Chat now with support
Chat with Support

Active Roles 7.2 - Release Notes

Synchronization Service

Release Notes > System Requirements > Synchronization Service

 

Table 5: Synchronization Service requirements

Requirement

Details

Platform

Any of the following:

  • Intel 64 (EM64T)
  • AMD64
  • Processor speed: 2.0 GHz or faster

For best results, a multi-core processor recommended.

Memory

At least 2 GB of RAM. The amount required depends on the number of objects being synchronized.

Hard disk space

250 MB or more of free disk space. If SQL Server and Synchronization Service are installed on the same computer, the amount required depends on the size of the Synchronization Service database.

Operating system

You can install the Synchronization Service on a computer running:

  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition
  • Microsoft Windows Server 2016, Standard or Datacenter edition

Microsoft .NET Framework

Synchronization Service requires Microsoft .NET Framework 4.6.2 (see “Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).

SQL Server

You can host the Synchronization Service database on:

  • Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2016, any edition

Windows Management Framework

On Windows Server 2008 R2, the Synchronization Service requires Windows Management Framework 3.0 (see  “Windows Management Framework 3.0” at http://go.microsoft.com/fwlink/?LinkId=272757).

Supported connections

The Synchronization Service can connect to:

  • Microsoft Active Directory Domain Services with the domain or forest functional level of Windows Server 2008 or higher
  • Microsoft Active Directory Lightweight Directory Services running on any Windows Server operating system supported by Microsoft
  • Microsoft Exchange Server version 2013 or 2010

    NOTE: Microsoft Exchange 2013 CU11 is no longer supported. Refer KB article 202695.
  • Microsoft Lync Server version 2013 or 2010
  • Microsoft Skype for Business 2015 or 2016
  • Microsoft Windows Azure Active Directory using the Azure AD Graph API version 2013-04-05
  • Microsoft Office 365 directory
  • Microsoft Exchange Online service
  • Microsoft Lync Server Online service
  • Microsoft SharePoint Online service
  • Microsoft SQL Server, any version supported by Microsoft
  • Active Roles version 7.2, 7.1, 7.0, and 6.9
  • Quest One Identity Manager version 6.1 or 6.0 (Q1IM 6.01 or 6.0)
  • One Identity Manager version 7.0 (D1IM 7.0)
  • Data sources accessible through an OLE DB provider
  • Delimited text files

Legacy Active Roles ADSI Provider

To connect to Active Roles version 6.9, the Active Roles ADSI Provider of the respective version must be installed on the computer running the Synchronization Service. For installation instructions, see the Quick Start Guide for the appropriate Active Roles version.

Azure AD Module for Windows PowerShell Version 2

To connect to the Office 365 directory, the following software must be installed on the computer running the Synchronization Service:

  • Microsoft Online Services Sign-In Assistant for IT Professionals
  • Azure Active Directory Module for Windows PowerShell

For installation instructions, see “Install the Azure AD Module” at https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0.

Windows PowerShell Module for Skype for Business Online

To connect to the Skype for Business Online service, Windows PowerShell Module for Skype for Business Online must be installed on the computer running the Synchronization Service. For installation instructions, see “Windows PowerShell Module for Skype for Business Online” at http://go.microsoft.com/fwlink/?LinkId=294688.

SharePoint Online Management Shell

To connect to the SharePoint Online service, SharePoint Online Management Shell must be installed on the computer running the Synchronization Service. For installation instructions, see “SharePoint Online Management Shell” at http://go.microsoft.com/fwlink/?LinkId=255251.

One Identity Manager API

To connect to One Identity Manager 7.0, One Identity Manager Connector must be installed on the computer running the Synchronization Service. This connector works with RESTful web service and SDK installation is not required.

To connect to One Identity Manager 6.0, the Quest One Identity Manager Connector must be installed on the computer running the Synchronization Service. This connector works only when the Q1IM API SDK is installed on the system. For installation instructions, see Knowledge Article 100525 at https://support.oneidentity.com/kb/SOL100525.

Internet Connection

To connect to cloud directories or online services, the computer running the Synchronization Service must have a reliable connection to the Internet.

Synchronization Service Capture Agent

Release Notes > System Requirements > Synchronization Service > Synchronization Service Capture Agent

 

Table 6: Synchronization Service Capture Agent

Requirement

Details

Microsoft .NET Framework

Synchronization Service requires Microsoft .NET Framework 4.6.2 (see “Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).

Additional Requirements

To synchronize passwords from an Active Directory domain to some other connected data system, you must install the Sync Service Capture Agent on all domain controllers in the source Active Directory domain.

The domain controllers on which you install Sync Service Capture Agent must run one of the following operating systems with or without any Service Pack (both x86 and x64 platforms are supported):

  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2

For more information, see the Active Roles Synchronization Service Administrator Guide.

New Features

Release Notes > New Features

This section provides a summary of the new features included in Active Roles 7.2. For detailed information about new features, see the What’s New document for Active Roles 7.2.

Major new features in Active Roles 7.2:

  • Re-branding Active Roles product and documentation to One Identity brand.
  • Active Roles Platform Upgrade - Support for the latest version releases of the all dependent Microsoft platforms and applications, which include the following:

    • Microsoft Exchange 2016
    • Microsoft Windows Server 2016
    • Microsoft SQL Server 2016
    • Microsoft .NET Framework 4.6.2
  • Support for managing Skype for business through Active Roles.
  • Active Roles in-place upgrade enhancements.
  • Limited support for Exchange Online.

  • Management of Azure AD Contacts.

  • Management of Azure AD Distribution groups.

  • Enhancements to Azure Active Directory and Office 365 functionality:

    • Azure License Reporting
    • Visual indicator for Azure configuration status
    • Granular license customization
    • Support for synchronized identity environments
    • Azure Application permissions enhancements
    • Support for creating users, groups, and contacts in Azure/Office 365 through SPML

See also Resolved issues.

Resolved Issues

Release Notes > Resolved Issues

The following is a list of issues addressed in this release.

 

Table 7: Administration Service and ERFM

No

Resolved issue

Issue ID

1

When a distribution list is modified, Active Roles may display the following error:

"A parameter cannot be found that matches parameter “BypassSecurityGroupManagerCheck

683675

2

In Active Roles with Change Auditor integration, a workflow notification fails with an error: Specified method is not supported. 704835

3

Currently, Active Roles does not detect or overrides Native Active Directory schema modification performed for All extended rights ACE on default security for 'Computer' object type.

To enable the fix on a system running Active Roles 7.2 Service:

  1. After installation, open the Registry Editor by navigating to Start->Run and typing regedit on the machine where Active Roles Service is installed.
  2. Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Active Roles.
  3. Right click and select New DWORD (32-bit) Value.
  4. Enter the registry key name as DisableExtendedRightsACE.
  5. Double click on the registry key name DisableExtendedRightsACE and in the Value Data field, set the registry key value to 1 and click OK.
  6. Setting this value to 0 or deleting the key disables the fix.
  7. Re-start the Active Roles Administration Service.

642572

4

In Active Roles modifying the equipment mailbox or Room mailbox to include an user as "Send As trustee" fails with error message "Set-CASMailbox , 'ActiveSyncMailboxpolicy' may not be performed on resource mailbox"

To enable the fix on a system running Active Roles 7.2 Service:

  1. After installation, open the Registry Editor by navigating to Start->Run and typing regedit on the machine where Active Roles Service is installed.
  2. Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Active Roles.
  3. Right click and select New DWORD (32-bit) Value.
  4. Enter the registry key name as

CASMailBoxExch.

  1. Double click on the registry key name

CASMailBoxExch and in the Value Data field, set the registry key value to 1 and click OK.

  1. Setting this value to 0 or deleting the key disables the fix.

667425

5

In Active Roles for users having remote mailboxes, the error "Administrative Policy returned an error. The operation couldn't be performed because object couldn't be found." is displayed when values are added to

  • Message Delivery Restrictions: "Accept messages from" and "Reject messages from" the following sub tabs:
  • Exchange General: "Hide from Exchange address list" is checked and
  • Exchange Tasks: "Delete E-mail Addresses" is executed.

To enable the fix on a system running Active Roles 7.2 Service:

  1. After installation, open the Registry Editor by navigating to Start->Run and typing regedit on the machine where Active Roles Service is installed.
  2. Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Active Roles\7.2\Service.
  3. Right click and select New DWORD (32-bit) Value.
  4. Enter the registry key name as

EnableRemoteMail .

  1. Double click on the registry key name

EnableRemoteMail and in the Value Data field, set the registry key value to 1 and click OK.

  1. Setting this value to 0 or deleting the key disables the fix.

675080

 

Active Roles VA processing throttles SQL CPU usage and Active Roles does not function as normal.

This fix optimizes the SQL lookups for Virtual Attributes in Active Roles.

To enable this hotfix, set up a registry key as follows:

  1. After installation, open the Registry Editor by navigating to Start->Run and typing regedit on the machine where Active Roles Service is installed.
  2. Navigate to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Active Roles\Configuration\Service.
  3. Right click and select New DWORD (32-bit) Value.
  4. Enter the registry key name as Disable500VA.
  5. Double click on the registry key name Disable500VA, and in the Value Data field set the registry key value to "1" and click OK.
  6. Setting this value to 0 or deleting the key disables the fix.
  7. Restart the Service to enable or disable the hotfix.

    NOTE: The Event ID 2508 generated in the Event Viewer, during Service startup, displays the following message if the hotfix is enabled successfully: Disable500VA registry value set to 1.

726038

 

Table 8: Console (MMC Interface)

No

Resolved issue

Issue ID

6

In Active Roles Web Interface and MMC Console, updating Storage Quota Mailbox Setting values to 0 displays one of teh following error message:

  • Specify a value in the range of 0 through 2147483647
  • Specify a value within the following range limits. Lower limit:1. Upper limit: 2147483647

708372

7

Currently, Active Roles MMC is slow while displaying objects in a container having large number of objects.

After applying the fix , it is mandatory to clear the schema by performing the following steps:

  1. Stop the Active Roles Server Administration service on all Active Roles Servers which either share the same database or which are replication partners of the same configuration
  2. Run this query on the SQL server that is hosted by Active Roles, targeting the Active Roles Server database ( ARServer72):

    exec ClearTable tblSchema

    For replication, the query only needs to be run on the Publisher and it will replicate to the subscribers.

  3. Start the Active Roles Server Administration service only on the first Active Roles Server. Once the initial service is available (you can login to the MMC), proceed to any other Active Roles Servers, one at a time. Failure to do so will cause the Active Roles Server service to not start properly and you will have to redo Steps 1-3 again.

705461

8

In Active Roles Workflow, trying to add the approvers using a script that uses persistent variable displays the following error: Object Reference not set to an instance of an object.

703134

 

Table 9: Web Interface and ADSI Provider

No

Resolved issue

Issue ID

9

In Active Roles Web interface, clicking Save in the Exchange Properties form of a mailbox, sends the attribute edsva-MsExch-ProtocolSettings-ActiveSync-PolicyDN in the request, irrespective of the change performed.

709954

10

In ActiveRoles Web interface, searching for Target Object field user fails in the Advanced Search page of the Approval tab.

714070

11

Currently, Active Roles ADSI provider Computer Resource Namespace fails to list Local Groups membership correctly when a Virtual Account is present in it.

707413

12

In Active Roles Web Interface, Search results do not display the Groups from the parent domain when Scope is set to Active Directory.

698252

13

In Active Roles, applying read-only access template to "Azure Properties" Licenses tab, must disable all the licenses check box entries.

709201

 

 

 

 

 

 

 

 

 

 

 

Related Documents