Active Roles uses the replication functionality of Microsoft SQL Server to copy and distribute configuration data from one Administration Service database to another, and to synchronize between configuration databases for consistency.
Administration Service database servers synchronized by using the SQL Server replication function are referred to as replication partners. Each replication partner hosts a writable copy of the Active Roles configuration data. Whenever changes are made on one replication partner, the changes are propagated to the other replication partners.
This section outlines the procedures to follow in order for you to configure replication and see how replication works in Active Roles. To use these procedures, you must install Active Roles on two network computers, as described in the Test lab setup section earlier in this document. Two Active Roles instances will be configured to replicate configuration data with each other.
When configuring Active Roles replication, you first create a replication group by designating the database server of a particular Administration Service as the Publisher.
When planning to assign the Publisher role to the database server of a certain Administration Service, ensure that the following requirements are met:
For evaluation purposes, you may configure both the SQL Server Agent service and the Administration Service to log on as a user account that belongs to the Domain Admins group of your test domain.
To assign the Publisher role to the database server of a certain Administration Service, perform the following steps using the Active Roles console.
To create the Publisher
The new replication group now has a single member—the Publisher. You can add replication partners—Subscribers. To add a Subscriber, perform the following steps using the Active Roles console.
To add a Subscriber
To see how replication works, create a Managed Unit on one of the Administration Services you have configured to be replication partners. Then, connect to the other Administration Service and verify that the new Managed Unit has been replicated to that Service.
To create a Managed Unit
Wait a few minutes and then use the Active Roles console to verify that the new Managed Unit is also created on the other Administration Service.
To verify replication of the Managed Unit
You can create, modify, or delete Active Roles configuration objects, such as Managed Units, Access Templates or Policy Objects, on one of the replication partners, regardless of whether it is the Publisher or a Subscriber, and then connect to other replication partners and see that your changes are propagated to all replication partners.
NOTE: Although Active Roles replication is configured to initiate the propagation of changes immediately after the changes are made, it may take a few minutes for SQL Server to propagate the changes between the Publisher and Subscribers.
The Active Roles Web Interface allows you to customize menus, commands, and forms used to administer directory objects. You can add and remove commands or entire menus, assign tasks and forms to commands, modify existing forms, and create new commands, tasks, and forms.
To use the customization capabilities of the Web Interface, you must be logged on as Active Roles Admin. If you have used the default settings when installing the Administration Service, the Active Roles Admin account is set to the Administrators local group on the computer running the Administration Service. So, to customize the Web Interface in your test environment, log on with any user account that is a member of that group.
This section provides an example of how to customize the Site for Administrators. By default, the Web Interface pages for user account creation do not include the box where you could specify the user’s telephone number. After you complete the following steps, a new field—Telephone Number—is added on the Web page for user account creation. When you fill in that field, the number is saved in the telephoneNumber property of the user account.