지금 지원 담당자와 채팅
지원 담당자와 채팅

Active Roles 8.1.3 - Feature Guide

Introduction About Active Roles
Main Active Roles features Technical overview of Active Roles
Presentation components Service components Network data sources Security and administration elements Active Directory security management Customization using ADSI Provider and script policies Dynamic groups Workflows Operation in multi-forest environments
Examples of use
Administrative rules and roles
Managed Units Access Templates Access Rules Active Roles Synchronization Service Exchange Resource Forest Management Skype for Business Server User Management
Configuring and administering Active Roles Support for AWS Managed Microsoft AD FIPS compliance LSA protection support

Active Roles Configuration Shell

The ActiveRolesConfiguration module (also known as the "Configuration Shell") provides cmdlets for configuring Active Roles Administration Service instances and Web Interface sites. The names of the cmdlets provided by this module start with the AR prefix, such as New-ARDatabase, New-ARService, or New-ARWebSite.

NOTE: Consider the following when planning to use the ActiveRolesConfiguration module:

  • This module is available on 64-bit operating systems only.

  • You can only install this module on computers where the Administration Service or Web Interface modules are also installed. Otherwise, the module will not provide all cmdlets.

The following table lists the cmdlets of the Configuration Shell.

Table 6: Configuration Shell Cmdlets

Command

Description

Get-ARComponentStatus

Returns the installation and configuration status of the Active Roles components.

New-ARDatabase

Creates a new Active Roles database.

Import-ARDatabase

Transfers Active Roles configuration data or management history data from one database to another.

Backup-AREncryptionKey

Backs up the current encryption key of the configuration database in the local Administration Service instance into a file.

Restore-AREncryptionKey

Restores the configuration database encryption key from a backup file to the local Administration Service instance.

Reset-AREncryptionKey

Creates a new encryption key for the configuration database in the local Administration Service instance.

New-ARService

Creates the Active Roles Administration Service instance on the local computer.

Get-ARService

Gets the status of the Active Roles Administration Service instance from the local computer.

Set-ARService

Modifies the Active Roles Administration Service instance on the local computer.

Start-ARService

Starts the Active Roles Administration Service instance on the local computer.

Stop-ARService

Stops the Active Roles Administration Service instance on the local computer.

Restart-ARService

Stops and starts the Active Roles Administration Service instance on the local computer.

Remove-ARService

Deletes the Active Roles Administration Service instance from the local computer.

Test-ARServiceDatabaseSettings

Verifies whether the specified Active Roles database settings would cause Management History issues due to setting separate Configuration and Management History databases.

Get-ARServiceStatus

Gets the Active Roles Administration Service status information from the local computer.

Get-ARVersion

Gets the version of the local Active Roles installation.

New-ARWebSite

Creates a new Active Roles Web Interface site.

Get-ARWebSite

Gets the Active Roles Web Interface sites from the web server.

Set-ARWebSite

Modifies the specified Active Roles Web Interface site on the web server.

Remove-ARWebSite

Deletes the specified Active Roles Web Interface site from the web server.

Get-ARWebSiteConfig

Gets Web Interface site configuration objects from the Active Roles Administration Service.

Export-ARWebSiteConfig

Exports the specified Web Interface site configuration to a file.

Using the System Checker

You can start the System Checker by running the Active Roles System Checker application from the Start menu or Apps page, depending upon your version of the Windows operating system.

From the System Checker main window, you can perform the following tasks:

  • To check your computer, click System Readiness Checks, then select the appropriate Active Roles version for which to perform the checks.

  • To check a particular SQL Server instance, click SQL Server Checks and specify the SQL Server instance to check. You can also specify the authentication method and connection credentials for access to the SQL Server instance.

  • To check a particular Active Directory domain or a particular Domain Controller (DC), click Active Directory Checks and specify the name of the domain or the name of the DC. You can also specify connection credentials for access to the domain or DC.

System Checker then creates a report of the selected action, and displays it in its report viewer. Reports are divided into sections, each of which represents the results of a single check. If a report section includes any errors or warning messages, you can view the messages by expanding the section in the report viewer.

The report viewer also allows you to:

  • Print the report.

  • Export the report to an HTML file, so that you can open the report in a web browser later.

  • Save the report to a report file, so that you can open the saved report in the report viewer later.

  • Open a saved report by clicking Open in the main menu of System Checker, and selecting the report file.

  • Rebuild the report, and optionally also changing the report options.

    To rebuild the report, click Recheck on the toolbar of the report viewer.

Active Roles Log Viewer

The Active Roles Log Viewer tool allows you to browse and analyze:

  • Diagnostic log files created by the Active Roles Administration Service.

  • Event log files created by saving the Active Roles event logs in the Windows Event Viewer on the computer running the Administration Service.

The Log Viewer tool can help you to:

  • Check the sequence or hierarchy of requests processed by the Administration Service.

  • Identify error conditions that the Administration Service encountered during request processing.

  • Find Knowledge Base (KB) Articles for specific log messages and errors.

You can open Active Roles diagnostic log files (ds.log) or saved event log files (*.evtx) with the Log Viewer tool, allowing you to check:

  • The errors encountered by the Administration Service and recorded in the log file.

  • Requests processed by the Administration Service and traced in the log file.

  • All trace records found in the diagnostic log file.

  • All events found in the event log file.

When you select an error from the list, you can also look for applicable One Identity KB Articles to learn more about the log entry or troubleshoot selected errors.

In addition, the Active Roles Log Viewer tool also allows you to:

  • Search in the loaded log file for a particular text string, such as an error message.

  • Filter the list by various conditions to narrow the listed items to those you are actually interested in.

  • View detailed information about each list item, such as error details, request details or stack trace.

Getting started

To start using Active Roles Log Viewer, see the following resources:

  • For more information on how to install Active Roles Log Viewer, see Steps to install Diagnostic Tools in the Active Roles Quick Start Guide.

  • For more information on using Active Roles Log Viewer, see Using the Log Viewer tool in the Active Roles Administration Guide.

Voluntary threshold for managed object count

By default, Active Roles does not limit the number of managed objects you can manage. However, as the license fee is based on the managed object count, you may need to verify that the object count stays under a certain threshold. To do so, you must specify a threshold value for the number of managed objects.

Once you configure this voluntary threshold, the scheduled task that counts the managed objects will raise an alert whenever it detects that the current number of managed objects exceeds the configured threshold value. Active Roles will indicate this alert in the Product Usage Statistics page of the Active Roles Console, and can also send a notification over email.

Getting started

For more information on how to configure the threshold, see Voluntary thresholds for the managed object count in the Active Roles Administration Guide.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택