Chat now with support
Chat with Support

Active Roles 8.1.1 - Solutions Guide

Active Roles Solutions Overview Exchange Resource Forest Management Configuration Transfer Wizard Solution Active RolesSPML Provider Skype for Business Server Solution
Introducing Skype for Business Server User Management Supported Active Directory topologies User Management policy Master Account Management policy Access Templates for Skype for Business Server Deploying the Solution Managing Skype for Business Server Users
Management Pack for SCOM

Known issues

This section provides a list of the currently known issues that customers may experience with Configuration Transfer Wizard. For each issue, the list includes an ID number, which identifies the issue, a brief description of the problem, and a workaround, if any exists, for the problem.

TF00004281

In the target Active Roles configuration, the solution cannot restore the edsvaDebuggingServer and edsvaDebuggingServerName properties of Script Module objects: those attributes are always empty.

WORKAROUND
Manually specify those properties with the use of the Active Roles console.

TF00004581

Configuration Deployment Wizard fails to deploy some of Access Templates. The solution log file contains the error message similar to the following text:

"Error [4710]: Administrative Policy returned an error. The object <Object DN> not found."

This error occurs if the source configuration contains nested Access Templates.

WORKAROUND
On the Collect Active Roles Configuration Data page of the wizard, select all the nested Access Templates you want to collect. If you are using ARSconfig, ensure that the selection file includes the nested Access Templates into the configuration export package.

TF00004585

After transferring a Policy Object that includes the “User Account Relocation Deprovisioning” policy entry, the “Description” and the “Error message returned by this policy” text boxes available on the User Account Relocation Policy Properties dialog box contain invalid target domain name.

WORKAROUND
After deploying the target configuration, manually edit those text elements using the Active Roles console.

TF00010732

When collecting Script Modules, Configuration Transfer Wizard may not collect the library Script Modules that are used by the Script Modules being exported. As a result, the deployment of the exported Script Modules may cause an error condition in the destination environment.

WORKAROUND
On the Collect Active Roles Configuration Data page of the wizard, select all the library Script Modules that are used by the Script Modules you want to collect. If you are using ARSconfig, ensure that the selection file includes the library Script Modules into the configuration export package.

TF00039803

When collecting Display Specifiers, Configuration Transfer Wizard may not collect the Active Roles virtual attributes for which the Display Specifiers are being exported. As a result, the deployment of the exported Display Specifiers may cause an error condition in the destination environment.

WORKAROUND

On the Collect Active Roles Configuration Data page of the wizard, select all the Active Roles virtual attributes for which the Display Specifiers are being exported. If you are using ARSConfig, ensure that the selection file includes the Active Roles virtual attributes into the configuration export package.

TF00050511

In a situation where an object to be exported does not exist in the source environment, Configuration Transfer Wizard stops the export process. As a result, the configuration export package may not include all objects that were selected for export.

WORKAROUND
Ensure that all objects you selected for export exist in the source environment.

TF00062463

Configuration Transfer Wizard does not provide the ability to export links that involve pre-defined or built-in objects, nor does it make possible to export pre-defined or built-in objects. As a result, you do not have the option to transfer, for example, the links of pre-defined Access Templates.

WORKAROUND
When transferring a configuration that includes any links of pre-defined or built-in objects, create the required links manually in the destination environment.

TF00125202

When using the Configuration Collection Wizard or Configuration Deployment Wizard, you may encounter an error message such as “A generic error occurred in GDI+.”

WORKAROUND
Disregard the error message. Click OK to close the error message box.

TF00130489

When using ARSconfig with the 'rollback' task option, you may encounter an error: “This script module is in use, and cannot be deleted.” This issue is most likely to occur with a PowerShell based Script Module containing a library script, and is due to the fact that the Script Module remains locked for a certain time period after all the Script Modules that use the library script have been deleted.

WORKAROUND
Run ARSconfig with the 'rollback' task option once more, or delete the Script Module manually, with the use of the Active Roles console.

TF00134074

With the display DPI setting of 'Large size (120 DPI)' you may encounter some minor visual defects on Configuration Transfer Wizard pages.

WORKAROUND
Use the display DPI setting of 'Normal size (96 DPI)'.

 

Active RolesSPML Provider

Active RolesSPML Provider

Active RolesSPML Provider is designed to exchange the user, resource, and service provisioning information between SPML-enabled enterprise applications and Active Directory.

Active RolesSPML Provider supports the Service Provisioning Markup Language Version 2 (SPML v2), an open standard approved by the Organization for the Advancement of Structured Information Standards (OASIS). SPML - is an XML-based provisioning request-and-response protocol that provides a means of representing provisioning requests and responses as SPML documents. The use of open standards provides the enterprise architects and administrators with the flexibility they need when performing user management and user provisioning in heterogeneous environments.

Features

The key features of Active RolesSPML Provider are as follows:

  • Support for two operation modes: SPML Provider can be configured to operate in proxy mode or in direct access mode. In proxy mode, SPML Provider accesses Active Directory or Active Directory Lightweight Directory Services (AD LDS, formerly known as ADAM) through Active Roles used as a proxy service, while in direct access mode, SPML Provider directly accesses Active Directory or AD LDS.
  • Support for equivalent LDAP operations: SPML Provider can perform equivalent LDAP operations such as addRequest, modifyRequest, deleteRequest, and lookupRequest.
  • Support for Azure AD, AD, and AD LDS data management: SPML Provider enables SPML-conformant applications to read from and write to Azure AD, Active Directory (AD), and AD LDS.
  • Search Capability support: SPML Provider allows SPML-enabled applications to search for relevant directory objects based on various search criteria.
  • Password Capability support: SPML Provider allows SPML-enabled applications to perform basic password management tasks such as setting and expiring user passwords.
  • Suspend Capability support: SPML Provider allows SPML-enabled applications to effectively enable, disable and deprovision user accounts in Active Directory.
  • Flexible Configuration options: There is support for many different configuration options that enable the administrator to adjust the behavior and optimize the SPML Provider performance.
  • IIS Security Support: SPML Provider supports all IIS security configurations, including integrated Windows authentication, basic authentication, and basic authentication over Secure Sockets Layer (SSL).
  • Support for using Active Roles controls: In proxy mode, you can send Active Roles controls to the Active Roles Administration Service with an SPML request to perform an administrative operation. In your request, you can also define the Active Roles controls that the Administration Service must return in the SPML response.

Use scenarios

SPML Provider can be used for a variety of purposes. Some common scenarios for using SPML Provider are as follows:

  • Non-Windows applications: The systems running non-Windows applications that need to communicate with Active Directory can do this through SPML Provider. For example, with SPML Provider, Unix applications can manage Unix-enabled user accounts in Active Directory. In proxy mode, SPML Provider allows existing SPML-compatible provisioning systems, such as SUN Java System Identity Manager and IBM Tivoli Directory Integrator to take advantage of the functionality of Active Roles.
  • Web services: The use of directories in Web services is growing rapidly. Additionally, XML is becoming the default language for use with Web services. SPML Provider fills the gap between XML documents and Active Directory services, enabling applications that must provide or use Web services to communicate with Active Directory.
  • Handheld and portable devices: Data-enabled cell phones or PDAs that need an access to directory data may not contain a client for the ADSI LDAP Provider but might be able to use the SPML communication protocol to access Active Directory over the Internet.
  • Firewall access: Certain firewalls cannot pass LDAP traffic because they cannot audit it, but these firewalls can pass XML. In such cases, applications can use SPML Provider to communicate with Active Directory across a firewall.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating