Chat now with support
Chat with Support

Active Roles 8.1.1 - Administration Guide

Introduction Getting started Rule-based administrative views Role-based administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based access rules
Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configure an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Managing Hybrid AD users
Creating a new Azure AD user with the Web Interface Viewing or updating the Azure AD user properties with the Web Interface Viewing or modifying the manager of a hybrid Azure user Disabling an Azure AD user Enabling an Azure AD user Deprovisioning of an Azure AD user Undo deprovisioning of an Azure AD user Adding an Azure AD user to a group Removing an Azure AD user from a group View the change history and user activity for an Azure AD user Deleting an Azure AD user with the Web Interface Creating a new hybrid Azure user with the Active Roles Web Interface Converting an on-premises user with an Exchange mailbox to a hybrid Azure user Licensing a hybrid Azure user for an Exchange Online mailbox Viewing or modifying the Exchange Online properties of a hybrid Azure user Creating a new Azure AD user with Management Shell Updating the Azure AD user properties with the Management Shell Viewing the Azure AD user properties with the Management Shell Delete an Azure AD user with the Management Shell Assigning Microsoft 365 licenses to new hybrid users Assigning Microsoft 365 licenses to existing hybrid users Modifying or removing Microsoft 365 licenses assigned to hybrid users Updating Microsoft 365 licenses display names
Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Microsoft 365 roles management for hybrid environment users Managing Microsoft 365 contacts Managing Hybrid AD groups Managing Microsoft 365 Groups Managing cloud-only distribution groups Managing cloud-only dynamic distribution groups Managing Azure security groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes Managing cloud-only shared mailboxes
Modern Authentication Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Location of groups

On the next page, you can specify the container you want to hold the groups generated by the Group Family.

Figure 152: Location of groups

You can choose one of these options:

  • Group Family home OU: The Group Family creates groups in the container that holds the configuration storage group for that Group Family. For more information, see Start the New Group Family Wizard.

  • This Organizational Unit: The Group Family creates groups in the specified container. This must be an Organizational Unit or container from the domain of the Group Family configuration storage group. Click Select to choose the desired Organizational Unit or container.

Exchange-related settings

On the next page, you can specify whether you want the groups generated by the Group Family to be mail-enabled, and set up Exchange-related properties to assign to those groups upon their creation.

Figure 153: Exchange-related settings

If you want the Group Family groups to be mail-enabled, select the Mail-enable groups created by Group Family check box. Then, you can set up the following Exchange-related properties for the Group Family groups:

  • Expansion server: The Exchange server used to expand a Group Family group into a list of group members.

  • Hide group from Exchange address lists: Prevents the Group Family groups from appearing in address lists. If you select this check box, each of the groups will be hidden from all address lists.

  • Send out-of-office messages to originator: Select this check box if you want out-of-office messages to be sent to the message originator, when a message is sent to a Group Family group while one or more of the group members have an out-of-office message in effect.

  • Send delivery reports to group owner: Use this option if you want delivery reports to be sent to the group owner, when a message sent to a Group Family group is not delivered. This lets the group owner know that the message was not delivered.

  • Send delivery reports to message originator: Use this option if you want delivery reports to be sent to a message originator, when a message sent to a Group Family group is not delivered. This lets the message originator know that the message was not delivered.

  • Do not send delivery reports: Use this option if you do not want delivery reports to be sent, even if a message sent to a Group Family group is not delivered.

Group Family scheduling

On the next page, you can schedule the Group Family to run. During each run, the Group Family performs as described in the How Group Family works.

When setting up the schedule options, take into account that a Group Family run is a lengthy and resource intensive operation. Therefore, a Group Family run should be scheduled for a time that it will have the minimum impact on users.

Figure 154: Group family scheduling

Select the first check box to run the Group Family right after you complete the wizard and whenever the Group Family is modified by managing the configuration storage group. For more information, see Administering Group Family.

Select the Schedule Group Family to run check box to set up schedule options. As long as this check box is selected, the Group Family runs at specified time.

From the Run on this server list, you can select the Administration Service to run the Group Family. It is advisable to choose the least loaded Service.

Steps for creating a Group Family

The creation of a Group Family is a two-step process that includes:

  1. Creating the Group Family configuration

  2. Running the Group Family to initially create or capture groups

The Active Roles Console provides the New Group Family Wizard for creating the Group Family configuration. The wizard creates a group, referred to as configuration storage group, and populates that group with the configuration data you specify. The wizard also allows you to run the Group Family immediately or schedule the Group Family to run on a regular basis.

To create the Group Family configuration and run the Group Family

  1. In the Console tree, right-click the Organizational Unit in which you want to create the Group Family configuration storage group, and select New > Group Family to start the New Group Family Wizard.

  2. Follow the instructions on the wizard pages.

  3. On the Name the Group Family page, specify a name for the Group Family.

    The wizard creates the Group Family configuration storage group with the name you specify on this page.

  4. On the Grouping Options page, do one of the following, and then click Next:

    • Click Pre-configured grouping by, and then select a preconfigured grouping criteria from the list.

    • Click Custom Grouping to configure custom grouping criteria in later steps of the wizard.

  5. On the Location of Managed Objects page, do the following, and then click Next:

    • Click Add, and then select a container that holds the objects to be assembled into groups.

    • Click Remove to remove a selected container from the Containers list.

  6. On the Selection of Managed Objects page, do the following, and then click Next:

    • Select a type of objects by clicking one of the four topmost options; or click Other, and then click Specify to choose an object type from the Object Types list.

    • Click Preview to view the list of objects that meet the specified conditions.

  7. On the Group-by Properties page, do the following, and then click Next:

    • Click Add, and select an object property from the Object property list.

  8. On the Capture Existing Groups Manually page, select Skip this step, without capturing groups manually, and then click Next.

  9. On the Group Naming Rule page, do the following, and click Next:

  10. On the Group Type and Scope page, do the following, and then click Next:

    • In the Group scope area, select a group scope.

    • In the Group type area, select a group type.

  11. On the Location of Groups page, do one of the following, and then click Next:

    • To have the Group Family create new groups in the OU that holds the Group Family configuration storage group, click Group Family home OU.

    • To have the Group Family create new groups in a different OU, click This Organizational Unit, and then click Select to choose the OU.

  12. On the Exchange-related Settings page, do the following, and then click Next:

    • Select or clear the Mail-enable groups created by Group Family as appropriate. If you select this check box, set up the Exchange-related options on this page.

  13. On the Group Family Scheduling page, do the following, and then click Next.

    • If you want the Group Family to run once you have completed the wizard, select Run Group Family once after completing this page.

    • If you want the Group Family to run on a schedule basis, select Schedule Group Family to run, and then set the appropriate date, time, and frequency of runs by using the options below this check box.

    • From the Run on this server list, select the Administration Service you want to run the Group Family.

  14. On the last page of the wizard, click Finish.

To complete the Filter dialog

  1. Select an object property under Select Property.

  2. Select an operator from the Select operator drop-down list.

  3. In Specify value (case-insensitive), type in a value for the selected property.

  4. Click Add to add the filter condition that you have just specified, to the Conditions list.

  5. To add multiple filter conditions, repeat steps 1-4.

To complete the Configure Value dialog

  1. Click Add.

  2. In the Add Entry dialog, do one of the following, and then click OK:

    • To configure a text entry, click Text under Entry type, and then type a value in the Text value box.

    • To configure a group-by property entry, click Group-by Property under Entry Type, and then, under Entry properties, select a property from the list and do one of the following:

      • If you want the entry to include the entire value of the property, click All characters of the property value.

      • If you want the entry to include a part of the property value, click The first, and specify the number of characters to include in the entry.

  3. Optionally, do the following:

    • Add more entries, delete or edit existing ones, and use the arrow buttons to move entries up or down in the list.

    • Paste the Clipboard contents to the list of entries by clicking the button next to the Configured value box.

  4. Click OK.

To complete the Fine-tune Naming Rule dialog

  1. Select the check box and click Configure next to the naming property that you want to configure, and then complete the Configure Value dialog by using the procedure outlined above.

  2. Click OK.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating