The following is a list of issues known to exist at the time of release.
| Known Issue | Issue ID | 
|---|---|
| Activating the EnableAntiForgery key (<add key="EnableAntiForgery" value="true"/> in web.config) may cause the following error message: Session timeout due to inactivity. Please reload the page to continue. Workaround Update the IgnoreValidation key in the<appSettings> section by adding a property value in lowercase: 
 | 91977 | 
| Known Issue | Issue ID | 
|---|---|
| When configured for Group and Contacts, the Office 365 and Azure Tenant Selection policy displays additional tabs. | 229031 | 
| Tenant selection supports selecting only a single tenant. | 229030 | 
| In the Starling Connect Connection Settings link, clicking Next displays progress, but the functionality is not affected, so the button is not required. | 126892 | 
| Known Issue | Issue ID | 
|---|---|
| Automation workflow with Office 365 script fails, if multiple workflows share the same script and the script is scheduled to execute at the same time. Workaround One Identity recommends scheduling the workflows with different scripts or at a different time. | 200328 | 
| When a workflow is copied from built-in workflows, it may not be executed as expected. | 153539 | 
| Azure Group Properties are not available if they are added to the Office 365 Portal or Hybrid Exchange Properties from the forwarding address attribute of Exchange online users. | 98186 | 
| In Active Roles with the Office 365 Licenses Retention policy applied, after deprovisioning the Azure AD user, the Deprovisioning Results for the Office 365 Licenses Retention policy are not displayed in the same window. Workaround To view the Deprovisioning Results after deprovisioning the Azure AD user: 
 | 91901 | 
| Known Issue | Issue ID | 
|---|---|
| After upgrading Active Roles, the pending approval tasks are not displayed in the Active Roles Web Interface. | 91933 | 
| Known Issue | Issue ID | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| In the Active Roles Synchronization Service, the following new attributes of the AzureAD Connector are currently not supported and cannot be queried via the Microsoft Graph API: 
 This means that although these attributes are visible, they cannot be set in a mapping rule. | 304074 | ||||||||||||||||||||||||||
| After running the get-qcworkflowstatus cmdlet in the Synchronization Service, the workflow status is not accurate. | 125768 | 
| Known Issue | Issue ID | 
|---|---|
| In the Active Roles Web Interface, Azure roles are not restored automatically after performing an Undo Deprovision action on a user. Workaround After the Undo Deprovision action is completed, assign the Azure roles to the user manually. | 172655 | 
| Active Roles does not support creating Azure groups for existing groups. | 117015 | 
| Active Roles Web Interface does not support setting the Exchange Online Property of the ProhibitSendQuota value in Storage Quotas. | 91905 | 
| In the Active Roles Web Interface, when you click Azure > Resource Mailboxes to query room mailboxes after being idle for approximately 15-20 minutes, the Active Roles Web Interface will not list any room mailboxes. Workaround Restart the Administration Service. | 293380 | 
| Trying to reset the password of an Azure user in the Active Roles Web Interface returns the following error message: One or more errors occurred. Http Exception - Status Code Forbidden. Reason phrase Forbidden {"error":{"code":Authorization_RequestDenied","message":"Insufficient privileges to complete the operation"}}This error occurs because of a Microsoft Graph API-related issue, described in the Authorization_RequestDenied error when you try to change a password using Graph API article of the Microsoft Azure Troubleshooting documentation. Workaround To solve this problem, assign the Company Administrator Office 365 administrative role to Active Roles with the following PowerShell cmdlets: Connect-MsolService $displayName = "ActiveRoles" $objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId $roleName = "Company Administrator" Add-MsolRoleMember -RoleName $roleName -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId | 293601 | 
