-QADGroupMember command-let operation.
Fixed a timeout error that occurred while reading the general properties of a user object by a delegated user logged in without appropriate permissions in the Password Settings Container (CN=Password Settings Container, CN=System) under each managed domain.
Fixed poor performance in Active Roles Web Interface when opening the members of a Group in multiple tabs / sessions containing a large group membership.
Updated the Office 365 connector URI in the Active Roles Synchronization service to the new URI (https://outlook.office365.com/powershell-liveid/).
Please review the included ReadMe for addition details.