Chat now with support
Chat with Support

Active Roles 7.4.3 - Release Notes

Release Notes

One Identity Active Roles 7.4.3

Release Notes

October 2020

These release notes provide information about the One Identity Active Roles release.

About this release

About One Identity Active Roles 7.4.3

NOTE: If you are currently utilizing the Office 365 Add-on, uninstall the add-on before performing the Active Roles upgrade to version 7.4.3. For more information regarding the changes to Office 365 support see Impact on Office 365 add-on.

Before proceeding with the upgrade ensure to perform a database backup.

Active Roles (formerly known as ActiveRoles®), provides out-of-the-box user and group account management, strictly enforced administrator-based role security, day-to-day identity administration and built-in auditing and reporting for Active Directory and Azure Active Directory (AD) environments. The following features and capabilities make Active Roles a practical solution for secure management of objects in Active Directory and Active Directory-joined systems:

  • Secure access  Acts as a virtual firewall around Active Directory, enabling you to control access through delegation using a least privilege model. Based on defined administrative policies and associated permissions generates and strictly enforces access rules, eliminating the errors and inconsistencies common with native approaches to AD management. Plus, robust and personalized approval procedures establish an IT process and oversight consistent with business requirements, with responsibility chains that complement the automated management of directory data.
  • Automate object creation  Automates a wide variety of tasks, including:
    • Creating user, groups, and contacts in Active Directory and Azure AD
    • Creating mailboxes on Exchange Server and assigning licenses in Office 365
    • Managing on-premise Exchange and Exchange Online properties
    • Provisioning objects in SaaS products

    Active Roles also automates the process of reassigning and removing user access rights in AD and AD-joined systems (including user and group deprovisioning) to ensure an efficient and secure administrative process over the user and group lifetimes. When a user’s access needs to be changed or removed, updates are made automatically in Active Directory, Azure AD, Exchange, Exchange Online, SharePoint, Skype for Business, and Windows, as well as any AD-joined systems such as Unix, Linux, and Mac OS X.

    NOTE: Mailboxes can be created only for Users, enabling mailbox for a Contact is not allowed.

  • Day-to-day directory management  Simplifies management of:
    • Exchange recipients, including mailbox assignment, creation, movement, deletion, permissions, and distribution list management
    • Groups
    • Computers, including shares, printers, local users and groups
    • Active Directory, Azure AD, Exchange Online and AD LDS

    Active Roles also includes intuitive interfaces for improving day-to-day administration and help desk operations via both an MMC snap-in and a Web interface.

  • Manage users, groups, and contacts in a hosted environment  Provides Synchronization Service to operate in hosted environments where accounts from client AD domains are synchronized with host domains. Active Roles enables user, group, and contact management from the client domain to the hosted domain, while also synchronizing attributes and passwords.
  • Consolidate management points through integration  Complements your existing technology and identity and access management strategy. Simplifies and consolidates management points by ensuring easy integration with many One Identity products and Quest products, including One Identity Manager, Privileged Password Manager, Authentication Services, Defender, Password Manager, ChangeAuditor, and GPO Admin. Active Roles also automates and extends the capabilities of PowerShell, ADSI, SPML and customizable Web interfaces.

Active Roles 7.4.3 is a service pack release, with new features and functionality. See New features for details.

Supported platforms

Active Roles 7.4.3 introduces the following changes to system requirements from those for Active Roles 6.9.0:

  • Windows Server 2012 or a later version of the Windows Server operating system is required to run the Administration Service or Web Interface.
  • The following SQL Server versions are supported: Microsoft SQL Server 2012, 2014, 2016, and 2017.
  • You can use Active Roles to manage Exchange recipients on Exchange Server 2019, 2016, 2010, or 2013.

    NOTE: Microsoft Exchange 2013 CU11 is no longer supported. Refer KB article 202695.

  • To manage Exchange recipients on Exchange Server 2010, Active Roles no longer requires the Exchange 2010 Management Tools on the computer running the Administration Service.
  • Internet Explorer 7, 8, 9, and 10 are no longer supported for the Web Interface access. You can use the following Web browsers to access the Web Interface: Internet Explorer 11; Google Chrome; Mozilla Firefox; Microsoft Edge on Windows 10.
  • Web Interface is optimized for screen resolutions of 1280 x 800 or higher. The minimum supported screen resolution is 1024 x 768.
  • Active Roles console requires Internet Explorer 11.

See also System requirements.

New Features

The new release of Active Roles extends and enhances the capabilities of the product .

Major new features in Active Roles Version 7.4.3:

  • Support for multiple Azure tenants.
  • Support for Modern Authentication.

    NOTE: Modern authentication for exchange online properties is included as a preview feature in this release. The feature is tested and included in the product as a supple-ment to Basic authentication. One Identity reserves the right to provide limited support to this feature as defined in the One Identity Support Guide.

Major new features in Active Roles Version 7.4.1:

  • Additional Hybrid Directory features:
    • Support for Office 365 Group CRUD activities.

    • Support for Office 365 roles and reporting for Office 365 users.

    • Support for Exchange Online Mailbox Properties for Office 365 users in Federated and Synchronized environment.

  • Support for provisioning objects in SaaS products.

  • Separate configuration and management history databases during installation or in-place upgrade, confirming to Microsoft standards and best practices for replication.

  • Support for Azure AD Graph 1.6 for Active Roles Synchronization Services.

  • Use of Group Managed Service Account (gMSA) for Active Roles Service account.

  • Bulk attribute operations for multiple users.

  • Reset the password for multiple users at one time.

  • Solution Intelligence for Active Roles.

  • Log in to MMC interface through 2FA authentication.

  • Support for Transport Layer Security (TLS) 1.2 in Synchronization Service.

  • Support for remote mailbox creation and modification.

    NOTE: The ‘Remote mailbox migration (RemoteMailbox.ps1)’ script has been provided as a sample script only, to illustrate the steps required, and should not be used as-is in a production situation without modification and enhancement. The use of security credentials within a script in clear text should never be considered appropriate or secure. In testing this script, care and consideration should be given to the authentication and use of credentials, and clear text credentials should not be left in the script once testing is complete. For more details refer the KB article:

  • Support for Federated authentication feature.

  • Support to provide product feedback from the Web Interface.

See also Resolved issues.


Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating