By default, Active Roles does not limit the number of managed objects. However, as Active Roles’ license fee is based on the managed object count, you may need to verify if the object count is under a certain threshold. You can perform this task by specifying a threshold value for the number of managed objects. The scheduled task that counts managed objects then raises an alert each time it detects that the current number of managed objects exceeds the threshold value. The alert makes the Product Usage Statistics section red on the root page in the Active Roles console, and can send a notification over e-mail.
To configure thresholds and notification for the managed object count
Only members of the Active Roles Admin account are authorized to configure thresholds and notification for the managed object count.
The console does not display the Change link unless you are logged on as Active Roles Admin.
You can specify an AD DS threshold value and an AD LDS threshold value independently from each other. Active Roles raises an alert if the total number of managed objects in Active Directory domains or AD LDS directory partitions exceeds the corresponding threshold value. You may specify a threshold value for AD DS or AD LDS only. In this case, Active Roles only evaluates the managed object count for Active Directory domains or AD LDS directory partitions, respectively. If neither AD DS threshold value nor AD LDS threshold value is specified, then Active Roles does not evaluate the managed object counts at all.
If multiple mail configuration objects exist in your Active Roles environment, then you may first need to select the appropriate object from the E-mail server settings list. Mail configuration objects can be created in the Configuration/Server Configuration/Mail Configuration container in the Active Roles console.
The Active Roles console allows you to set a text label that helps you identify your Active Roles installation in the Managed Object Statistics report—a report that lists the managed object counts (see Viewing product usage statistics). You can use the installation label to distinguish, for example, between production and non-production or pilot installations. The label text is displayed in the title of the Managed Object Statistics report.
To set or change the installation label
Only members of the Active Roles Admin account are authorized to set or change the installation label.
The console does not display the Change link unless you are logged on as Active Roles Admin.
Active Roles uses the replication functionality of Microsoft SQL Server to copy and distribute configuration data from one Administration Service database to another, and to synchronize data among the databases for consistency.
Administration Service database servers synchronized by using the SQL Server replication function are referred to as replication partners. Each replication partner maintains a writable copy of the Service’s configuration data. Whenever changes are made to one replication partner, the changes are propagated to the other replication partners.
In the Active Roles environment, the SQL Server replication function is used to propagate changes to configuration data to all the replication partners, as soon as data is modified on one of the replication partners. The replication process is initiated immediately after changes are committed to a replication partner. Active Roles does not offer the facility to change this behavior.
As there is usually a moderate volume of changes, and since replication only propagates modified data (merge replication model), the amount of replication traffic is manageable. Therefore, you do not need to schedule or manually force replication in Active Roles.
A merge replication model normally requires a means of resolving conflicts that could result from changing the same data on different replication partners. In the Active Roles replication model, the outcome of the conflict is decided on a “later wins” basis, that is, the last to modify the data wins the conflict.
In the Active Roles replication model, each Administration Service database server can have one of the following roles:
The Administration Service that uses the Publisher database server is referred to as the Publisher Administration Service.
The Administration Service that uses a Subscriber database server is referred to as the Subscriber Administration Service.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy