Active Roles (formerly known as ActiveRoles®) is an administrative platform that facilitates user and group administration for Microsoft Active Directory and Exchange. Active Roles enables organizations to create flexible administration solutions that suit their needs, while ensuring secure delegation of tasks, reduced workloads, and lower costs. It also enables the integration of diverse corporate data sources and provisioning processes, which can expedite business workflow and eliminate data inconsistencies.
This document is for IT specialists who are evaluating Active Roles. The document provides evaluation scenarios to help better understand the Active Roles functionality. The document covers the following topics:
- Active Roles test lab setup
- Managing users and groups
- Delegating administration using Active Roles
- Using Managed Units to delegate administration
- Using Active Roles policies
- Managing Exchange recipients
- Managing native Active Directory security
- Using dynamic (rules-based) groups
- Delegating and managing computer resources
- Using Active Roles audit trail and reporting
- Using Active Roles replication
- Customizing the Web Interface
- Unless otherwise indicated, the instructions in this document assume that you are logged on as Active Roles Admin. The Active Roles Admin account is specified when installing the Administration Service, and defaults to the Administrators local group of the computer running the Administration Service.
- You should verify that the Active Roles console is in Advanced view mode: On the View menu, click Mode; then, click Advanced Mode.
Test lab setup
Successful deployment requires thorough testing in a lab environment. When planning your testing, we recommend:
- Designing your lab to reflect your production environment. For example, if your network has multiple sites, then your lab should have multiple sites.
- Having your lab’s number of users and computers be at least two to five percent of the number of users and computers in your production environment.
This section describes how to initially set up your test lab for evaluation purposes: install Active Roles on your computer, connect to the Active Roles Administration Service and register domains with Active Roles.
Preparing a server for Active Roles installation
To perform evaluation, you need a test Active Directory domain with a member server set up and configured. Your server must meet the following hardware requirements:
- 64-bit (x64) processor, 2.0 GHz or faster
- At least 8 GB of RAM
- At least 100 GB of free hard disk space
- Network adapter
- Video adapter and monitor with screen resolution of 1280x800 or higher
- Mouse, or other pointing device
Ensure that you have the following software available:
- Microsoft Windows Server 2012 or a later version of Windows Server
- Active Roles 7.4.3 distribution package
Install the Windows Server operating system on your server, and join the server to your test Active Directory domain.
Then, install the following software on your server:
- Microsoft .NET Framework 4.7.2 (see “Installing the .NET Framework 4.7.2” at http://go.microsoft.com/fwlink/p/?LinkId=257868)
NOTE: You need to install .NET Framework 4.7.2 if the Windows Server version does not include this software as a part of the operating system.
Once you have prepared your server, you are ready to install and configure Active Roles.
Installing and configuring Active Roles
Installing and configuring Active Roles
To install and configure Active Roles for evaluation purposes, you will follow these steps:
- Run Setup, which installs binaries and configures registry settings for Active Roles.
- Run Active Roles Configuration Center, which creates and configures the Active Roles database, Administration Service, and Web Interface.
Setup user account
Ensure that the account that you use to install and configure Active Roles meets the following requirements:
- Domain user account that is a member of the Domain Admins group in your test Active Directory domain
- Member of the Administrators group on your computer intended for installing Active Roles
- SQL login on the SQL Server Express instance that runs on your computer for installing Active Roles
- Member of the sysadmin fixed server role on that SQL Server Express instance