Chat now with support
Chat with Support

Active Roles 8.0.1 LTS - Feature Guide

Introduction Administrative rules and roles Using Active Roles Configuring and administering Active Roles FIPS compliance LSA protection support

Skype for Business Server User Management

To provision Skype for Business Server user accounts in single-forest and multi-forest Active Directory (AD) environments, Active Roles offers the Skype for Business User Management feature.

The Skype for Business Server User Management feature provides built-in Active Roles policies that synchronize user account information between Active Roles and Skype for Business Server, allowing you to perform Skype for Business Server user management tasks via the Active Roles Web Interface.

Skype for Business Server User Management lets you use Active Roles to:

  • Add and enable new Skype for Business users.

  • View or change Skype for Business Server user properties and policy assignments.

  • Move Skype for Business Server users from one Skype for Business Server pool to another.

  • Disable or re-enable user accounts for Skype for Business Server.

  • Remove users from Skype for Business Server.

To perform these administration tasks, the feature adds the following elements to Active Roles:

  • Built-in Policy Objects that enable Active Roles to perform user management tasks on Skype for Business Server, either in a single-forest or a multi-forest AD environment.

  • Additional commands and pages in the Active Roles Web Interface for managing Skype for Business Server users.

  • Access Templates (ATs) to delegate Skype for Business Server user management tasks.

The Skype for Business Server User Management policy allows you to control the following factors of creating and managing Skype for Business Server users:

  • SIP user name generation rules. When adding and enabling a new Skype for Business Server user, Active Roles can generate a SIP user name based on other properties of the user account.

  • SIP domain selection rules. When configuring the SIP address for a Skype for Business Server user, Active Roles can restrict the list of selectable SIP domains and suggest which SIP domain to select by default.

  • Telephony selection rules. When configuring telephony for a Skype for Business Server user, Active Roles can restrict the list of selectable telephony options and can suggest default options to select.

  • Pool selection rules. When adding and enabling a new Skype for Business Server user, Active Roles can restrict the list of selectable registrar pools and suggest which pool to select by default. This rule also applies to selecting the destination pool when moving a Skype for Business Server user from one pool to another.

Skype for Business Server User Management provides a number of ATs allowing you to delegate the following tasks in Active Roles:

  • Add and enable new Skype for Business Server users.

  • View existing Skype for Business Server users.

  • View or change the SIP address for Skype for Business Server users.

  • View or change the telephony option and related settings for Skype for Business Server users.

  • View or change Skype for Business Server user policy assignments.

  • Disable or re-enable user accounts for Skype for Business Server.

  • Move users from one Skype for Business Server pool to another.

  • Remove users from Skype for Business Server.

Getting started

For more information on the prerequisites and configuration of Skype for Business Server User Management, see Skype for Business Server Solution in the Active Roles Administration Guide.

Workflow features and activities

Active Roles supports the following major workflow features and activities:

Getting started

To get started with workflows, see the following resources:

  • For more information on the listed workflow features and activities, see the linked sections.

  • For more information on workflows in general, see Workflows in the Active Roles Administration Guide.

Workflows – Saving object properties

Workflows configured in the Active Roles Console support saving object properties when running the workflow with the Saving Object Properties activity. The properties are saved in the workflow data context and can be retrieved by other workflow activities either before or after the object changed.

Saving object properties is useful for situations that require knowing not only the current state or properties of the changed object, but also its previous states or property values. Such earlier states or property values may be required for informational, archival or decision making purposes.

For example, to notify users and administrators of object deletions, you can create a workflow that:

  1. Starts when requesting the deletion of the object.

  2. Saves the name of the object to be deleted.

  3. After the object is deleted, it sends a notification message with the saved name of the deleted object.

Workflow configuration options

The Saving Object Properties activity has the following configuration options:

  • Activity target: Specifies the object whose properties will be saved. The available settings are the following:

    • Workflow target object: Specifies the target object of the request in a change workflow that started the workflow.

      For example, in case of a change workflow starting with the delete request of an object, selecting this setting will result in the activity saving the properties of the object to be deleted.

    • Fixed object in directory: Specifies a particular object that you select in Active Directory.

    • Object identified by workflow parameter: Specifies the object via the value of a certain parameter in the workflow. You can select the parameter from the workflow definition.

    • Object from workflow data context: When selected, the activity will select the object based on the workflow environment data collected while running the workflow. You can select the object for the activity when the workflow is initiated.

    • Object identified by DN-value rule expression: Specifies the object via its Distinguished Name (DN) by the string value of a certain rule expression. By using a rule expression, you can compose a string value based on the properties of various objects found in the workflow environment when running the workflow. You can create the desired rule expression when you configure the activity.

  • Target properties: Specifies the object properties you want the activity to save. The Workflow Designer contains a default list of properties; however, you can change the list as you need.

    By default, the activity saves all single-value non-constructed attributes found in the directory schema of the target object, including custom virtual attributes added to the directory schema by Active Roles.

  • Notification: Configures notifications for the runs of the activity, and subscribes recipients to the following notification events:

    • Activity completed successfully: Sends a notification email if no significant errors occurred during the run of the activity.

    • Activity encountered an error: Sends a notification email if significant errors occurred during the run of the activity.

    The notification settings specify the notification events and recipients. When run by the workflow, the activity prepares a notification message according to the specified event. Active Roles retains the message prepared by the activity, and sends the message to the specified recipients when the event occurs.

  • Error handling: Specifies the action to take when detecting any errors. Selecting Continue workflow even if this activity encounters an error will suppress any errors detected by Active Roles during the workflow run. Leaving this setting clear will result in Active Roles stopping the workflow if the activity detects any errors. By default, this setting is not selected.

Retrieving saved properties

If you use any workflows that include the Save Object Properties activity, you can configure additional activities to retrieve the object property information saved by the Save Object Properties activity. You can do this by three means:

  • Using a Script activity with the following expression:

    $workflow.SavedObjectProperties("activityName").get("attributeName")

    In this expression, activityName is the name of the Save Object Properties activity, while attributeName is the LDAP display name of the attribute representing the property you want the script to retrieve.

    NOTE: You must specify an attribute listed in the Target properties setting of the Save Object Properties activity. Otherwise, the expression will return no property value during runtime.

  • Adding the Workflow - Saved Object Properties token to the notification message template. To do so:

    1. In the Insert Token dialog, in the list of tokens, click Workflow - Saved Object Properties, then click OK.

    2. In the dialog that appears, select the name of the Save Object Properties activity and the saved property you want the token to retrieve.

    NOTE: You must specify an attribute listed in the Target properties setting of the Save Object Properties activity. Otherwise, the token you configured will return no property value during runtime.

  • If you use an If-Else branch condition, a Search filter, or a Create, Update or Add Report Section activity, by selecting the Property of object from workflow data context configuration option. To do so:

    1. In the Object Property dialog, click the link in the Target object field, then click More choices.

    2. In the dialog that appears, click Saved Object Properties. Then, in the Activity list, select the name of the Save Object Properties activity and click OK.

    3. In the Object Property dialog, click the link in the Target property field, then select the property you want.

    NOTE: You must specify an attribute listed in the Target properties setting of the Save Object Properties activity. Otherwise, the entry you configured will return no property value during runtime.

Getting started

For more information on how to configure object property saving in a workflow, see Configuring a Save Object Properties activity in the Active Roles Administration Guide.

Workflows – Modifying requested changes

Change workflows configured in the Active Roles Console support updating change requests that started a workflow with the Modify Requested Changes activity. This activity lets you add or remove changes to the properties of the workflow target object while the workflow is running.

For example:

  • In a workflow that starts when requesting the creation of an object, you can use the Modify Requested Changes activity to either modify the properties that will be assigned to the new object, or change the container in which the object will be created.

  • In a workflow that starts when requesting the change an object, you can use the Modify Requested Changes activity to modify the requested property changes of the object.

NOTE: The Modify Requested Changes activity is not available in automation workflows.

Workflow configuration options

The Modify Requested Changes activity has the following configuration options:

  • Target changes: Specifies the property changes to add or remove from the change request. Use this setting to select:

    • The Property (or properties) you want the activity to change.

    • The Action to perform for each property (for example, adding, setting or removing the value of the property, or removing the property itself from the request).

    • The Value to add, remove or modify.

    You can add, remove and modify values both for single-value and multi-value properties, with the following options.

    NOTE: The various properties may only support some of the following settings.

    • Fixed object in directory: Specifies a particular object that you select in Active Directory.

    • Text string: Lets you specify the value of the property manually via a string.

    • Workflow target object: Specifies the target object of the request in a change workflow that started the workflow.

    • Property of workflow target object: Uses the value of a specific property of the target object in the request that started the workflow. When selecting this option, you can select the property from a list of object properties.

    • Workflow initiator object: Uses the object that initiated the workflow. When selecting this option, you can select the object from a list.

    • Property of workflow initiator: Uses the value of a specific property of the user who initiated the workflow. When selecting this option, you can select the property from a list of object properties.

    • Object identified by workflow parameter: Specifies the object via the value of a certain parameter in the workflow. You can select the parameter from the workflow definition.

    • Object from workflow data context: When selected, the activity will select the object based on the workflow environment data collected while running the workflow. You can select the object for the activity when the workflow is initiated.

    • Object identified by DN-value rule expression: Specifies the object via its Distinguished Name (DN) by the string value of a certain rule expression. By using a rule expression, you can compose a string value based on the properties of various objects found in the workflow environment when running the workflow. You can create the desired rule expression when you configure the activity.

    • Changed value of workflow target object property: Uses the value that the workflow requests to be assigned to a certain property of the workflow target object. When selecting this option, you can select the property from a list of object properties.

    • Workflow parameter value: Uses the value of a certain parameter of the workflow. When selecting this option, you can select the property from a list of workflow parameters.

    • Property of object from workflow data context: Uses the value of a certain object property selected by the activity on the basis of the data found in the workflow run-time environment. You can choose the desired property and specify which object you want the activity to select when the workflow runs.

    • Value generated by rule expression: Uses the string value of a certain rule expression. By using a rule expression you can compose a string value based on properties of various objects found in the workflow runtime environment. You can create the desired rule expression when you configure the activity.

  • Notification: Configures notifications for the runs of the activity, and subscribes recipients to the following notification events:

    • Activity completed successfully: Sends a notification email if no significant errors occurred during the run of the activity.

    • Activity encountered an error: Sends a notification email if significant errors occurred during the run of the activity.

    The notification settings specify the notification events and recipients. When run by the workflow, the activity prepares a notification message according to the specified event. Active Roles retains the message prepared by the activity, and sends the message to the specified recipients when the event occurs.

  • Error handling: Specifies the action to take when detecting any errors. Selecting Continue workflow even if this activity encounters an error will suppress any errors detected by Active Roles during the workflow run. Leaving this setting clear will result in Active Roles stopping the workflow if the activity detects any errors. By default, this setting is not selected.

  • Additional settings: The Modify Requested Changes activity also contains the following settings:

    • Modify object creation requests so as to create objects in this container: Allows you to change the container where Active Roles creates the new objects, while ensuring that the policies and workflows will be applied from the container where the object will be created (rather than from the container that was originally specified in the object creation request).

    • Include or exclude these controls from the change request: Allows you to add or remove Active Roles controls from the request. "Controls" are pieces of data that provide additional information for Active Roles on how to process the request.

      If you do not specify any controls in the request, Active Roles will process the request based on the type of the request only. You can either configure the activity to add certain controls to the request (include controls) or to ensure that certain controls never occur in the request (exclude controls). For more information about adding Active Roles controls to a request, see the Active Roles SDK documentation.

Getting started

For more information on how to configure object property saving in a workflow, see Configuring a Modify Requested Changes activity in the Active Roles Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating