Chat now with support
Chat with Support

Active Roles 7.3.1 - Product Overview


Active Roles simplifies and streamlines creation and ongoing management of user accounts and groups in Windows Active Directory (AD) centric environments by automating user and group account creation in AD, mailbox creation in Exchange, group population, and resource assignment in Windows. It provides strictly enforced security, rich capabilities for automating directory management tasks, change approval and easy-to-use Web interfaces, to achieve practical user and group account management for the Windows enterprise.

Active Roles offers point-and-click modular configuration for easy deployments, along with rules and a delegated administration model to ensure correct access and tight security. A multi-level approval workflow, easy-to-use Web interfaces, and integration points reduce costs associated with user and group account management, with no custom coding required.

This document is designed for IT managers, network administrators, operations managers, and security managers who are evaluating Active Roles and want to learn how it works. The document examines:

  • Active Roles features and benefits
  • The system’s components and architecture
  • Access Templates, Policy Objects, and Managed Units
  • Support for Active Directory security management
  • Customization with the Active Roles ADSI Provider and support for scripting
  • Rule-based management of group membership lists
  • Operation of Active Roles in multi-forest environments
  • Capabilities of the Active Roles Web Interface
  • Example scenarios in which Active Roles might be used




Active Roles (formerly known as ActiveRoles®), delivers a reliable, policy-based administration and provisioning solution, allowing enterprises to fully benefit from Active Directory and Microsoft Exchange deployment.

One of the most valuable features of the product is the ability to automate provisioning tasks on directory objects in compliance with corporate administrative policies in corporate Active Directory and Exchange environments.

Active Roles provides consistent enforcement of corporate policies, a role-based administrative model, and flexible, rule-based administrative views, creating a reliable and secure environment for distributed administration and account provisioning.

NOTE: For information on the Active Roles 7.3 features see the Active Roles What's New Guide.


Examples of use

Active Roles can be configured to provide a wide range of directory management solutions, allowing organizations to create more secure, productive, and manageable Active Directory and Microsoft Exchange environments. This section highlights how Active Roles helps to address the challenges faced by enterprises today.

Distributing administration

Suppose a large company wants to introduce distributed administration, but wants to avoid the large costs involved in training their Help Desk and business units to correctly use complex administrative tools. In this situation, there is the need for an easy-to-use tool, to control what actions the Help Desk and business units can perform, and to enforce company policies and procedures.


Active Roles allows organizations to create Managed Units and to designate Trustees over those Managed Units. Trustees only see the objects to which they have access. They are given only the rights they need for the objects within these Managed Units, down to individual properties. Unlike native Active Directory organizational units, Managed Units provide virtual boundaries that span across domains and forests, offering more flexible delegation capabilities.

Delegating limited control over Managed Units efficiently eliminates the need for high-level administrative user ID's, allowing organizations to securely distribute administrative authority to local management. To improve network security and make distributed administration safe, Active Roles defines and enforces customizable administrative polices.

Active Roles allows organizations to safely implement administration for business units. If a company has a number of different business units, each of equal importance and each located in a separate office, a single network administrator could support all of the sites. Active Roles allows the company to create a single Managed Unit, giving an administrator control over users and resources that span multiple domains.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating