Chat now with support
Chat with Support

Active Roles 7.3.3 - Release Notes

Synchronization Service

Synchronization Service

 

Table 5: Synchronization Service requirements

Requirement

Details

Platform

Any of the following:

  • Intel 64 (EM64T)
  • AMD64
  • Processor speed: 2.0 GHz or faster

For best results, a multi-core processor recommended.

Memory

At least 2 GB of RAM. The amount required depends on the number of objects being synchronized.

Hard disk space

250 MB or more of free disk space. If SQL Server and Synchronization Service are installed on the same computer, the amount required depends on the size of the Synchronization Service database.

Operating system

You can install the Synchronization Service on a computer running:

  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition
  • Microsoft Windows Server 2016, Standard or Datacenter edition

NOTE: Active Roles is not supported on Windows Server Core mode setup.

Microsoft .NET Framework

Synchronization Service requires Microsoft .NET Framework 4.6.2 (see “Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).

SQL Server

You can host the Synchronization Service database on:

  • Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2016, any edition
  • Microsoft SQL Server 2017, any edition

Windows Management Framework

On all supported operating systems, the Synchronization Service requires Windows Management Framework 5.1 (see  “Windows Management Framework 5.1” at

https://www.microsoft.com/en-us/download/details.aspx?id=54616

).

Supported connections

The Synchronization Service can connect to:

  • Microsoft Active Directory Domain Services with the domain or forest functional level of Windows Server 2008 or higher
  • Microsoft Active Directory Lightweight Directory Services running on any Windows Server operating system supported by Microsoft
  • Microsoft Exchange Server version 2016, 2013, or 2010

    NOTE: Microsoft Exchange 2013 CU11 is no longer supported. Refer KB article 202695.
  • Microsoft Lync Server version 2013 with limited support
  • Microsoft Skype for Business 2015 or 2016
  • Microsoft Windows Azure Active Directory using the Azure AD Graph API version 1.6.

    NOTE: Active Roles Synchronization Service 7.3 does not support Directory schema extensions for Azure Graph API 1.6.
  • Microsoft Office 365 directory
  • Microsoft Exchange Online service
  • Microsoft Skype for Business Online service
  • Microsoft SharePoint Online service
  • Microsoft SQL Server, any version supported by Microsoft
  • Microsoft SharePoint 2016 or 2013
  • Active Roles version 7.3, 7.2, 7.1, 7.0, and 6.9
  • One Identity Manager version 7.0 (D1IM 7.0)

    NOTE: Quest One Identity Manager (Q1IM) connector versions 6.x are not supported in Active Roles 7.3.
  • One Identity Manager version 8.0
  • Data sources accessible through an OLE DB provider
  • Delimited text files

Legacy Active Roles ADSI Provider

To connect to Active Roles version 6.9, the Active Roles ADSI Provider of the respective version must be installed on the computer running the Synchronization Service. For installation instructions, see the Quick Start Guide for the appropriate Active Roles version.

Azure AD Module for Windows PowerShell Version 2

To connect to the Office 365 directory, the following software must be installed on the computer running the Synchronization Service:

  • Microsoft Online Services Sign-In Assistant for IT Professionals
  • Azure Active Directory Module for Windows PowerShell

For installation instructions, see “Install the Azure AD Module” at https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0.

Run the following command:

install-module msonline

Windows PowerShell Module for Skype for Business Online

To connect to the Skype for Business Online service, Windows PowerShell Module for Skype for Business Online must be installed on the computer running the Synchronization Service. For installation instructions, see “Windows PowerShell Module for Skype for Business Online” at http://go.microsoft.com/fwlink/?LinkId=294688.

SharePoint Online Management Shell

To connect to the SharePoint Online service, SharePoint Online Management Shell must be installed on the computer running the Synchronization Service. For installation instructions, see “SharePoint Online Management Shell” at http://go.microsoft.com/fwlink/?LinkId=255251.

One Identity Manager API

To connect to One Identity Manager 7.0, One Identity Manager Connector must be installed on the computer running the Synchronization Service. This connector works with RESTful web service and SDK installation is not required.

Internet Connection

To connect to cloud directories or online services, the computer running the Synchronization Service must have a reliable connection to the Internet.

Synchronization Service Capture Agent

Synchronization Service Capture Agent

 

Table 6: Synchronization Service Capture Agent

Requirement

Details

Microsoft .NET Framework

Synchronization Service requires Microsoft .NET Framework 4.6.2 (see “Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).

Additional Requirements

To synchronize passwords from an Active Directory domain to some other connected data system, you must install the Sync Service Capture Agent on all domain controllers in the source Active Directory domain.

The domain controllers on which you install Sync Service Capture Agent must run one of the following operating systems with or without any Service Pack (both x86 and x64 platforms are supported):

  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2

For more information, see the Active Roles Synchronization Service Administration Guide.

New Features

New features

This section provides a summary of the new features included in Active Roles Version 7.3 For detailed information about new features, see the What’s New document for Active Roles 7.3

Major new features in Active Roles Version 7.3:

  • Support for One Identity Hybrid Subscription
  • Support for Hybrid Directory Mailbox Management
  • Support for Microsoft SQL Server 2017

  • Support for connecting to One Identity Starling, the Software as a Service (SaaS) solution of One Identity through Active Roles
  • Integration of Starling Two-factor Authentication with Active Roles through the Web interface

  • Support for customizing Microsoft Office 365 license related operations on User provisioning and deprovisioning

  • Enhancements

    • Display the number of members in a Group in the Web interface

    • SPML Extension Enhancement to Modify Shared Mailbox User permissions

    • Back Sync Improvements

    • Sync Service enhancements

    • Password generation policy enhancement
    • Web interface security enhancements
    • Enhanced Web interface accessibility for disabled users.

See also Resolved issues.

Enhancements

The following is a list of enhancements implemented in Active Roles Version 7.3.

 

Table 7: General enhancements
Enhancement Issue ID
In Active Roles Collector, provide an option to skip the collection of Group and Organizational unit's hierarchy information. 105437
Optimization of Configuration and Management history database migration process to improve the performance. 90567

Display the number of members in a Group in the Active Roles Web interface.

746735

SPML Extension Enhancement to Modify Shared Mailbox User permissions.

669617

Back Sync Improvements: The Azure Backsync Configuration feature allows you to configure the backsync operation in Azure with on-premises Active Directory objects through the Synchronization Service Web interface. The required connections, mappings, and Sync workflow steps are created automatically.

762723

Sync Service enhancements:

  • Support for Microsoft Share Point 2016
  • Support for Microsoft Exchange 2016
  • Support for Microsoft SQL Server 2017
  • Support for Windows PowerShell version 5.1
741086

Password generation policy enhancement:

  • Revamped Password Generation Script module from VB Script to PowerShell module.
  • Inclusion of mandatory use of special characters in every password.
  • Provision to configure password length .

NOTE: During Active Roles upgrade, the new Password Generation script in PowerShell is set as the default script. However, the VB script that was used earlier is still retained in the same container.
734457

Web interface security enhancements: Any Web interface is prone to security issues such as Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS ) attacks. To prevent and protect against such attacks Active Roles can now be configured to enable CSRF and XSS for the Web interface.

For more information on the Web interface security enhancements see the Active Roles Web Administration Guide.

773058

Active Roles now provides enhanced accessibility for disabled users. However, these settings are not available by default.

To enable these settings that provide enhanced accessibilty, perform the below configuration:

  1. Open IIS Manager, expand default website, and click on Active Roles Application (Default is ARWebAdmin).
  2. In the right pane, click Configuration Editor.
  3. In the Section drop-down, select <appSettings>, and open the Collection Editor.
  4. Set the key508compliance value to 1, and apply the changes.
  5. Restart IIS.

 

 

761876
Related Documents