Prerequisites for upgrade from Active Roles 6.9
Before any upgrade is performed, first consider the following:
- There is no need to break replication when upgrading to Active Roles 7.3 from 6.9 as Active Roles 7.3 does not support an in-place upgrade in this scenario. A side-by-side installation of Active Roles must be performed and replication must be configured post installation on the new instance of Active Roles.
NOTE: During and post-installation of Active Roles 7.3, the existing installation of Active Roles 6.9 will be available and fully functional. Hence, users will not be affected during the upgrade process with the exception of Dynamic Groups. For more details please review the knowledge base article, https://support.oneidentity.com/kb/211388.
To perform the Upgrade
- From the installation media, run ActiveRoles.exe.
- Accept the licensing agreement and click Next.
- Select the desired components and click Next.
- Review the summary and click Install.
- By default, the I want to perform configuration option is selected. Click Finish to launch the Configuration Center
- In the Configuration Center, under the Administration Service option click Configure.
- Select a service account that will run the Active Roles service and click Next.
- Choose the appropriate security group that will hold the role of the Active Roles Admin group and click Next.
- If this is the first installation of Active Roles 7.3, select New Active Roles database and click Next.
- Enter the appropriate SQL server, database name and credentials. Click Next.
- After completing, click Finish.
- In the Configuration Center, under Dashboard click Import Configuration, specify the Source SQL server, database and access credentials, and then click Next.
- Click Next.
- If the current Active Roles 7.3 service is running, stop it and then click Next to continue.
- If you have the encryption key, provide it. If not, select Do not import encrypted data and click Next.
- If you do not have the encryption key, you must re-enter the credentials for any Managed Domains, which are not managed by the Active Roles Service account.
The Add-On Advisor checks if there are any incompatible Add-Ons installed the Wizard will not proceed. Before continuing, uninstall the Add-Ons from the Active Roles 6.9 server.
- Click Next.
- Once ready, click Import.
Importing change history
The Change History from Active Roles 6.9 database is not imported during the initial import, as the Change History may be extremely large and thus would take a long time for the initial Setup to complete. Active Roles provides a separate utility for importing Change History.
- In the Active Roles Configuration Center, click Import Management History under Administration Service.
- Enter the Active Roles 6.9 source database and appropriate credentials and click Next.
- Select the destination database and click Next.
- Choose the records to import and click Next.
- Confirm the settings and click Import.
The progress screen is displayed, and after completion, the summary is displayed.
In-place upgrade from Actve Roles 7.x
In-place upgrade from Actve Roles 7.x
Office 365 Add-On that was previously available for Active Roles is no longer compatible with Active Roles 7.3. Before proceeding with the upgrade from 7.0.x to 7.3, the Office 365 Add-On must be uninstalled.
For an upgrade demonstration, please refer to the following knowledge base articles:
Backing up the Active Roles Database
Before upgrading, it is recommended to back up the Active Roles database. For general best practices, please refer to the following Microsoft article:
Prerequisites for in-place upgrade from Active Roles 7.x
It is recommended to back up the current Web Interfaces if any customizations have been implemented.
Any Web Interfaces that were created in Active Roles 7.2.x will continue to function in 7.3. However, it is recommended to thoroughly test before upgrading, as some customizations may not work as expected in newer versions of Active Roles.
To back up the Web Interface Configurations
- Launch the Active Roles Configuration Center.
- Click Web Interface.
- Select the desired site(s) and click Export Configuration.
To upgrade Active Roles
- Run ActiveRoles.exe from the installation media.
- Click Next to continue.
- Accept the license agreement and click Next.
- Review the summary and warning. If the Office 365 Add-On is installed in the 7.0.x instance, uninstall it before continuing.
- If the system does not restart, click Update Service Instance in the Configuration Center.
- If the system restarts and the Configuration Center does launch automatically, launch the Configuration Center and click Update Service Instance.
Due to the update of the database schema, the 7.0 versions of the Websites are no longer compatible.
- Click Manage Sites under Web Interface in the Configuration Center.
- Make note of the current websites and configurations used (For example, ARWebAdmin, using configuration “Site for Administrators”).
- Delete all the sites and click +Create.
- Enter the Alias of the site, for example ARWebAdmin and click Next.
- On the Configuration screen, ensure Create from a template is selected.
- Enter a Configuration name, select the original Template to import from (for example, “Site for Administrators 7.0”), and then click Create.
Formerly a standalone product called Quick Connect, the Synchronization Service is now part of Active Roles 7.
With Synchronization Service, complete automation can be implemented to process data synchronization between the data systems.
Synchronization Service increases the data management efficiency by allowing automation of the creation, deprovision, and update operations between data systems. For example, when an employee joins or leaves the organization, the related information in the data systems managed by Synchronization Service is automatically updated, thereby reducing the administrative workload and getting the new users up and running faster.
In order to synchronize identity data between external data systems, Synchronization Service must be configured to connect to these data systems through connectors. A connector enables Synchronization Service to access specific data system to read and synchronize data in that system according its settings. Out of the box, Synchronization Service includes a number of built-in connectors:
- Active Roles versions 7.3, 7.2.x, 7.1, 7.0 and 6.9
- Identity Manager version 7.1
- Quest One Identity Manager version 6.1 or 6.0
- Delimited text files
- Microsoft Active Directory Domain Services
- Microsoft Active Directory Lightweight Directory Services
- Microsoft Azure Active Directory
- Microsoft Exchange Server
- Microsoft Skype for Business Server
- Microsoft Office 365
- Microsoft SharePoint
- Microsoft SQL Server
- OLE DB-compliant relational database
Figure 1: Technical Overview