Chat now with support
Chat with Support

Active Roles 8.0 LTS - Release Notes

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 9: General known issues
Known Issue Issue ID

Activating the EnableAntiForgery key (<add key="EnableAntiForgery" value="true"/> in web.config) may cause the following error message:

Session timeout due to inactivity. Please reload the page to continue.

Workaround

Update the IgnoreValidation key in the<appSettings> section by adding a property value in lowercase:

  1. Open IIS Manager.

  2. In the left pane, under Connections, expand the tree view to Sites > Default Web Site.

  3. Under Default Web Site, click on the Active Roles application (ARWebAdmin by default).

  4. Double-click Configuration Editor.

  5. From the Section drop-down, select appSettings.

  6. Find the IgnoreForValidation key.

  7. Append the comma-separated value to IgnoreForValidation, for example: lowercasecontrolname.

  8. In the right pane, under Actions, click Apply.

  9. Recycle the App pool.

91977

Table 10: Configuration Center known issues
Known Issue Issue ID

When configured for Groups and Contacts, the Office 365 and Azure Tenant Selection policy displays additional tabs.

229031

Tenant selection supports selecting only a single tenant.

229030

In the Starling Connect Connection Settings link, clicking Next displays progress, but the functionality is not affected, so the button is not required.

126892

Table 11: Console (MMC Interface) known issues
Known Issue Issue ID

Automation workflows with the Microsoft 365 script fail, if multiple workflows share the same script and the script is scheduled to execute at the same time.

Workaround

One Identity recommends scheduling the workflows with different scripts or at a different time.

200328

When a workflow is copied from a built-in workflow, it may not run as expected.

153539

Azure Group Properties are not available if they are added to the Microsoft 365 Portal or Hybrid Exchange Properties from the forwarding address attribute of Exchange online users.

98186

In Active Roles with the Office 365 Licenses Retention policy applied, after deprovisioning the Azure AD user, the Deprovisioning Results for the Office 365 Licenses Retention policy are not displayed in the same window.

Workaround

To view the deprovisioning results of an Azure AD user:

  • In the Active Roles Console, right-click and select Deprovisioning Results.

  • In the right pane of the Active Roles Web Interface, click Deprovisioning Results.

  • To refresh the form, press F5.

91901

Table 12: Installer known issues
Known Issue Issue ID

After upgrading Active Roles, the pending approval tasks are not displayed in the Active Roles Web Interface.

91933

Table 13: Language Pack known issues
Known Issue Issue ID

In the Active Roles Configuration Center, changing the language in Global settings does not work properly.

Workaround

To change the language of the Web Interface, configure the language with the Active Roles 8.0 > Settings > User interface language option of the Web Interface.

125880

In the Active Roles Console, the O365 script execution configuration activity of the Workflow Designer is not completely localized to German.

151392

In the Active Roles Console, the German localization may contain visual issues and truncated texts.

91946

In the Active Roles Console, some strings are displayed in English instead of German in the German localization.

91942

In the Active Roles Synchronization Service, the Event Viewer messages are not translated to German.

91753

In the Active Roles Synchronization Service, the German localization does not have all connector strings translated.

91709

In the Active Roles Web Interface, some Azure-related strings are translated incorrectly for the supported languages. Translated texts may also contain link inconsistencies.

257995

In Active Roles, several German localization issues are present.

164713

In Active Roles, strings on the notification page are not localized.

153695

In the Language Pack installer, the link of the online EULA agreement in the EULA text does not work.

91925

Table 14: Synchronization Service known issues
Known Issue Issue ID

In the Active Roles Synchronization Service, the following attributes of the Microsoft Azure AD Connector are currently not supported and cannot be queried via the Microsoft Graph API:

  • user attributes:

    • aboutMe

    • birthday

    • contacts

    • hireDate

    • interests

    • mySite

    • officeLocation

    • pastProjects

    • preferredName

    • responsibilites

    • schools

    • skills

  • group attributes:

    • acceptedSenders

    • allowExternalSenders

    • autoSubscribeNewMembers

    • hasMembersWithLicenseErrors

    • hideFromAddressLists

    • hideFromOutlookClients

    • isSubscribedByMail

    • membersWithLicenseErrors

    • rejectedSenders

    • unseenCount

This means that although these attributes are visible, they cannot be set in a mapping rule.

304074

After running the get-qcworkflowstatus cmdlet in the Synchronization Service, the workflow status is not accurate.

125768

Table 15: Web Interface known issues
Known Issue Issue ID

If you click Azure > Resource Mailboxes to query room mailboxes after being idle for approximately 15-20 minutes, the Active Roles Web Interface will not list any room mailboxes.

Workaround

Restart the Administration Service.

293380

In the Active Roles Web Interface, Azure roles are not restored automatically after performing an Undo Deprovision action on a user.

Workaround

After the Undo Deprovision action is completed, assign the Azure roles to the user manually.

172655

Active Roles does not support creating Azure groups for existing groups.

117015

Active Roles Web Interface does not support setting the Exchange Online Property of the ProhibitSendQuota value in Storage Quotas.

91905

System requirements

Before installing ARS 8.0 LTS, ensure that your system meets the following minimum hardware and software requirements.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

TIP: To run these PowerShell commands, use the 64-bit version of Windows PowerShell.

Requirement

Details

Exchange Online PowerShell V2 module 2.0.3

You must install Exchange Online PowerShell V2 module version 2.0.3 (or newer) on the computer(s) running Active Roles Administration Service. For installation instructions, see Install and maintain the EXO V2 module in the Microsoft Azure Exchange PowerShell documentation.

Az.Accounts PowerShell module 2.5.3

You must install Az.Accounts PowerShell module version 2.5.3 (or older) on the computer(s) running Active Roles Administration Service and Active Roles Synchronization Service. For installation instructions, see Az.Accounts 2.5.3 in the Microsoft PowerShell Gallery.

SharePoint Online Management Shell - x64

You must install SharePoint Online Management Shell on the computer running Active Roles Administration Service. For installation instructions, see Get started with SharePoint Online Management Shell in the Microsoft SharePoint PowerShell documentation.

Microsoft Edge WebView2 Runtime

You must install Microsoft Edge WebView2 Runtime on the computer running Active Roles Administration Service. For more information, see Introduction to Microsoft Edge WebView2 in the Microsoft Edge Developer documentation.

(Optional) One Identity certificate

If your organization enforces the AllSigned policy, you must install the One Identity certificate during the installation of Active Roles.

Hardware requirements
Table 16: Hardware requirements
Requirement Details

Processor

NOTE: The number of cores required depends on the size of the environment and the total number of managed objects.

For Administration Service, Web Interface and Synchronization Service, any of the following:

  • Intel 64 (EM64T)

  • AMD64

  • Minimum 2 cores

  • CPU speed: 2.0 GHz or faster

NOTE: For Synchronization Service, One Identity recommends using a multi-core CPU for the best performance.

For Console and Management Tools, any of the following:

  • Intel x86

  • Intel 64 (EM64T)

  • AMD64

  • CPU speed: 1.0 GHz or faster.

Memory

NOTE: The amount of RAM required depends on the size of the environment and the total number of managed objects.

Administration Service:

A minimum of 4 GB of RAM.

Web Interface, Synchronization Service:

A minimum of 2 GB of RAM.

Console, Management Tools:

A minimum of 1 GB of RAM.

Hard disk space

Administration Service, Web Interface, Console, Management Tools:

A minimum of 100 MB of free disk space.

Synchronization Service:

A minimum of 250 MB of free disk space.

NOTE: If SQL Server and Synchronization Service are installed on the same computer, the amount required depends on the size of the Synchronization Service database.

Operating system

You can install any of the Active Roles components on a computer running:

  • Microsoft Windows Server 2022

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

Active Roles supports the Standard or Datacenter edition of these operating systems.

In addition, you can install the Active RolesConsole and Management Tools on a computer running:

  • Microsoft Windows 10, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64).

  • Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64).

Component requirements

All Active Roles components require:

Table 17: Administration Service requirements
Requirement

Details

SQL Server

You can host the Active Roles database on the following SQL Server versions:

  • Microsoft SQL Server 2019, any edition.

  • Microsoft SQL Server 2017, any edition.

  • Microsoft SQL Server 2016, any edition.

  • Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack.

  • Azure SQL hosted databases.

To connect Active Roles to a Microsoft SQL Server deployment, the following driver is required:

  • Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL).

Windows Management Framework

Windows Management Framework 5.1 (available for download) is required on all supported operating systems.

Operating system on domain controllers

Active Roles retains all features and functions when managing Active Directory on domain controllers running any of these operating systems, any edition, with or without any Service Pack:

  • Microsoft Windows Server 2022

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

NOTE: Active Roles deprecates managed domains with the domain functional level lower than Windows Server 2008 R2. One Identity recommends that you raise the functional level of the domains managed by Active Roles to Windows Server 2008 R2 or higher.

Exchange Server

Active Roles is capable of managing Exchange recipients on:

  • Microsoft Exchange Server 2019

  • Microsoft Exchange Server 2016

  • Microsoft Exchange Server 2013

NOTE: Microsoft Exchange 2013 CU11 is not supported. For more information, see Knowledge Base Article 202695.

Table 18: Web Interface requirements
Requirement

Details

Internet Services

Active Roles Web Interface requires the Web Server (IIS) server role with the following role services:

  • Web Server/Common HTTP Features/

  • Default Document

  • HTTP Errors

  • Static Content

  • HTTP Redirection

  • Web Server/Security/

  • Request Filtering

  • Basic Authentication

  • Windows Authentication

  • Web Server/Application Development/

  • .NET Extensibility

  • ASP

  • ASP.NET

  • ISAPI Extensions

  • ISAPI Filters

  • Management Tools/IIS 6 Management Compatibility/

  • IIS 6 Metabase Compatibility

Configure Internet Information Services (IIS) to provide Read/Write delegation for the following features:

  • Handler Mappings

  • Modules

  • Use Feature Delegation in IIS Manager to confirm that these features have their delegation set to Read/Write.

Web browser

You can access Active Roles Web Interface using:

  • Mozilla Firefox 36 (or newer) on Windows.

  • Google Chrome 61 (or newer) on Windows.

  • Microsoft Edge 79 (or newer), based on Chromium on Windows 10.

You can use a later version of Firefox and Google Chrome to access Active Roles Web Interface. However, the Active Roles Web Interface was tested only with the browser versions listed above.

Minimum screen resolution

Active Roles Web Interface is optimized for screen resolutions of 1280x800 or higher.

The minimum supported screen resolution is 1024x768.

Table 19: Console requirements
Requirement

Details

Web browser

Active Roles Console requires Microsoft Edge 79 (or newer), based on Chromium.

Table 20: Management Tools requirements
Requirement

Details

Windows Management Framework

Windows Management Framework 5.1 (available for download) is required on all supported operating systems.

Remote Server Administration Tools (RSAT)

To manage Terminal Services user properties by using Active Roles Management Shell, Active Roles Management Tools requires Remote Server Administration Tools (RSAT) for Active Directory.

For more information on installing the RSAT version applicable to your operating system, see Remote Server Administration Tools (RSAT) for Windows in the Microsoft Windows Server documentation.

Table 21: Synchronization Service requirements
Requirement

Details

SQL Server

You can host the Active RolesSynchronization Service database on:

  • Microsoft SQL Server 2019, any edition.

  • Microsoft SQL Server 2017, any edition.

  • Microsoft SQL Server 2016, any edition.

  • Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack.

NOTE: Active Roles Synchronization Service does not support Azure SQL hosted databases.

Windows Management Framework

Windows Management Framework 5.1 (available for download) is required on all supported operating systems.

Supported connections

Active Roles Synchronization Service can connect to the following data systems:

  • Microsoft Active Directory Domain Services (AD DS) with the domain or forest functional level of Windows Server 2016 or higher.

  • Microsoft Active Directory Lightweight Directory Services (AD LDS) running on any Windows Server operating system supported by Microsoft.

  • The following Microsoft Exchange Server versions:

    • Microsoft Exchange Server 2019

    • Microsoft Exchange Server 2016

    • Microsoft Exchange Server 2013

    NOTE: Microsoft Exchange 2013 CU11 is not supported. For more information, see Knowledge Base Article 202695.

  • Microsoft Lync Server version 2013 with limited support.

  • Microsoft Skype for Business 2019, 2016 or 2015.

  • Microsoft Windows Azure Active Directory (Azure AD) using Microsoft Graph API version 1.0.

  • Microsoft Office 365 directory.

  • Microsoft Exchange Online service.

  • Microsoft Skype for Business Online service.

  • Microsoft SharePoint Online service.

  • Microsoft SQL Server, any version supported by Microsoft.

  • Microsoft SharePoint 2019, 2016, or 2013.

  • Active Roles version 7.4.3, 7.4.1, 7.3, 7.2, 7.1, 7.0, and 6.9.

  • One Identity Manager version 7.0 (D1IM 7.0).

  • One Identity Manager version 8.0.

  • Support for Generic LDAP Connector, MySQL Connector, Open LDAP Connector, IBM Db2 Connector, Salesforce Connector, Service now Connector, and IBM RACF Connector.

  • Support for SCIM-based data import operations.

  • Support for Oracle Database, Oracle Database User Accounts, Oracle Unified Directory, Micro Focus NetIQ Directory, and IBM AS/400 connectors.

  • Data sources accessible through an OLE DB provider.

  • Delimited text files.

Legacy Active Roles ADSI Provider

To connect to Active Roles version 6.9, install the Active Roles ADSI Provider. For more information, see Installing additional components in the Active Roles Quick Start Guide.

One Identity Manager API

To connect to One Identity Manager 7.0, install One Identity Manager Connector on the computer running Active Roles Synchronization Service. This connector works with the RESTful web service and no SDK installation is required.

Internet connection

To connect to cloud directories or online services, the machine running Active Roles Synchronization Service must have a reliable Internet connection.

Table 22: Synchronization Service Capture Agent requirements
Requirement

Details

Operating system

The DCs on which you install Active Roles Synchronization Service Capture Agent must run one of the following operating systems with or without any Service Pack:

  • Microsoft Windows Server 2022

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

For more information, see the Active Roles Synchronization Service Administration Guide.

Table 23: Language Pack requirements
Requirement

Details

Active Roles version

The Active Roles 8.0 LTS Language Pack requires Active Roles version 8.0 LTS of the Administration Service, Configuration Center, Console, Synchronization Service or the Web Interface installed on the target machine.

The Active Roles 8.0 LTS Language Pack will not work properly with earlier versions of Active Roles.

Operating system

You can install the Active Roles Language Pack on 64-bit operating systems only.

Product licensing

Use of this software is governed by the Software Transaction Agreement found at www.oneidentity.com/legal/sta.aspx. This software does not require an activation or license key to operate.

The product usage statistics can be used as a guide to show the scope and number of managed objects in Active Roles.

Upgrade and installation instructions

You can upgrade any 7.x version of Active Roles to Active Roles 8.0 LTS.

NOTE: You must run the Active Roles installer with administrator privileges.

  • For instructions on how to upgrade from an earlier version of Active Roles or how to install and initially configure Active Roles, see the Active Roles Quick Start Guide.

  • For instructions on how to install the Active Roles Language Pack, see Active Roles Language Pack in the Active Roles Administration Guide.

  • For special considerations regarding the installation of Active Roles 8.0 LTS, see the following information.

NOTE: Consider the following before upgrading to a new version of Active Roles:

  • Components of an earlier Active Roles version may not work with the components of the new version you are upgrading to.

  • Custom solutions (scripts or other modifications) that rely on Active Roles features may fail to work after an upgrade due to compatibility issues. Therefore, before starting the upgrade, test your existing solutions with the new version of Active Roles in a lab environment to verify that your custom solutions will continue to work.

TIP: When upgrading to a new Active Roles version, One Identity recommends upgrading the Active Roles Administration Service first, and the client components (Active Roles Console and Active Roles Web Interface) afterwards.

Changes related to Azure tenants

NOTE: If your organization has any Azure tenants that are managed with Active Roles, you need to reauthenticate and reconsent them after installing Active Roles 8.0 LTS. Otherwise, Active Roles will not receive the required permissions for managing existing Azure tenants, and tenant administration in Active Roles 8.0 LTS will not work correctly. For more information, see Reconfiguring Azure tenants during upgrade configuration in the Active Roles Quick Start Guide.

Changes related to Active Roles Synchronization Service

NOTE: Active Roles 7.5 introduced support for Modern Authentication in the Azure BackSync workflows of the Active Roles Synchronization Service. After upgrading to Active Roles 8.0 LTS from an earlier version, if you previously had an Azure BackSync workflow configured, you will be prompted to reconfigure it in the Active Roles Synchronization Service Console.

CAUTION: If you previously had an Azure BackSync workflow configured in Active Roles Synchronization Service, and you use more than one Azure Active Directory (Azure AD) service in your deployment, you must specify the Azure AD for which you want to configure Azure BackSync. Failure to do so may either result in directory objects not synchronized at all, or synchronized to unintended locations.

For more information on how to specify the Azure AD used for back-synchronization, see Configuring automatic Azure BackSync in the Active Roles Synchronization Service Administration Guide.

CAUTION: Starting from Active Roles 7.6, Starling Two-Factor Authentication (2FA) is no longer supported and has been removed from Active Roles. If you use Starling with Starling 2FA enabled, before upgrading to Active Roles 8.0 LTS, disable Starling 2FA to remove it from your Starling configuration. Upgrading from an earlier Active Roles 7.x version to Active Roles 8.0 LTS with Starling 2FA enabled can result in Active Roles not working as intended.

  1. To disable Starling 2FA, in the Active Roles Configuration Center, navigate to Starling > Starling 2FA and clear the Enable Starling 2FA check box.

  2. (Optional) To unjoin Starling, in the Active Roles Configuration Center, navigate to Starling, and click Unjoin One Identity Starling.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating