Active Roles offers the facility to customize its off-the-shelf functionality using scripts and applications that interact with the Administration Service. It allows a high degree of customer modification to meet specific business and organizational needs. This gives customers greater flexibility when using the product, and enables them to build solutions that can easily be integrated with existing systems and data.
The following list shows some of the ways in which the product can be customized:
Active Roles makes it possible for user-developed scripts and applications to manipulate directory objects through the Administration Service (persistent objects), and to take control of objects that are in the process of being created, modified, or deleted with Active Roles (in-process objects).
Having programmatic access to persistent and in-process objects makes it easy for developers to customize Active Roles in these two areas:
A custom application or user interface can be created to manipulate directory objects in Active Roles. Active Roles offers the ADSI Provider to communicate with the Administration Service using standard COM interfaces that conform to the Microsoft ADSI 2.5 specification.
Custom applications are executables that provide data to the Administration Service or retrieve and process data from the Administration Service. For example, an organization with a separate Human Resources database could develop and deploy a custom application that extracts personal information from the database, and then passes it to the Administration Service in order to facilitate user account provisioning.
Custom user interfaces are usually Web-based interfaces that distribute certain tasks to users. Custom user interfaces can also be used to streamline the workflow of network administrators and help-desk operators. For example, Web-based pages could be created so that help-desk operators only see the fields related to user properties that they can view and modify, according to the corporate standards.
Both custom applications and user interfaces rely on the Active Roles ADSI Provider to access the functionality of Active Roles.
Active Roles provides the ability to implement administrative policies by running user-developed scripts. This makes it possible to:
Once configured, the custom script-based policies are enforced without user interaction. Active Roles automatically handles the execution of policy scripts that supplement particular administrative operations and trigger additional administrative actions. For example, policy scripts can be used to:
Active Roles helps streamline group maintenance by defining group membership dynamically, with rule-based membership criteria. Dynamic group membership eliminates the need to manually update membership lists for security and distribution groups.
To automate the maintenance of group membership lists, Active Roles provides:
The membership criteria fall into these categories:
These membership criteria are also applicable to Managed Units.