Chat now with support
Chat with Support

Active Roles 7.4.3 - Quick Start Guide

Introduction Active Roles Setup package Active Roles uninstallation System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Installing additional components

In addition to the Administration Service, MMC Interface and Web Interface, Active Roles allows you to install the following components:

  • Active Roles Management Shell  Provides commands based on the Windows PowerShell platform for managing users, group, computers and other objects in Active Directory via Active Roles; administering certain Active Roles objects; and configuring Active Roles Administration Service instances and Web Interface sites.
  • ADSI Provider  Enables custom applications and scripts to access directory data via Active Roles by using standard COM interfaces. Documentation for ADSI Provider can be found in the Active Roles SDK.
  • Active Roles SDK  Provides developers with documentation and samples to help them customize Active Roles by creating custom client applications and user interfaces, and implementing business rules and policies based on custom scripts.
  • Collector  Gathers data required for reporting. Retrieves data from specified data sources through the Administration Service, and stores the data on SQL Server.
  • Report Pack  A comprehensive suite of report definitions that cover various administrative actions available in Active Roles.

Steps to install only the Shell, ADSI Provider and SDK

Active Roles Management Shell, SDK and ADSI Provider are collectively referred to as management tools. On the Component Selection page, the Active Roles Setup wizard selects the Management Tools component if you have selected any core component such as Administration Service, Console (MMC Interface) or Web Interface. This means that Setup installs the Shell, SDK and ADSI Provider together with any core component. However, it is possible to install solely the Shell, SDK and ADSI Provider by selecting the Management Shell component only.

To install only the Shell, SDK and ADSI Provider

  1. Log on with a user account that has administrator rights on the computer.
  2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe.
  3. Follow the instructions in the Setup wizard.
  4. On the Component Selection page, clear all check boxes except the Management Tools check box, and then click Next.
  5. On the Ready to Install page, click Install to perform installation.
  6. On the Completion page click Finish.

Once you have installed the management tools, you can open Management Shell or view SDK topics (including documentation for ADSI Provider). Depending upon the version of your Windows operating system, select the following on the Apps page or Start menu:

  • To open Management Shell, select Active Roles 7.4.3 Management Shell
  • To view SDK topics, select Active Roles 7.4.3 SDK

After you have opened Management Shell, you can view a reference manual by typing QuickRef. The manual contains documentation for all commands provided by Management Shell.

Steps to install Collector and Report Pack

Active Roles comes with a comprehensive suite of report definitions, contained in the Active Roles Report Pack. To work with reports, you need to:

  • Install the Active Roles Collector
  • Use the Collector wizard to deploy the Report Pack

Installing Collector

The Active Roles Collector is used to prepare data for reporting, allowing you to configure, schedule, and run data collection jobs. Collector stores report data in a database on SQL Server. For best results, use Microsoft SQL Server 2012 or a later version of SQL Server to host the Collector’s database.

To install the Collector

  1. Install Active Roles Management Tools. For installation instructions, see Steps to install only the Shell, ADSI Provider and SDK earlier in this document.
  2. In the Active Roles distribution package, navigate to the Solutions/Collector and Report Pack folder, and double-click the .msi file held in that folder.
  3. Follow the instructions in the Setup wizard.
  4. Wait while the wizard completes the installation.

Once you have installed Collector, you can start the Collector wizard by selecting Active Roles 7.4.3 Collector and Report Pack on the Apps page or Start menu, depending upon the version of your Windows operating system.

Deploying Report Pack

Report Pack requires Microsoft SQL Server Reporting Services (SSRS). Make sure that you have SSRS deployed in your environment. When deploying Report Pack, the Collector wizard prompts you for the address (URL) of the Report Server Web service. You can find this address on the Web Service URL page in the Reporting Services Configuration Manager tool on the server where SSRS is installed.

To deploy the Report Pack

  1. Start the Collector wizard.

    You can start the Collector wizard by selecting Active Roles 7.4.3 Collector and Report Pack on the Apps page or Start menu, depending upon the version of your Windows operating system.

  1. On the Select Task page, click Deploy reports to Report Server, and then click Next.
  2. On the Report Server page, type the URL of your SSRS Report Server in the Report Server Web Service URL box. Click Next.

    By default, the URL is http://<serverName>/ReportServer. You can use the Reporting Services Configuration Manager tool to confirm the server name and URL. For more information about URLs used in Reporting Services, see the topic “Configure Report Server URLs (SSRS Configuration Manager)” at http://msdn.microsoft.com/library/ms159261.aspx.

  1. Optionally, on the Data Source page, configure the data source for the Active Roles reports:
    1. Click the Configure Data Source button.
    2. Use the Configure Data Source dialog box to specify the SQL Server instance that hosts the database you have prepared by using Collector, the name of the database, and the authentication method to use for connection to the database.

    Configuring the data source is an optional step. If you do not have a database prepared by Collector, you can configure the data source later, after you have deployed the Report Pack. For instructions, see “Working with reports” in the Active Roles Administration Guide.

  1. Click Next and wait while the wizard deploys the Report Pack.

You can create and view Active Roles reports using Report Manager, a Web-based tool included with SSRS. For instructions, see “Generating and viewing a report” in the Active Roles Administration Guide.

Upgrade of an earlier version

You can upgrade from Active Roles 7.0.x or later to Active Roles 7.x using one of the following methods:

  • In-place upgrade - Install the latest version of Active Roles on the computer without removing the earlier version.
  • New installation with import of database from earlier version - Install the latest version of Active Roles and import the database from the earlier version of Active Roles.

NOTE:

  • To perform a clean installation of Active Roles 7.4, uninstall Active Roles 7.x before installing Active Roles 7.4.
  • Active Roles supports selection of custom installation path only during a fresh installation. During an in-place upgrade, Active Roles does not support changing the custom installation path.

For information on importing configuration data from database of earlier version of Active Roles, see Import Configuration under Upgrading the Administration Service.

NOTE: Before upgrading to the latest version of Active Roles, the add-ons of the earlier versions must be uninstalled.

Upgrading from Active Roles 6.9 version to 7.x version is a side-by-side upgrade, which does not interrupt operations or affect the configuration of your earlier Active Roles version. To ensure smooth upgrade to the new Active Roles version, you should first upgrade the Administration Service and then upgrade the Web Interface.

Active Roles 6.x components are not used in the upgrade and neither are any components from the earlier version uninstalled.

IMPORTANT:

  • During the in-place upgrade, importing from source database (Configuration and Management History database), the following database permissions from the previously used SQL database are automatically migrated to the new SQL database:
    • Migrate database users

    • Migrate permissions of above migrated users.

    • Migrate SQL logins mapped to ARS database users

    • Migrate Roles

      The service account that is used for performing in-place upgrade or Import operation and migrating the above mentioned operations should have sufficient privileges in the SQL Server to perform the operation.

  • By default, during Import configuration process, the roles, permissions, users, and logins are imported to the target database and the checkbox is enabled. You can also clear the Copy database users, permissions, logins, and roles option from Import configuration | Source database | Configure advanced database properties.

  • By default, during Import Management History process, the database users, permissions, logins, and roles are imported to the target database and the checkbox is enabled. You can also clear the Copy database users, permissions, logins, and roles option from Import Management History| Source database | Configure advanced database properties.
  • By default, during in-place upgrade, the Copy database users, permissions, logins, and roles option is enabled on the Upgrade configuration window. You also have the option to clear the checkbox.

Impact on Office 365 add-on

After an upgrade of Active Roles components to the Active Roles 7.4, the Office 365 add-on which was supported in the earlier versions of Active Roles, ceases to work. Hence, it is recommended to uninstall the Office 365 add-on prior to the upgrade of Active Roles.

NOTE:

  • Office 365 add-on is not supported on Active Roles 7.4 and must be uninstalled prior to the installation of Active Roles 7.4
  • Active Roles 7.4 manages Office 365 and Azure AD natively. However, Active Roles 7.4 does not support the following feature of Office 365 add-on that was supported in earlier versions of Active Roles:
    • Ability to manage and select Office 365 domains through policies.

Upgrading to Active Roles 7.4 from 7.0.x or later using in-place upgrade method

To upgrade existing Active Roles 7.0.x or later version to the latest version, perform the following steps.

NOTE: One Identity recommends to approve all pending approval activities before performing the in-place upgrade.

To upgrade the Active Roles package using in-place upgrade

  1. Log on with a user account that has administrator rights on the computer.
  2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe.
  3. Follow the instructions in the Setup wizard.
  4. On the Ready to Upgrade page, click Upgrade to perform upgrade.
  5. On the Completion page, click Finish.

NOTE: After upgrading the Active Roles package to 7.4, perform Configuring Active Roles 7.4 during in-place upgrade.

IMPORTANT:

  • By default, during in-place upgrade, the Copy database users, permissions, logins, and roles option is enabled on the Upgrade configuration window. You also have the option to clear the checkbox.

Configuring Active Roles 7.4 during in-place upgrade

NOTE: By default, during in-place upgrade, the Copy database users, permissions, logins, and roles option is enabled on the Upgrade configuration window. You also have the option to clear the checkbox.

The following steps describe the in-place upgrade scenario for Active Roles 7.4

  1. After upgrading the Active Roles package to 7.4, you are prompted to restart the system.
  2. After the system restarts, the Configuration Center opens by default, displaying the Upgrade configuration wizard.

    As part of this upgrade, Active Roles creates new databases with default names. The Upgrade configuration wizard displays the new databases information.

    Optional step: To change the default names of the new databases, click Click here to change or provide existing database names.

  3. On the Upgrade configuration wizard, select the check box to confirm that you have read the instructions in the Quick Start guide regarding "Configuring Active Roles 7.4 for in-place upgrade" .
  4. The Azure Tenant association page displays the lists of configured Azure tenants in the source database and options for association.

    The Azure Tenant association section notifies you to select an Azure tenant from the drop-down list of the Azure tenants configured in the source database, and the selected Azure tenant is associated with all Azure objects in the destination database. You can also choose to Run Azure Tenant association immediately or Schedule Azure Tenant association, where you select the date and time from the Calendar to run the Azure tenant association.

    NOTE:

    • This page is visible only if the Azure tenants association are present in the source database.
    • If Azure Tenant association is scheduled at a certain time and the upgrade/import operation is still in progress or completes after the Azure Tenant association scheduled time, the tenants are not associated. You have to run the built-in scheduled task Update Azure Objects Associated Tenant Id from the Active Roles console to manually associate the Azure Tenants.
    • Alternatively, Azure Tenant association can be run at any time using the template workflow Update Azure Objects Associated Tenant Id available in the Built-in Workflow Container. The parameter in the script used by the workflow can be configured with the required tenant ID. You can use the drop-down to select a default Azure Tenant from the list of available Azure Tenants. The script used by the workflow can be modified to Search Azure objects based on the requirement.

  5. The Services association page allows you to configure the Administration services for executing Dynamic Groups, Group Families, and Scheduled tasks from the drop-down list.

    The available options in the drop-down list are This Server and Other, where choosing Other allows to specify any other Administration Service in a fully qualified domain name (FQDN) format. If the value is empty, then the current administration service is used.

    NOTE: Services association does not update certain scheduled tasks, For example, scheduled tasks that cannot be edited (Managed Object Counter) or scheduled tasks that are set to All servers option.

    You can choose to run the Services association immediately or schedule Services association.

    NOTE: If Services association is scheduled at a certain time and the upgrade/import operation is still in progress or completes after the Services association scheduled time, the services are not associated. You have to run the built-in scheduled task Update Services To ExecuteOn from the Active Roles console to manually associate the Services.

    To ensure Dynamic Groups, Group Families, and Scheduled tasks continue to function after an import the installation configures the new Active Roles server as the executing server for the tasks mentioned above. The configuration mentioned here runs after an upgrade.

    NOTE: Alternatively, Services association can be performed any time using the template workflow Update Services To Execute On available in the built-in Workflow Container. The parameters in the script used by the workflow can be configured to the required administration services, such as, Dynamic Group Service, Group Family Service, Scheduled Task Service. You can select the administration service from the drop-down list. The drop-down list displays all the currently running administration services that are connected to the current configuration database. If the parameter value is not selected, then the current administration service is used.

  1. Click Next.

    NOTE: If the disk space in SQL server is insufficient, then an error is displayed prompting you to increase the disk space.

    In case of any errors during the in-place upgrade, you must resolve the errors and re-open the Configuration Center to continue the in-place upgrade.

    The upgrade starts and the Execution tab displays the Progress bar for the upgrade.

After the database upgrade is complete, the Active Roles Service is automatically started and ready for use.

NOTE: To upgrade multiple Active Roles Service instances, log in to the individual systems where Active Roles Service was upgraded, and perform the in-place upgrade steps for each Service.

Compatibility of Active Roles components

The new Administration Service is only compatible with the Active Roles user interfaces (Web Interface and console) of version 7.4. Earlier versions of the user interfaces may not work with the new Administration Service. The user interfaces of Active Roles 7.4.3 are only compatible with the Administration Service of version 7.4.3. Therefore, to use the Active Roles console or Web Interface of version 7.4.3, you must first upgrade the Administration Service.

Impact on custom solutions

An upgrade of Active Roles may affect custom solutions (such as scripts or other modifications), if any, that rely on the Active Roles functions. Custom solutions that work fine with an earlier Active Roles version may cease to work after the upgrade. Prior to attempting an upgrade, you should test the existing solutions with the new Active Roles version in a lab environment to verify that the solutions continue to work.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating