Chat now with support
Chat with Support

Active Roles 7.5 - Whats New

Support for Azure Security Groups

Active Roles 7.5 introduces support for Azure AD Security Groups, allowing you to create, read, update or delete Azure AD Security Groups via the Active Roles Web Interface.

  • For more information on Azure AD Security Groups, see Groups in Microsoft 365 and Azure in the official Microsoft 365 documentation.

  • For more information on how to create, modify or delete an Azure AD Security Group, see Managing Azure Security Groups in the Active Roles 7.5 Administration Guide.

Support for Exchange Online resource mailboxes

You can create, manage and delete room mailboxes in the Active Roles Web Interface. Room mailbox is a type of Exchange Online resource mailbox assigned to a physical location, such as a meeting room. Using room mailboxes that an administrator creates, users can reserve rooms by adding room mailboxes to meeting requests.

For more information, see Managing room mailboxes in the Active Roles Administration Guide.

Enhancements

This Active Roles release includes the following enhancements to the existing features:

Enhancements in the 7.5 release

Azure O365 groups received two enhancements:

  • You can now configure dynamic membership rules for new and existing O365 groups in the Active Roles Web Interface, enabling Active Roles to automatically add or remove members based on the configured attribute-based rules.

    • For more information on setting up a new dynamic O365 group, see Creating a new O365 group in the Active Roles 7.5 Administration Guide.

    • For more information on modifying an existing O365 group to dynamic membership, see Viewing or modifying an O365 group in the Active Roles 7.5 Administration Guide.

  • You can now view the change history of existing O365 groups in the Active Roles Web Interface. For more information, see Viewing the change history of an O365 group in the Active Roles7.5 Administration Guide.

In the Active Roles Web Interface, in Settings, you can now enable Show objects owned by inheritance or secondary ownership. Selecting this check box allows Self-Administration Web Interface users to view objects in My Managed Resources even if the user is not assigned to the objects as the primary owner (manager), but as a secondary or inherited owner.

Previously, administrators had to select this check box every time the Web Interface home page displayed to make My Managed Resources appear for users with secondary or inherited ownership, but now once it is selected, it remains the default setting.

Enhancements in the 7.4.4 release

The Enable SQL auto shrink option in the Connection to Database > Advanced Database Properties page of the Configure Administration Service wizard is now disabled by default, as enabling it may result in performance issues. For more information, see Recommendations and guidelines for setting the AUTO_SHRINK database option in SQL Server in the official Microsoft SQL Server 2008 Enterprise documentation.

Enhancements in the 7.4.3 release

  • New Builtin workflows and scripts are provided for Create Office 365 shared mailbox and Enabling Azure Roles . Initial template scripts are available under script modules that can be configured as per the user requirement for running the workflows.

  • Active Roles now gives provision to Edit or Update exchange or extension properties of the Master account even in the absence of the corresponding shadow account in the Exchange Forest.

  • In-place upgrade and import database process is enhanced with additional configurable option to copy database users, permissions, SQL logins, and roles from the old SQL database to a new database. For more details refer Upgrade section in Active Roles Quick Start Guide.

  • Active Roles now give precedence to Fine-Grained policy over Domain policy while evaluating the User account and password information. The User account information and Account Policies are displayed based on the Fine-Grained policy applied on the container.

  • Active Roles Configuration provides a new setting for enabling or disabling auto-shrink on SQL databases when configuring a new Configuration Database or Management History Database. The new Enable SQL auto shrink option is available in the Connection to Database > Advanced Database Properties page of the Configure Administration Service wizard.

  • Active Roles now allow to use the substitute attribute mail as optional in ERFM policy so that we set different mail ids for master and shadow account.

  • Support for new connectors through Synchronization Service:

    • Oracle Unified Directory Connector

    • Oracle Database User Accounts Connector

    • Oracle Database Connector

    • Micro Focus NetIQ Directory Connector

    • IBM AS/400 Connector

    For details on the new connectors refer Active Roles Synchronization Service Administration Guide.

  • Supports installation of Synchronization Service Management Shell component individually via command prompt. For more details refer How to install Synchronization Service Management Shell in Active Roles Synchronization Service Administration Guide.

  • Builtin Azure policy is enhanced with the additional provisioning of the attribute edsvaAzureOffice365Enabled. This will automatically assign the attribute edsvaAzureOffice365Enabled on the OU on which the Azure policy is applied instead of manual assignment as done in earlier versions of Active Roles.

  • Active Roles now provides support for Modern Authentication while communicating with Exchange Online from the service. The feature now gives the user option to configure Basic or Modern Authentication. By default, Modern Authentication is enabled in Active Roles Synchronization Service and administrators must enable Basic authentication manually.

  • Optimized policy evaluation for Azure license management, Office 365 roles management.

Table 1: New connectors and supported versions
Connectors Supported version

Oracle Database Connector

The computer running Synchronization Service must have the following software installed:

  • Oracle Database version 19C.

Oracle Database User Accounts Connector

The computer running Synchronization Service must have the following software installed:

  • Oracle Database User Accounts version 19.3.

Micro Focus NetIQ Directory Connector

Version 9.2

Oracle Unified Directory Connector

Version 12.2.1.3

IBM AS/400

Version 7 r1

Enhancements in the 7.4.1 release
  • Support for the multiSubnetFailOver feature of MS SQL Server to maximize internal availability.
  • Support for the Security Identity Mappings functionality: Active Roles 7.4 Web interface is enhanced to support the Name Mappings functionality for Active Roles users, similar to the functionality available in Active Directory Users and Computers (ADUC) Snap-in .
  • Workflow enhancements that enable you to add Azure or Office 365 modules in PowerShell and run the Office 365 services such as Skype for Business, Azure AD, Azure RM, AZ, and Sharepoint Powershell scripts within existing Active Roles workflows. For example, you can extend Active Roles capability by adding new Exchange online capability which is not supported in Active Roles out of the box. For more information, see the Office 365 workflows section in the Administration Guide.
  • Support to restrict MMC interface access for a user: On installing Active Roles 7.4 on a computer, any user is enabled to log in to the MMC interface. For security reasons, one more layer of access restriction is added for the MMC interface. You can now set the Active Roles MMC interface user access using the Active Roles Configuration Center.
  • Enhancement of SPML operation to get ObjectSid to retrieve the value in the SID format along with the base64Binary format - In earlier versions of Active Roles, the SPML operation to retrieve properties of an object retrieved the ObjectSID properties in base64Binary format. The current release enables you to retrieve the ObjectSID properties in the SID format also.

  • Creation of OneDrive for Azure AD users using OneDrive Provisioning Policy. Provisioning access to OneDrive for Azure AD users is controlled or restricted by creating a new provisioning policy and applying the policy to the Organizational Unit. Active Roles uses a scheduled task to provision OneDrive for Azure AD users for whom the OneDrive provisioning was not successful during user creation.

  • Configuring secure communication for Active Roles Web interface: By default, Active Roles users connect to the Web interface using HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for the Web interface on local or remote servers.
  • Support to modify the following Exchange Online properties in Synchronized Identity and Federated environments using the Active Roles Web interface. In the previous versions, the Exchange online properties were restricted from modification in Federated and Synchronized Identity environments:
    • Archive mailbox
    • Message records management
    • Mail flow settings
    • Email address
  • Creation and modification of Remote Mailbox for hybrid users
  • Support has been added for the following connectors through the Synchronization Service:
Table 2: New connectors and supported versions
Connectors Supported version

Generic LDAP Connector

Version 3

MY SQL Connector

 MySQL database hosted on MySQL Community Server MySQL 8.0.12

Open LDAP Connector

 Version 3

IBM Db2 Connector

IBM Db2 11.5 Edition for Windows

Salesforce Connector

 Internet access to the data system you want to participate in data synchron-ization operations

Service now Connector

 Internet access to the data system you want to participate in data synchron-ization operations

IBM RACF Connector

Version 1.13 or later. Optionally with LDAPX exit version 2.10 or later

  • Restructured product documentation for Active Roles. Documentation set now consists of the following guides:

    1. Administration Guide

    2. Evaluation Guide

    3. Feature Guide

    4. Predefined Access template Guide

    5. Quick Start

    6. Release Notes

    7. Solutions Guide

    8. Synchronization Service Guide

    9. User's Guide

    10. Web Interface Admin Guide

    11. Web Interface User's Guide

    12. Whats New Guide

    13. Diagnostics Tools Release Notes

    14. How-to Guide

    15. Add-on Manager Readme

    The following guides from earlier releases are deprecated and the content is made available in the documents available for the current release:

    • Management Pack for SCOM

    • Configuration transfer Wizard Guide
    • Exchange Resource Forest Management Guide
    • Skype for Business Guide
    • SPML Guide
    • Azure AD and Office 365 Administration Guide
    • Replication Guide
    • Product Overview Guide

Upgrade issues

The upgrade process of the Administration Service has impact on the following:

  • Replication
  • Custom Solutions
  • Unmanaged domains
  • Add-on components
  • Management history data
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating