Chat now with support
Chat with Support

Active Roles 7.4.3 - Quick Start Guide

Introduction Active Roles Setup package Active Roles uninstallation System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Upgrading the Administration Service

To upgrade Active Roles Administration Service from a version earlier than 6.9 to 7.x, you must first upgrade to version 6.9.

You can upgrade the Administration Service of version 6.9, 7.0, 7.1, 7.2, or 7.3 to version 7.4.

Upgrading the Administration Service implies creation of a new Administration Service instance of the latest version, with the configuration and management history data imported from your Administration Service of an earlier version. As a result, the new Administration Service instance inherits all of your existing Active Roles configuration settings, such as managed domains, managed units, permission assignments, policies, workflows, virtual attributes and so on. By importing management history data, you transfer change history, approval tasks, and temporal group membership tasks from your Administration Service of an earlier version to the new Administration Service instance.

To upgrade the new Administration Service instance from 7.0.x or later to 7.4 perform the following steps:

NOTE: Before upgrading to the latest version of Active Roles, the add-ons of the earlier versions must be uninstalled.

  1. After upgrading the Active Roles package to 7.4, you are prompted to restart the system.
  2. After the system restarts, the Configuration Center opens by default, displaying the Upgrade configuration wizard.

    The fields in the wizard are auto-populated. The database name for Configuration and Management history are suggested, by default. However. if you want to update the database name, click Click here to change or provide existing database names link.

  1. Select the check box on the Upgrade configuration wizard, to confirm that you have read the instructions in the Quick Start guide regarding "Configuring Active Role 7.4 for in-place upgrade" .
  1. Click Next.

    NOTE: If you click Next without selecting the check box, an error is displayed prompting you to follow the instructions given against the check box and select the check box.

    The upgrade starts and the Execution tab displays the Progress bar for the upgrade.

After the database upgrade is complete, the Active Roles Service is automatically started and ready for use.

You can upgrade from Active Roles 7.0.x or later to Active Roles 7.x using in-place upgrade or a new installation of Active Roles with import of database from an earlier version.

Upgrading from Active Roles 6.9 version to 7.x version is a side-by-side upgrade, which does not interrupt operations or affect the configuration of your earlier Active Roles version. To ensure smooth upgrade to the new Active Roles version, you must first upgrade the Administration Service and then upgrade the Web Interface.

If you no longer need the Administration Service of the earlier version, you can uninstall it using Programs and Features in Control Panel: Right-click Administration Service in the list of installed programs, and then click Uninstall.

Install and configure the Administration Service

To create a new Administration Service instance, you first install Administration Service files and then perform initial configuration.

To install the Administration Service files

  1. Log on with a user account that has administrator rights on the computer.
  2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe.
  3. Follow the instructions in the Setup wizard.
  4. On the Component Selection page, ensure that the Administration Service component is selected, and click Next.
  5. On the Ready to Install page, click Install to perform installation.
  6. On the Completion page, select the I want to perform configuration check box, and click Finish.

The Setup wizard only installs the files. After you have completed the Setup wizard, you need to configure the newly installed Administration Service instance by using Active Roles Configuration Center. The Configuration Center opens automatically if you select the I want to perform configuration check box on the Completion page in the Setup wizard. Another way to open Configuration Center is by selecting Active Roles 7.4 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

To perform initial configuration

  1. In Configuration Center, under Administration Service, click Configure.
  2. On the Service Account page in the Configure Administration Service wizard that appears, enter the name and password of the domain user account or the service account details of the Group Managed Service Account to be used as the Administration Service account, and then click Next.
  3. On the Active Roles Admin page, accept the default account, or click Browse and select the group or user to be designated as Active Roles Admin. When finished, click Next.
  4. On the Configuration Database Options page, select the New Active Roles database option, and then click Next.
  5. On the Connection to Database page, specify a SQL Server instance and database name, and select the authentication option:
    1. In the SQL Server box, specify a SQL Server instance in the form <Computer>\<Instance> (for named instance) or <Computer> (for default instance), where <Computer> stands for the short name of the computer running SQL Server. The wizard will create the database on the SQL Server instance you specify.
    2. In the Database box, type a name for the database that will be created.
    3. Under Connect using, select the appropriate authentication option:
      • To have the Administration Service connect to the database using the service account, click Windows authentication.
      • To have the Administration Service connect to the database using a SQL Server login, click SQL Server authentication and type the login name and password.
  6. On the Management History Database Options page in the Configure Administration Service wizard, select the New Active Roles database option, and then click Next.

  7. On the Connection to Database page, perform the the steps a to c for Management history database.

  8. Click Next, and then complete the Encryption Key Backup page as described in Steps to deploy the Administration Service, earlier in this document.
  9. Click Next, and follow the instructions in the wizard to complete the configuration.

Import configuration

After you have installed and initially configured the Administration Service of the new version, import the configuration data from the database used by your Administration Service of the earlier version. To import configurations, you must identify that database. To identify the database:

  1. Open the Active Roles console and connect to your Administration Service of the earlier version (see “Connecting to the Administration Service” in the Active Roles Administration Guide).
  2. Select the console tree root, and then, on the page in the details pane, expand the Configuration Databases and Replication area.

    You can identify the database name and SQL Server name from the first string in the Configuration Databases and Replication area that has the following format: Database <name> on SQL Server <name>.

After identifying the database, perform the import using the Import configuration wizard provided by Configuration Center. On the Source database page in the Import configuration wizard, supply the database name and SQL Server name that you have identified. For detailed instructions, see Steps to deploy the Administration Service earlier in this document.

NOTE: When an import configuration is performed from Active Roles version 7.0 to 7.4, the Web interface does not get upgraded. However, the Configuration Center or any client report the Active Roles Web interface version incorrectly as 7.4. To upgrade the Web interface to the latest version see Upgrading the Web Interface.

Import management history

After you have imported configuration of your earlier Active Roles version, import the management history data from the database used by your Administration Service of the earlier version. First, identify that database:

  1. Open the Active Roles console and connect to your Administration Service of the earlier version (see “Connecting to the Administration Service” in the Active Roles Administration Guide).
  2. Select the console tree root, and then, on the page in the details pane, expand the Management History Databases and Replication area.

    Identify the database name and SQL Server name from the first string in the Management History Databases and Replication area that has the following format: Database <name> on SQL Server <name>.

After identifying the database, perform the import. You can do this using the Import Management History wizard provided by Configuration Center. On the Source database page in the Import Management History wizard, supply the database name and SQL Server name you have identified. For detailed instructions, see Steps to deploy the Administration Service earlier in this document.

Upgrade in case of shared database

If multiple instances of the Administration Service use a single database, then you can perform the upgrade as follows:

  1. Upgrade one of the Administration Service instances as described earlier (see Upgrading the Administration Service).

    As a result of this step, you have an Administration Service instance of the new version connected to the new database containing the data imported from the old database. The other instances of the Administration Service are not upgraded at this point; they continue to use the old database.

  1. Now that you have the database of the new version, you can upgrade the remaining instances of the Administration Service, one by one.
  2. In the Configure Administration Service wizard, select the Existing Active Roles database option on the Configuration Database Options page, and then, on the Connection to Database page, specify the database created during upgrade of the first Administration Service instance. You need not import configuration as the database already has that data imported.
  3. In the Configure Administration Service wizard, select the Existing Active Roles database option on the Management History Database Options page, and then, on the Connection to Database page, specify the database created during upgrade of the first Administration Service instance. You need not import the management history as the database already has that data imported.

As a result of these steps, multiple Administration Service instances of the new version use a single database updated with the configuration and management history data of your earlier Active Roles version.

Upgrading the Web Interface

You can upgrade the Web Interface of version 7.0, 7.1, 7.2, or 7.3 to version 7.4.x.

Upgrading the Web Interface implies creation of a new Web Interface instance of the latest version that has the same Web Interface sites as your Web Interface of an earlier version, with the site configuration data imported from your Active Roles configuration of the earlier version. As a result, the new Web Interface sites inherit all customizations that were made to the menus, commands, forms, and other elements of your Web Interface sites of the earlier version.

When an import configuration is performed from Active Roles version 7.3 to 7.4, the web interface does not get upgraded. However, the Configuration Center or any client report the Active Roles Web interface version incorrectly as 7.4. To upgrade the Web interface to the latest version see Upgrading the Web Interface.

Creating Web interface sites and importing configuration

To create a new Web interface instance of the latest version and import the site configurations perform the following steps:

  1. For each Web Interface site of your earlier Active Roles version, identify and note down the name of the configuration object that the Administration Service uses to store the site’s configuration data.
  2. Install and configure the Web Interface instance of the latest Active Roles version, choosing the new Administration Service to which you have imported configuration of your earlier Active Roles version (see Upgrading the Administration Service earlier in this document).
  3. On the new Web Interface instance that you installed and configured in Step 2, create sites based on information you noted down in Step 1, importing data from the configuration objects used by your earlier Web Interface version. Those configuration objects were copied to the new Administration Service during configuration data import (see Upgrading the Administration Service earlier in this document).
  4. Optionally, delete the default sites that were created when you configured the Web Interface in Step 2. The default sites are unaware of your existing site customizations, and have the default configuration of menus, command, forms and other elements.

These steps are covered in the topics that follow.

You can install the Web Interface of version Active Roles side-by-side with the Web Interface of version 6.9 on the same computer, and perform the upgrade without interrupting operations or affecting the configuration of your Web Interface sites of the earlier Active Roles version.

If you no longer need the Web Interface of the earlier version, you can uninstall it using Programs and Features in Control Panel: Right-click Web Interface in the list of installed programs, and then click Uninstall.

Identify configuration objects

When creating Web Interface sites of the new Active Roles version, you need to know which configuration objects are used by your Web Interface sites of the earlier version. Each site stores its configuration in a certain object on the Administration Service, referred to as the site configuration object. Upgrade of the Administration Service copies the existing site configuration objects to the new Administration Service, retaining the name of each object.

To create a Web Interface site of the new Active Roles version that inherits your existing site customizations, you need to specify the name of the corresponding site configuration object of the earlier version. Then, Active Roles creates a site configuration object of the new version, imports the site configuration data to that object, and causes the new Web Interface site to use that object. As a result, the new Web Interface site has the same configuration as the Web Interface site of the earlier version.

To identify the configuration object of the Web Interface site of an earlier Active Roles version

  1. On the Web server running your Web Interface of the earlier Active Roles version, start the Web Interface Sites Configuration wizard.

    To start the wizard, select Web Interface Sites Configuration on the Apps page or Start menu, depending upon the version of the Windows operating system on the Web server.

  1. Proceed to the Web Interface Configuration page in the Web Interface Sites Configuration wizard.

    The page lists your Web Interface sites of the earlier Active Roles version.

  1. On the Web Interface Configuration page, click the list item representing the desired site, and then click the Edit button.

    You can distinguish sites by alias, shown in the Virtual Directory column on the Web Interface Configuration page. The alias defines the virtual path used in the address of the Web Interface site on the Web server.

  1. Note down the name of the site’s configuration object shown in the Configuration settings area of the dialog box that appears.

    The name of the object is displayed in the Name box under the Use existing configuration option, and includes the version number.

  1. Click Cancel to close the dialog box.

 

To identify the configuration object of the Web Interface site of the current Active Roles version

  1. Start the Configuration Center on the computer running the Administration Service instance on which you want to identify the web interface sites.

    You can start Configuration Center by selecting Active Roles 7.4 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

  2. On the Configuration Settings main window, on the left pane, click Web Interface.

    The Web Interface page is displayed, which lists the Web Interface sites of the current Active Roles version that are deployed on the Web server running the Web Interface.

    For each Web Interface site, the list provides the following information:

    • IIS Web site The name of the Web site that holds the Web application implementing the Web Interface site
    • Web app alias The alias of the Web application that implements the Web Interface site, which defines the virtual path of that application on the Web server.
    • Configuration Identifies the object that holds the Web Interface site’s configuration and customization data on the Active Roles Administration Service.

  3. From the Web Interface page, you can open Web Interface sites in your Web browser:
    1. Click an entry in the list of Web Interface sites.
    2. Click Open in Browser on toolbar.

You can also use Configuration Center to:

  • Create, modify or delete Web Interface sites
  • Export a Web Interface site’s configuration object to a file

For more information, see the Web Interface management tasks section in the One Identity Active Roles Administration Guide.

Identify the configuration object for each of your existing Web Interface sites, and note down the name of each object. You will need these names when creating the Web Interface sites of the new Active Roles version.

Install and configure the Web Interface

To create a new Web Interface instance, you first install Web Interface files and then perform initial configuration.

To install the Web Interface files

  1. Log on with a user account that has administrator rights on the computer.
  2. Navigate to the location of the Active Roles distribution package, and start the Setup wizard by double-clicking ActiveRoles.exe.
  3. Follow the instructions in the Setup wizard.
  4. On the Component Selection page, ensure that the Web Interface component is selected, and click Next.
  5. On the Ready to Install page, click Install to perform installation.
  6. On the Completion page, confirm that the I want to perform configuration check box is selected, and click Finish.

The Setup wizard only installs the files. After you have completed the Setup wizard, you need to configure the newly installed Web Interface instance by using Active Roles Configuration Center that opens automatically if you select the I want to perform configuration check box on the Completion page in the Setup wizard. Another way to open Configuration Center is by selecting Active Roles 7.4.3 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

To perform initial configuration

  1. In Configuration Center, under Web Interface, click Configure.

    This starts the wizard that will perform initial configuration of the Web Interface.

  1. On the Administration Service page, specify the new Administration Service instance created during upgrade (see Upgrading the Administration Service earlier in this document).

    If the new Administration Service instance runs on the computer on which you are installing the new Web Interface, choose the option Administration Service on the computer running the Web Interface. Otherwise, choose the option Administration Service on this computer, and supply the fully qualified domain name of the computer running the new Administration Service instance.

  1. Click the Configure button, and wait while the wizard completes the configuration.

Create sites based on old configuration objects

After you have installed and configured the Web Interface instance of the new Active Roles version, you can use Configuration Center to create Web Interface sites of the new version, importing site configuration data from the configuration objects used by your existing Web Interface sites of the earlier Active Roles version (see Upgrading the Web Interface earlier in this document). As a result, the new Web Interface sites will inherit all customizations that were made to the menus, commands, forms and other elements of your Web Interface sites of the earlier version.

To create a Web Interface site based on an old configuration object

  1. Open Configuration Center.

    You can open Configuration Center by selecting Active Roles 7.4.3 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

  1. In the Configuration Center main window, under Web Interface, click Manage Sites.
  2. On the Sites page, click Create.
  3. On the Web Application page in the Create Web Interface Site that appears, choose the IIS Web site to contain the Web application that implements the Web Interface site, and specify an alias for that application.

    The alias defines the virtual path that is a part of the Web Interface site’s address. You can view the resulting address on the Web Application page.

  1. Click Next to proceed to the Configuration page.
  2. From the list on the Configuration page, select the Import from an existing configuration option.
  3. Complete the fields on the Configuration page:
    1. In the Configuration name field, supply the name of the configuration object for the new Web Interface site. You can accept the default name.
    2. The wizard will create a configuration object with the specified name, and import configuration data to that object.
    3. From the list in the Configuration to import box, select the name of the configuration object from which to import the configuration data.

    This must be the name of the configuration object used by one of your existing Web Interface sites of the earlier Active Roles version (see Upgrading the Web Interface earlier in this document).

  1. Click the Create button, and wait while the wizard creates the new Web Interface site.

Perform these steps for each of your Web Interface sites of the earlier version, selecting the appropriate object name in Step 7b.

Delete default sites

After you have created the Web Interface sites of the new version that inherit the configuration of your Web Interface sites of the earlier version, you might delete the default Web Interface sites that were created by initial configuration of the Web Interface (see Upgrading the Web Interface earlier in this document).

To delete the default Web Interface sites

  1. Open Configuration Center.

    You can open Configuration Center by selecting Active Roles 7.4.3 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.

  1. In the Configuration Center main window, under Web Interface, click Manage Sites.
  2. On the Sites page, identify list entries representing default Web Interface sites, and use the Delete button to delete them one by one.

    You can distinguish list entries representing default Web Interface sites by the name in the Configuration column:

  • Site for Administrators (7.4.3) indicates the default site for administrators
  • Site for HelpDesk (7.4.3) indicates the default site for Help Desk
  • Site for Self-Administration (7.4.3) indicates the default site for self-administration

Upgrading other components

This section covers upgrade options for the following components of Active Roles:

  • Console (MMC Interface)
  • Management Shell
  • ADSI Provider
  • SDK
  • Collector and Report Pack
  • Synchronization Service

Upgrade of the Active Roles console

You can install the Active Roles console of version 7.4.3 side-by-side with the Active Roles console of version 6.9, on the same computer. Alternatively, you can install the new console on a different computer. For installation instructions, see Steps to install the console earlier in the document.

To upgrade from Active Roles console of version 7.x to the latest Active Roles version, perform an in-place upgrade or a new installation with import configuration from the earlier Active Roles version. In case of an in-place upgrade, the Active Roles console is upgraded automatically to the console of latest version of Active Roles.

If you no longer need the console of version 6.9 or earlier, you can uninstall it using Programs and Features in Control Panel: Right-click MMC Interface in the list of installed programs, and then click Uninstall.

Upgrade of the Shell, ADSI Provider and SDK

The Active Roles Management Shell, ADSI Provider and SDK of version 7.4.3 are packaged into a single component referred to as management tools. You can install management tools side-by-side with Active Roles version 6.9, on the same computer. Alternatively, you can install management tools on a different computer. Active Roles Setup installs management tools by default. You can install management tools without installing other components (see Steps to install only the Shell, ADSI Provider and SDK earlier in this document).

To upgrade from Active Roles Management Shell, ADSI Provider and SDK of version 7.x to the latest Active Roles version, perform an in-place upgrade. In case of an in-place upgrade, the Active Roles Management Shell, ADSI Provider and SDK is upgraded automatically to the components of the latest version of Active Roles.

If you no longer need the Management Shell that ships with Active Roles 6.9, you can uninstall it using Programs and Features in Control Panel: Right-click Management Shell in the list of installed programs, and then click Uninstall. Note that the Administration Service requires the Management Shell. Do not uninstall the earlier version of Management Shell from the computer running the Administration Service of version 6.9.

The Active Roles SDK is packaged as a feature of the Administration Service installation. You can uninstall it by using the Administration Service Setup wizard in maintenance mode: In Programs and Features, right-click Administration Service, and then click Change to start the Setup wizard. On the Select Features page in the wizard, choose the option to remove the SDK and Resource Kit feature.

The Active Roles ADSI Provider of version 6.9 is normally installed together with any of the Active Roles core components, such as the Administration Service, Web Interface or MMC Interface, and is removed once you have uninstalled the core components.

Upgrade of Collector and Report Pack

The Active Roles reporting components should be upgraded in the following order:

  • Collector
  • Report Pack
  • Collector’s database
Collector

To upgrade, first uninstall your earlier version of Collector and then install the new version. You can uninstall Collector by using Programs and Features in Control Panel. Once you have uninstalled your earlier version of Collector, install the new version. For installation instructions, see Steps to install Collector and Report Pack earlier in this document.

Report Pack

To upgrade, first uninstall your earlier version of the Report Pack and then install the new version. The Report Pack should be uninstalled on the computer that was initially used to install the Report Pack. You can uninstall the Report Pack by using Programs and Features in Control Panel.

Once you have uninstalled your earlier version of the Report Pack, deploy the new version. For instructions, see Steps to install Collector and Report Pack earlier in this document.

Collector’s database

The new version of the Report Pack is incompatible with the database of an earlier Collector version. To create reports based on the events held in that database, you need to import the events to the database of the new Collector version, and then specify the database of the new Collector version as the data source for the reports of the new Report Pack version. For instructions on how to configure the data source, see “Working with reports” in the Active Roles Administration Guide.

To import events from the database of an earlier Collector version

  1. Start the Collector wizard.

    You can start the Collector wizard by selecting Active Roles 7.4.3 Collector and Report Pack on the Apps page or Start menu, depending upon the version of your Windows operating system.

  1. On the Select Task page, click Import events from an earlier database version, and then click Next.
  2. On the Source database page, click Specify, and supply the name and SQL Server of the database used by your Collector of an earlier version. Click Next.
  3. On the Target Database page, click Specify, and supply the name and SQL Server of the database used by your Collector of the current version.
  4. Click Next, and wait while the wizard performs the import.
Synchronization Service

If you have synchronization workflows configured and run by Quick Connect (predecessor of Synchronization Service), or earlier versions of Synchronization Service, then you can transfer those synchronization workflows to Active Roles and have them run by Synchronization Service.

You can transfer synchronization workflows from the following Quick Connect or Synchronization Service versions:

  • Quick Connect Sync Engine 5.2.0, 5.3.0, 5.4.0, 5.4.1, or 5.5.0
  • Quick Connect Express for Active Directory 5.3.0, 5.4.0, 5.4.1, 5.5.0, or 5.6.0
  • Quick Connect for Cloud Services 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.6.1, 3.6.2, or 3.7.0
  • Quick Connect for Base Systems 2.2.0, 2.3.0, or 2.4.0
  • Synchronization Service 7.0, 7.1, 7.2, or 7.3

Performing a pilot deployment

In a large enterprise environment, a pilot project may need to be conducted before upgrading to the new Active Roles. In a pilot project, you deploy components of the new version in your production environment side-by-side with the existing installation of the components you are going to upgrade, evaluate the results, and fix problems.

Normally, a pilot project is conducted with a small group of users in the production environment where select individuals perform particular tasks using the new Active Roles version. This demonstrates that the new version works as expected and that it meets the organization’s requirements.

A pilot project is a deployment of the new Active Roles version to a subset of the user group. Those who do not participate in the pilot project perform their regular, daily work using the earlier Active Roles version. This requires that the earlier version be up and running in the production environment side-by-side with the pilot deployment.

When the pilot project is deemed successful and ready for production, you can upgrade your existing production components to the new version.

Deploying a pilot project involves the following steps:

  1. Deploying the pilot Administration Service  Deploy an instance of the Administration Service of the new Active Roles version, and update that instance with the configuration data from the database used by your production Administration Service of the earlier Active Roles version.
  2. Deploying the pilot Web Interface  Deploy an instance of the Web Interface of the new Active Roles version so that the new instance uses the Administration Service you deployed in the previous step, and create the Web Interface sites on that Web Interface instance by importing the configuration data used by your production Web Interface sites of the earlier Active Roles version.
  3. Installing the console  Install the Active Roles console of the new version.

These steps are discussed in the sections that follow.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating