Active Roles simplifies and streamlines creation and ongoing management of user accounts and groups in Windows Active Directory (AD) environments by automating user and group account creation in AD, Azure AD, mailbox creation in Exchange and Exchange Online, group population, and resource assignment in Windows.
It provides strictly enforced security, rich capabilities for automating directory management tasks, change approval and easy-to-use Web interfaces, to achieve practical user and group account management for the Windows enterprise.
This document is for individuals responsible for deploying Active Roles in their organization. It provides step-by-step instructions for preparing the environment and installing the Active Roles components.
Active Roles divides the workload of directory administration into three functional layers: presentation components, service components, and network data sources.
Figure 1: Active Roles Components
The presentation components include client interfaces for the Windows platform and the Web, which allow users with appropriate rights to perform a precisely defined set of administrative activities. Active Roles also includes the reporting solution to generate reports on the administrative activities.
The service components constitute a secure layer between administrators and managed data sources. It ensures consistent policy enforcement, provides automation capabilities, and enables the integration of business processes for administration of Active Directory, Exchange and other corporate data sources.
The main component of Active Roles is the Administration Service—a powerful rules-based proxy for the management of network data sources. The Administration Service features advanced delegation capabilities and provides the ability to enforce administrative policies that keep data current and accurate. The Administration Service acts as a bridge between the presentation components and network data sources. In large networks, multiple instances of the Administration Services can be deployed to improve performance and ensure fault tolerance.
The Administration Service uses the configuration database to store configuration data that includes definitions of objects specific to Active Roles, assignments of administrative roles and policies, and procedures used to enforce policies.
The Administration Service provides a complete audit trail by creating records in the Active Roles event log. The log shows all actions performed and by whom, including actions that were not permitted. The log entries display the success or failure of each action, as well as which attributes were changed while managing objects in data sources.
The Active Roles distribution Media folder constitutes the following:
The Active Roles distribution Media folder contains the executable file and installers for the default and additional components that enable you to install Active Roles and its components on your computer.
To install Active Roles and its components
Based on the components selected, the Administration Service, Configuration Center, Web Interface, Management Shell, MMC Console, and ADSI Provider are installed on the system.
Alternatively, you can also download the installer file and install individual components manually from the respective component folder.
|
NOTE: The Administration Service must be configured and running to configure and start any other Active Roles components. |
For information on installing and configuring the Administration Service see Deploying the Administration Servicesection.
For information on installing and configuring the user interfaces see the Deploying user interfaces section.
For information on installing and configuring the additional solutions components, see Installing additional components.
|
NOTE:For more information on extending the Active Roles provisioning and account administration capabilities to your cloud applications, click Learn More in the Setup Progress window. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책