Converse agora com nosso suporte
Chat com o suporte

Active Roles 7.6 - Release Notes

Enhancements

The following is a list of enhancements implemented in Active Roles 7.6.

Table 1: Active Roles Web Interface enhancements
Enhancement Issue ID
Previously, when managing Azure users or Azure guest users, the Azure Properties > Job Info > Change the manager setting listed only Azure users. This setting has been improved, so that you can now also assign Azure guest users as managers. 297351

Starting from Active Roles 7.6, you can improve the performance of the Active Roles Web Interface by setting the timespan of an Azure PowerShell memory cache to shorten the waiting time when using any of the Azure and/or Exchange Online functions under the Azure node.

To set the timespan of the memory cache, modify the value of the following registry key:

HKEY_LOCAL_MACHINE\Software\One Identity\Active Roles\Configuration\Service\AzurePowershellMemoryCacheTimeInSec

The default value is 30 seconds. Setting the value to 0 disables memory caching.

For the changes to take effect, after modifying the registry key, restart the Active Roles Administration Service. If you modify the timespan of the memory cache, the changed duration will only be visible after a timeout.

308691

Table 2: Active Roles Synchronization Service enhancements
Enhancement Issue ID

Improved the performance of the Microsoft Office 365 Connector by processing group membership status only if the Member attribute is included in the Update rules of the workflow.

 305240

Improved the compatibility of the Salesforce Connector by updating the Salesforce API version it uses from version 19 (retired in the Summer '22 Salesforce release) to version 46.

293374

Resolved issues

The following is a list of issues addressed in this release.

Table 3: Resolved Issues – Active Roles Configuration Center

Resolved issue

Issue ID

Previously, the Starling Join process did not work, and resulted in an error.

The issue was caused by Starling no longer supporting Internet Explorer, but the Active Roles Configuration Center still used it to display the Starling web site.

The issue has been fixed, and the Starling Join or Unjoin process works properly again.

312515

Table 4: Resolved Issues – Active Roles Console (MMC Interface)

Resolved issue

Issue ID

Previously, starting from Active Roles 7.5, Azure licenses and Office 365 roles could not be updated via custom Active Roles change workflows.

This issue was a result of the retirement of Azure Graph API, and its subsequent replacement with Microsoft Graph API introduced in Active Roles 7.5.

This issue is now fixed, and you can update Azure licenses and O365 roles again with change workflows.

307467

Table 5: Resolved Issues – Active Roles Installer

Resolved issue

Issue ID

Previously, if you used PowerShell in AllSigned mode (Set-ExecutionPolicy -ExecutionPolicy AllSigned), you could not run unsigned or unvalidated PowerShell scripts, for example scripts that were not digitally signed by a trusted publisher, or scripts that were signed but not validated by the installed certificates.

The issue has been resolved: if your organization requires you to use AllSigned mode instead of the default Remote signed mode, in the Active Roles Setup, you can install the optional One Identity certificate during the Active Roles installation process.

 308955
Table 6: Resolved Issues – Active Roles Synchronization Service
Resolved issue Issue ID

Previously, when configuring Azure BackSync by matching an Azure security group with an on-premises group, and assigning a license to that Azure security group, mapping of the group objects failed with an Unexpected character encountered while parsing value: licenseProcessingState error message.

The issue was caused by compatibility issues with Microsoft Graph API, and has been fixed by updates in the group model.

310441

Previously, in the Active Roles Synchronization Service, when setting up an Update workflow connection between two connectors, the Process delta from last run setting did not work for the Microsoft Active Directory Connector if it was set to remote mode.

The issue has been resolved and now delta processing works for the Microsoft Active Directory Connector in remote mode.

 308526

Previously, after performing an in-place upgrade of Active Roles, and reconfiguring Active Roles Synchronization Service, opening a previously configured Microsoft Azure AD Connector connection or workflow resulted in a DLL load exception.

The issue was caused by an error in updating the Microsoft Azure AD Connector configuration files after an upgrade, and has been fixed.

303354

Previously, password synchronization operations did not work with the Oracle Database User Accounts Connector.

The issue was caused by incorrect attribute formatting, and has been fixed.

301942

Previously, when configuring a Microsoft Azure AD Connector connection, the connection test completed successfully even if you specified invalid credentials (for example, an invalid Client secret), and you could save the configuration with incorrect connection settings.

This issue has been fixed, so that you can save a configured Microsoft Azure AD Connector connection only if the specified credentials are correct.

301065

Table 7: Resolved Issues – Active Roles Web Interface

Resolved issue

Issue ID

Previously, in a multi-tenant deployment, removing an Azure tenant in the Active Roles Configuration Center and then restarting the Active Roles Administration Service resulted in the remaining Azure tenant(s) appearing empty, with none of their sub-containers visible in the Active Roles Web Interface.

This issue has been fixed.

311654, 312513

Previously, when managing multiple Azure tenants in your organization, listing the Azure room mailboxes in a specific tenant, and then listing the room mailboxes of another Azure tenant resulted in the room mailboxes of this second opened Azure tenant listed in every Azure tenant. After that, switching too many times between the existing Azure tenants resulted in the Resource Mailbox listing of the Azure tenants appearing blank.

This issue was caused by a caching problem in the Active Roles Web Interface, and has been fixed by ensuring that Azure tenant resources are cached separately in a multi-tenant deployment.

310311

Previously, if cloud-only Azure room mailboxes were also included in a quick or advanced search, the searches were slower than normal.

This issue has been fixed, so listing Azure room mailboxes takes less time now.

310227

Previously, when selecting multiple Azure users or Azure guest users in quick succession, the Active Roles Web Interface might show the list of actions available for the first selected user, instead of the bulk operations that you could perform on all selected users.

As Active Roles could list the bulk operations applicable to multiple users faster than the longer list of actions available for the first selected user, this issue was caused by Active Roles refreshing the list of actions applicable to multiple users with that of the first selected user.

The issue has been fixed by implementing an additional check to prevent replacing the list of bulk operations with those of the first selected user when multiple users (or guest users) are selected.

308413

Previously, when opening the Azure Properties window of any Azure user or Azure guest user, the Identity > User Principal Name field was empty.

This issue was caused by a UI population error, and has been fixed.

307479

Previously, attempting to create a new hybrid Azure user in the Active Roles Web Interface could result in a Value does not fall within the expected range error.

This issue was caused by a request error, and has been fixed.

307327

Previously, trying to reset the password of an Azure user in the Active Roles Web Interface returned an Insufficient privileges to complete the operation error.

The issue was caused by a Microsoft Graph API-related problem, and has been fixed by adding the User administrator directory role to the Active Roles Azure application.

293601

Previously, when opening an Office 365 group via the Azure > <azure-tenant-name> > Office 365 Groups node of the Active Roles Web Interface, the Properties step of the selected Office 365 group did not contain the Alias property.

This issue has been fixed, and the Alias property now appears.

279806

Previously, when a group policy was applied to an Organization Unit (OU), for example to allow administrators to create only certain types of groups in the OU, the Active Roles Web Interface identified existing groups moved from another OU incorrectly, resulting in the following issues:

  • Opening the General Properties of an existing group moved from another OU displayed the type of the moved group as the policy-enforced group type, even if the moved group had a different group type. For example, a security group moved from another OU appeared as a distribution group if the group policy of the OU allowed administrators to create distribution groups only.

  • Clicking Save in the General Properties window of that group modified the type of the group to the policy-enforced group type.

These issues have been solved so that the Active Roles Web Interface displays the correct group information for each group in the OU, and enforces the group policy only for newly-created groups.

270156

Previously, in the Active Roles Web Interface, you could experience slow performance if you disabled inbound and outbound TCP ports 7465 (HTTP) and 7466 (HTTPS).

This issue was caused by the notification system that displays Starling-related notifications under the Notifications (bell) icon. The notification system uses these ports for communication, so disabling these ports resulted in slow performance.

The issue has been resolved by updating the Active Roles Web Interface to support disabling Starling-related notifications. To do so, navigate to Customization > Global Settings and clear Enable Starling promotion.

NOTE: If your Active Roles deployment is connected to One Identity Starling, One Identity recommends enabling Starling promotion. To ensure that notifications work, enable inbound and outbound TCP ports 7465 (HTTP) and 7466 (HTTPS) in your environment.

216315

Known issues

The following is a list of issues known to exist at the time of release.

Table 8: General known issues
Known Issue Issue ID

Activating the EnableAntiForgery key (<add key="EnableAntiForgery" value="true"/> in web.config) may cause the following error message:

Session timeout due to inactivity. Please reload the page to continue.

Workaround

Update the IgnoreValidation key in the<appSettings> section by adding a property value in lowercase:

  1. Open the IIS Manager.

  2. In the left pane, under Connections, expand the tree view to Sites > Default Web Site.

  3. Under Default Web Site, click on the Active Roles application (ARWebAdmin by default).

  4. Double-click Configuration Editor.

  5. From the Section drop-down, select appSettings.

  6. Find the IgnoreForValidation key.

  7. Append the comma-separated value to IgnoreForValidation, for example: lowercasecontrolname.

  8. In the right pane, under Actions, click Apply.

  9. Recycle the App pool.

91977

Table 9: Known Issues – Active Roles Configuration Center
Known Issue Issue ID
When configured for Group and Contacts, the Office 365 and Azure Tenant Selection policy displays additional tabs. 229031
Tenant selection supports selecting only a single tenant. 229030

In the Starling Connect Connection Settings link, clicking Next displays progress, but the functionality is not affected, so the button is not required.

126892

Table 10: Known Issues – Active Roles Console (MMC Interface)

Known Issue

Issue ID

Automation workflow with Office 365 script fails, if multiple workflows share the same script and the script is scheduled to execute at the same time.

Workaround

One Identity recommends scheduling the workflows with different scripts or at a different time.

200328

When a workflow is copied from built-in workflows, it may not run as expected.

153539

Azure Group Properties are not available if they are added to the Office 365 Portal or Hybrid Exchange Properties from the forwarding address attribute of Exchange online users.

98186

In Active Roles with the Office 365 Licenses Retention policy applied, after deprovisioning the Azure AD user, the Deprovisioning Results for the Office 365 Licenses Retention policy are not displayed in the same window.

Workaround

To view the Deprovisioning Results after deprovisioning the Azure AD user:

  • In Active Roles MMC Console, right-click and select Deprovisioning Results.

  • In the right pane of the Active Roles Web Interface, click Deprovisioning Results.

  • To refresh the form, press F5.

91901

Table 11: Known Issues – Active Roles Installer

Known Issue

Issue ID

After upgrading Active Roles, the pending approval tasks are not displayed in the Active Roles Web Interface.

91933

Table 12: Known Issues – Active Roles Synchronization Service

Known Issue

Issue ID

In the Active Roles Synchronization Service, the following new attributes of the Microsoft Azure AD Connector are currently not supported and cannot be queried via the Microsoft Graph API:

  • user attributes:

    • aboutMe

    • birthday

    • hireDate

    • interests

    • mySite

    • officeLocation

    • pastProjects

    • preferredName

    • responsibilites

    • schools

    • skills

    • contacts

  • group attributes:

    • allowExternalSenders

    • autoSubscribeNewMembers

    • hideFromAddressLists

    • hideFromOutlookClients

    • isSubscribedByMail

    • unseenCount

    • acceptedSenders

    • membersWithLicenseErrors

    • rejectedSenders

    • hasMembersWithLicenseErrors

This means that although these attributes are visible, they cannot be set in a mapping rule.

304074

After running the get-qcworkflowstatus cmdlet in the Synchronization Service, the workflow status is not accurate.

125768

Table 13: Known Issues – Active Roles Web Interface
Known Issue Issue ID

In the Active Roles Web Interface, when you click Azure > Resource Mailboxes to query room mailboxes after being idle for approximately 15-20 minutes, the Active Roles Web Interface will not list any room mailboxes.

Workaround

Restart the Administration Service.

293380

In the Active Roles Web Interface, Azure roles are not restored automatically after performing an Undo Deprovision action on a user.

Workaround

After the Undo Deprovision action is completed, assign the Azure roles to the user manually.

 172655

Active Roles does not support creating Azure groups for existing groups.

117015

Active Roles Web Interface does not support setting the Exchange Online Property of the ProhibitSendQuota value in Storage Quotas. 91905

System requirements

Before installing Active Roles 7.6, ensure that your system meets the following minimum hardware and software requirements.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Before installing Active Roles 7.6, ensure that your system meets the following minimum hardware and software requirements, and install the following required software:

NOTE: To run these PowerShell commands, use the 64-bit version of Windows PowerShell.

Requirement

Details

Exchange Online PowerShell V2 module 2.0.3

You must install Exchange Online PowerShell V2 module version 2.0.3 (or newer) on the computer(s) running Active Roles Administration Service. For installation instructions, see Install and maintain the EXO V2 module in the Microsoft Azure Exchange PowerShell documentation.

Azure AD PowerShell module

You must install the latest version of the Azure Active Directory (AD) PowerShell module on the computer(s) running Active Roles Administration Service. For installation instructions, see Installing the Azure AD Module in the Microsoft Azure PowerShell documentation.

Az.Accounts PowerShell module 2.5.3

You must install Az.Accounts PowerShell module version 2.5.3 (or older) on the computer(s) running Active Roles Administration Service and Active Roles Synchronization Service. For installation instructions, see Az.Accounts 2.5.3 in the Microsoft PowerShell Gallery.

Microsoft Teams PowerShell module 2.3.1

You must install Microsoft Teams PowerShell module version 2.3.1 on the computer running Active Roles Administration Service. For installation instructions, see Install Microsoft Teams PowerShell in the Microsoft Teams documentation.

NOTE: To apply Teams-specific configurations or changes using Microsoft 365 workflows or scripts in Active Roles workflows, you must install Microsoft Teams PowerShell module 2.3.1. Active Roles supports Microsoft Teams PowerShell module version 2.3.1 only due to an issue with app-only authentication in later versions. You cannot use later versions of this module until Microsoft addresses the app-only authentication issue.

SharePoint Online Management Shell - x64

You must install SharePoint Online Management Shell on the computer running Active Roles Administration Service. For installation instructions, see Get started with SharePoint Online Management Shell in the Microsoft SharePoint PowerShell documentation.

Microsoft Edge WebView2 Runtime

You must install Microsoft Edge WebView2 Runtime on the computer running Active Roles Administration Service. For more information, see Introduction to Microsoft Edge WebView2 in the Microsoft Edge Developer documentation.

(Optional) One Identity certificate

If your organization enforces the AllSigned execution policy, you must install the One Identity certificate during the installation of Active Roles.

For the system requirements of each Active Roles component, see the following sections:

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação