Management Shell, which provides Windows PowerShell based command-line tools (cmdlets) for executing and automating administrative tasks in Active Roles, is now a part of the Management Tools component included in the Active Roles Setup. The Management Shell cmdlets are packaged in two modules:
You can use the Import-Module command to load these modules and gain access to all cmdlets provided by Active Roles Management Shell.
How to start
This section summarizes the features and enhancements that improve the user experience of those who deploy and administer Active Roles, implementing and maintaining the Active Roles-based administrative structure.
With the brand-new installation and upgrade experiences, Active Roles has become much easier to evaluate, deploy, upgrade and configure. Key highlights include:
Active Roles now provides a single installation file SETUP.EXE instead of numerous installation MSI files. With this single installation file, you can install the core Active Roles components, including Administrative Service, Web Interface and Management Shell.
Some solutions still have separate MSI files, such as Add-on Manager or SPML Provider. You can get them from the Active Roles distribution media.
Active Roles can now coexist with an earlier version of Active Roles on the same computer, so you can run the new version of Active Roles side-by-side with the earlier Active Roles version. In this way, you can use the same hardware during upgrade of Active Roles from an earlier version while keeping the earlier version available for business needs.
Note that the name of the Windows service running the Administrative Service and the names of the default Web Interface sites have changed, to avoid conflicts with the names used in the earlier Active Roles version.
Active Roles 7.2 introduces a new configuration management solution that unifies management of core configuration for the Active Roles Administration Service and Web Interface. Configuration Center provides a single solution for configuring Administration Service instances and Web Interface sites, allowing administrators to perform the core configuration tasks from a single location. Highlights include:
The Configuration Center operations are fully scriptable using Windows PowerShell command-line tools provided by the Active Roles Management Shell.
While managing core configuration of Active Roles components is not new, Configuration Center unifies the functionality of multiple earlier tools in a single, simple, wizard-based user interface. Configuration Center provides a single point of access to management wizards for all configuration tasks.
With earlier Active Roles versions, administrators were required to use several tools for core configuration tasks: the Setup program to perform initial configuration, and to import configuration data during upgrade; the Management History Migration tool to import management history data; and the Web Interface Sites Configuration tool to create and manage Web Interface sites on the Web server. Configuration Center integrates the functionality exposed in those tools into a single, unified console, and adds a number of new capabilities, making Active Roles much easier to deploy and upgrade.
Configuration Center is composed of the following elements:
In earlier Active Roles versions, Administration Service Setup prompted for various configuration settings, and created a new, fully configured Administration Service instance; Web Interface Setup created the default Web Interface sites, which required the Administration Service to be up and running. Overall, this setup practice complicated and slowed Active Roles setup, as the completion of Active Roles installation would be delayed until the administrator responded to the prompts and the Setup program finished all the core configuration tasks. Configuration Center allows the administrator to postpone these tasks, and perform them at a convenient time after completing Active Roles Setup. By separating the configuration tasks from the Setup program, Configuration Center simplifies Active Roles installation and streamlines deployment of Active Roles components in an enterprise.
Earlier Active Roles versions allowed you to import configuration data only one time, when using the Setup program for in-place upgrade of the Administration Service. In many cases, this limitation complicated the process of deploying a new Active Roles version that would inherit the configuration of an existing, earlier Active Roles version. By allowing configuration data to be imported at any convenient time, Configuration Center makes Active Roles much easier to upgrade. You can now install the new Administration Service version side-by-side with an earlier version and then import configuration data to the new version as needed.
Earlier Active Roles versions exposed this functionality in a separate tool for configuring Web Interface sites on the Web server. Configuration Center replaces that tool, to make configuration management more efficient by providing a unified experience for administrators to perform various types of configuration tasks.
Wizards that start from hub pages help the administrator manage configuration settings. Management wizards streamline the core configuration tasks by reducing time it took in earlier versions to change the service account, admin account and database; import configuration and management history; and configure Web Interface sites on the Web server.
Configuration Center is installed as part of the Management Tools component when you install Active Roles on a 64-bit (x64) system. You can use this tool to perform configuration tasks on the local or remote computer that has the current version of the Administration Service or Web Interface installed. Configuration Center looks for these components on the local computer and, if no components has been found, prompts you to connect to a remote computer. Another way to connect to a remote computer is by using the menu on the heading bar at the top of the Configuration Center main window.
When connecting to a remote computer, Configuration Center prompts you for a user name and password. This must be the name and password of a domain user account that belongs to the Administrators group on the remote computer. In addition, whether you are going to perform configuration tasks on the local computer or on a remote computer, your logon account must be a member of the Administrators group on the computer running Configuration Center.
To perform configuration tasks on a remote computer, Configuration Center requires Windows PowerShell remoting to be enabled on that computer. Run the Enable-PSRemoting command in the PowerShell console to enable remoting (see the Enable-PSRemoting help topic at http://go.microsoft.com/fwlink/?LinkID=144300 for further details). On Windows Server 2012 or later, remoting is enabled by default.
Configuration Center is installed and, by default, automatically started after you install the Administration Service or Web Interface, allowing you to perform initial configuration tasks on the computer on which you have installed those components. If you close Configuration Manager and want to start it again, you can start Configuration Manager from the following locations:
As Configuration Center can manage Active Roles not only on the local computer but also on remote computers, it is possible to use it on a client operating system as well as on server operating systems. You can install Configuration Center by installing Active Roles Management Tools on a 64-bit (x64) server or client operating system, and then connect it to a remote computer on which the Administration Service or Web Interface is installed. To start Configuration Center on a client operating system:
To run Configuration Center on a given computer, you must be logged on with a user account that has administrator rights on that computer.
If neither the Administration Service nor the Web Interface is installed on the local computer, then Configuration Center prompts you to select a remote computer. In the Select Server dialog box that appears, supply the fully qualified domain name of a server, on which the Administration Service or the Web Interface (or both) is installed, and type the logon name and password of a domain user account that has administrator rights on that server. You can connect to a remote server at any time by selecting the Connect to another server command from the menu on the heading bar at the top of the Configuration Center main window, which also displays the Select Server dialog box.
Configuration Center enables you to perform:
Unlike Setup programs of earlier Active Roles versions, the current Setup program only installs and registers the Active Roles files, without performing any configuration. Upon completion of Active Roles Setup, Configuration Center is used to create an instance of the Administration Service and deploy the default Web Interface sites. Here you can find an overview of these initial configuration tasks.
The Configure Administration Service wizard creates the Administration Service instance, getting the Administration Service ready for use. The wizard prompts you to supply the following settings:
You have the option to create a new database, or use an existing database of the current Active Roles version. It is possible to have multiple Administration Service instances use the same database.
With the Windows authentication option, the Administration Service will use the credentials of the service account; with the SQL Server authentication option, the Administration Service will use the SQL login name and password you supply in the wizard.
To start the wizard, click Configure in the Administration Service area on the Dashboard page in the Configuration Center main window.
The Configure Web Interface wizard creates the default Web Interface sites, getting the Web Interface ready for use. The wizard prompts you to choose which Administration Service will be used by the Web Interface you are configuring. The following options are available:
This option requires you to supply the fully qualified domain name of the computer running the desired instance of the Administration Service.
This option requires you to supply the fully qualified domain name of the computer running the Administration Service instance of the desired configuration. If your environment employs Active Roles replication, this must be the computer running the Administration Service instance whose database server acts as the Publisher for the Active Roles configuration database.
To start the wizard, click Configure in the Web Interface area on the Dashboard page in the Configuration Center main window.
After installing Active Roles, you perform the initial configuration task to create the Administration Service instance, getting it ready for use. Then, you can use Configuration Center to:
On the Administration Service page in the Configuration Center main window, you can view:
From the Administration Service page in the Configuration Center main window, you can change:
The task of importing configuration data arises when you upgrade the Administration Service. In this case, you need to transfer the Active Roles configuration data from the database used by your Administration Service of the earlier version to the database used by your Administration Service of the new version. To perform this task, click Import Configuration on the Administration Service page in the Configuration Center main window, and follow the steps in the Import Configuration wizard that appears.
The Import Configuration wizard prompts you to specify the Active Roles database from which you want to import the configuration data (source database) and identifies the database of the current Administration Service to which the configuration data will be imported (destination database), letting you choose the connection authentication mode (Windows authentication or SQL Server login) for each database. Then, the wizard performs the import operation. During the import operation, the wizard retrieves and upgrades the data from the source database, and replaces the data in the destination database with the upgraded data from the source database.
Although this task looks similar to the task of importing configuration data, there are important differences:
Because of these considerations, Configuration Center provides a different wizard for importing management history. The distinctive features of the Import Management History wizard are as follows:
To start the Management History Import wizard, click Import Management History on the Administration Service page in the Configuration Center main window. The wizard prompts you to specify the Active Roles database from which you want to import the management history data (source database) and identifies the database of the current Administration Service to which the management history data will be imported (destination database), letting you choose the connection authentication mode (Windows authentication or SQL Server login) for each database. Then, the wizard lets you choose whether you want to import all management history records or only records within a certain date range, and performs the import operation. During the import operation, the wizard retrieves and upgrades management history records from the source database, and adds the upgraded records to the destination database.
On the Administration Service page in the Configuration Center main window, you can view the state of the Administration Service, such as:
You can start, stop or restart the Administration Service by clicking the Start, Stop or Restart button at the top of the Administration Service page in the Configuration Center main window. If the function of a given button is not applicable to the current state of the Administration Service, the button is unavailable.
After installing Active Roles, you perform the initial configuration task to create the default Web Interface sites, getting the Web Interface ready for use. Then, you can use Configuration Center to:
Here you can find an overview of these tasks.
The Web Interface page in the Configuration Center main window lists all Web Interface sites that are deployed on the Web server running the Web Interface. For each Web Interface site, the list provides the following information:
From the Web Interface page, you can open Web Interface sites in your Web browser: Click an entry in the list of Web Interface sites and then click Open in Browser on toolbar.
You can create a Web Interface site by clicking Create on the Web Interface page in the Configuration Center main window. The Create Web Interface Site wizard appears, prompting you to:
Then, the wizard lets you specify the object to hold the configuration and customization data of the new Web Interface site on the Active Roles Administration Service. You can choose from the following options:
The new site will have the default configuration and customization based on the template you select.
The new site will have the same configuration and customization as any existing Web Interface site that also uses the object you select. This option is intended for the scenario where you create an additional instance of one of your existing Web Interface sites on a different Web server.
The new site will inherit the configuration and customization of the site that used the object you select for data import. This option is mainly intended for the upgrade scenario where you create Web Interface sites of the new Active Roles version that have the same configuration and customization as your Web Interface sites of an earlier Active Roles version. In this scenario, you import the configuration data of the earlier version to the Administration Service of the new version (which also imports the site configuration objects of the earlier version), and then create configuration objects for Web Interface sites of the new version by importing data from site configuration objects of the earlier version.
Active Roles
From the Web Interface page in the Configuration Center main window, you can make changes to existing Web Interface sites: Click an entry in the list of sites and then click Modify on the toolbar. The Modify Web Interface Site wizard starts, allowing you to:
Then, the wizard lets you specify the object to hold the site’s configuration and customization data on the Active Roles Administration Service. You can choose from the following options:
The site’s configuration will remain intact. The wizard displays the name and version of the current configuration object.
The site will have the default configuration and customization based on the template you select.
The site will have the same configuration and customization as any existing Web Interface site that also uses the object you select. You could use this option to deploy an additional instance of one of your existing Web Interface sites on a different Web server.
The site will inherit the configuration and customization of the site that used the object you select for data import. You could use this option to deploy a Web Interface site of the new Active Roles version with the same configuration and customization as one of your Web Interface sites of an earlier Active Roles version. In this case, you import the configuration data of the earlier version to the Administration Service of the current version (which also imports the site configuration objects of the earlier version), and then create the site configuration object by importing data from the appropriate site configuration object of the earlier version.
The site will inherit the configuration and customization of the site whose configuration data was saved to the export file you specify. You can choose an export file of any supported Active Roles version.
On the Web Interface page in the Configuration Center main window, you can delete Web Interface sites: Click an entry in the list of sites and then click Delete on the toolbar. This operation only deletes the Web Interface site from the Web server, without deleting the site’s configuration object from the Administration Service.
When you delete a site, the site’s configuration object remains intact on the Administration Service. You can set up a Web Interface site with the same configuration as the site you have deleted, by choosing the option to use that object on the Configuration step in the wizard for creating or modifying Web Interface sites.
From the Web Interface page in the Configuration Center main window, you can export site configuration objects: Click an entry in the list of sites and then click Export Configuration on the toolbar. A wizard starts, prompting you to specify the export file. The wizard then retrieves the site’s configuration object from the Administration Service, and saves the data from that object to the export file.
The export file could be considered a backup of the site’s configuration. You can set up a Web Interface site with the configuration restored from an export file, by importing that file on the Configuration step in the wizard for creating or modifying Web Interface sites.
You can use Configuration Center to enable or disable, and view diagnostic logs for the Active Roles components that are installed on the computer running Configuration Center. On the Logging page, Configuration Center lists the following information:
The toolbar on the Logging page allows you to perform the following tasks:
How to start
Configuration Center is installed and, by default, automatically started after you install the Administration Service or Web Interface, allowing you to perform initial configuration tasks on the computer on which you have installed those components. If you close Configuration Center and want to start it again, you can start Configuration Center from the following locations:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy