Chat now with support
Chat with Support

Active Roles 8.1.4 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Modifying the language of the Web Interface

When the Active Roles Language Pack is installed on the machine running the Active Roles Web Interface, you can change its language via the user interface settings.

To modify the language of the Active Roles Web Interface

  1. In the Active Roles Web Interface header, click Active Roles 8.1.4 > Settings.

  2. Under User interface language, select the language you want to use.

  3. To apply your change, click Save.

Active Roles Diagnostic Tools

The Active Roles Diagnostic Tools package provides optional tools for checking system requirements, logs and changes in your Active Directory domain. The package contains the following tools:

  • System Checker: Checks your computer, SQL Server, and Active Directory domains to see if you are ready to deploy Active Roles. For more information on using the tool, see Using System Checker in the Active Roles Feature Guide.

  • Log Viewer: Examines Active Roles diagnostic logs and event logs, and helps finding Knowledge Base Articles that may help you resolve errors.

  • Directory Changes Monitor: Gets the statistics of directory change operations that occurred in a particular Active Directory domain.

For more information on installing the Active Roles Diagnostic Tools package, see Steps to install Diagnostic Tools in the Active Roles Quick Start Guide.

Using the System Checker

To check if a computer and your organization environment supports installing Active Roles, use the Active Roles System Checker tool.

To check system readiness with Active Roles System Checker

  1. From your operating system, launch Active Roles System Checker.

  2. Select Computer > System Readiness Checks.

  3. To check the computer specifications, in the Confirm System Readiness Checks window, select the appropriate components to check for and click Check.

  4. In the System Readiness Checks window, review the summary and confirm that the computer has passed the required checks. Take appropriate action before installing Active Roles. For example, if there is a warning about insufficient memory (RAM), then upgrade the computer's memory to the recommended amount.

  5. To check the SQL Server requirements of Active Roles, in the Active Roles System Checker, select Environment > SQL Server Checks.

  6. Enter the SQL Server name and appropriate credentials for the Active Roles service account, then click Check.

  7. Review the summary to confirm that the SQL Server passed the checks.

  8. To check the Active Directory requirements, in the Active Roles System Checker, select Environment > Active Directory Checks. Enter the domain controller (DC) name and the appropriate credentials for the Active Roles service account, then click Check.

    A progress window appears. Once the check completes, System Checker shows the summary.

  9. Review the summary to confirm the account has adequate permissions in Active Directory.

  10. To learn more about Active Roles. click Additional Resources. To finish the check, click Finish.

Using the Log Viewer tool

You can run the Active Roles Log Viewer application from the Start menu or from the Apps page, depending on the version of your Windows operating system. Alternatively, you can also start the application by navigating to its .exe file in the installation folder:

\Active Roles Diagnostic Tools\Log Viewer\arlogviewer.exe

To open a log in Log Viewer

  1. In the Active Roles Log Viewer application, click Open.

  2. Browse to the diagnostic log file or saved event log file you want to open.

  3. Select the file, and click Open.

By default, Log Viewer displays a list of errors encountered by the Administration Service and recorded in the log file. To analyze these errors further, and look for information about them, right-click an error in the list, then click Look for solution in Knowledge Base. Log Viewer then searches the One Identity Knowledge Base to list the Knowledge Base Articles related to the error you selected.

Additional tasks in Log Viewer

Besides opening and troubleshooting logs, you can also perform the following tasks in Log Viewer:

  • To view a list of requests processed by the Administration Service and traced in the log file, click Requests in the View area on the Log Viewer toolbar.

  • To view all trace records found in the diagnostic log file or all events found in the event log file, click Raw log records in the View area on the Log Viewer toolbar.

  • To search the list for a particular text string, such as an error message, type the text string in the Search box on the Log Viewer toolbar, then press Enter.

  • To narrow the set of list items to those you are interested in, click Filter on the Log Viewer toolbar and specify the desired filter conditions.

  • To view detailed information about an error, request, trace record or event, right-click the corresponding list item, and click Details.

  • To view all trace records that apply to a given request, right-click the corresponding item in the Requests list and click Stack trace.

    NOTE: Stack tracing is not available for event log files.

  • To view the request that caused a given error, right-click the error in the Errors list and click Related request. This task is unavailable in case of an event log file.

    NOTE: Stack tracing is not available for event log files.

  • To view all trace records that apply to the request that caused a given error, right-click the error in the Errors list and click Stack trace for related request. This task is unavailable in case of an event log file.

Log file size

The logs grow in size quickly. Therefore, One Identity recommends to enable logging only when attempting to reproduce an issue, and disable it immediately once reproduction is successful.

The log file captures every activity performed by the service, including the tasks performed by connected users while debug logging is enabled.

TIP: Sometimes, you may need to keep logging enabled for an extended period of time. As the log files are stored on the computer running Active Roles, the logging service requires a substantial amount of free space, which may not be available on the system.

In such cases, to save disk space, set logging to a specific interval and move the logs to another drive or network share. For more information, see Knowledge Base Article How to automate Active Roles debug logging in the One Identity support portal.

Web Interface logs

The Active Roles Web Interface component uses separate log files, named after the configured Web Interface sites. The logs are stored in the following location:

C:\Program Files\One Identity\Active Roles\8.1.4\Web\Public\Log

TIP: Similarly to the ds.log file, the Web Interface log can grow quickly in size. Therefore, One Identity recommends enabling Web Interface logging only when reproducing an issue.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating