The Active Roles Administrator Guide is designed for individuals who are responsible for creating and maintaining Active Roles’ administrative structure. This document provides conceptual information about the product, and includes instructions for deploying a secure, distributed administrative structure that combines administrative policy enforcement, role-based delegation of administration, and flexible administrative views.
The Active Roles Administrator Guide is supplemented with the Active Roles User Guide that provides information about the Active Roles console user interface, and includes instructions to help delegated administrators perform day-to-day administrative activities using the Active Roles console.
Active Roles provides out-of-the-box user and group account management, strictly enforced administrator-based role security, day-to-day identity administration and built-in auditing and reporting for Windows-centric environments. The following features and capabilities make Active Roles a practical solution for secure management of users and groups in Active Directory (AD) and AD-joined systems:
Active Roles also automates the process of reassigning and removing user access rights in AD and AD-joined systems (including user and group de-provisioning) to ensure an efficient and secure administrative process over the user and group lifetimes. When a user’s access needs to be changed or removed, updates are made automatically in Active Directory, Exchange, SharePoint, OCS, Skype for Business and Windows, as well as any AD-joined systems such as Unix, Linux and Mac OS X.
Active Roles also includes intuitive interfaces for improving day-to-day administration and help desk operations via both an MMC snap-in and a Web interface.
The solution uses out-of-the-box connectors to synchronize your on-premises AD accounts to cloud-based services such as Salesforce.com, Google Apps, Skype for Business Online and SharePoint Online.
Active Roles divides the workload of directory administration and provisioning into three functional layers—presentation components, service components, and network data sources.
Figure 1: Active Roles Components
The presentation components include client interfaces for the Windows platform and the Web, which allow regular users to perform a precisely defined set of administrative activities. The reporting solution facilitates automated generation of reports on management activities.
The service components constitute a secure layer between administrators and managed data sources. This layer ensures consistent policy enforcement, provides advanced automation capabilities, and enables the integration of business processes for administration of Active Directory, Microsoft Exchange, and other corporate data sources.
The Administration Database stores information about all permission and policy settings, and other data related to the Active Roles configuration.
On a very high level, the Active Roles components work together as follows to manipulate directory data:
Let us examine the three component layers.
The presentation components include user interfaces to serve a variety of needs. The user interfaces accept commands, display communication, and give results in a clear, concise fashion.