Chat now with support
Chat with Support

Active Roles 8.1.5 - SP1 Release Notes

Active Roles 8.1.5 SP1

Active Roles 8.1.5 SP1

Release Notes

22 May 2024, 16:00

These release notes provide information about the Active Roles 8.1.5 SP1 release. For the most recent documents and product information, see Active Roles Technical Documents on the One Identity support portal.

Topics:

About this release

Active Roles 8.1.5 SP1 (build 8.1.5.104) is a standalone service pack release containing additional resolved issues compared to the original Active Roles 8.1.5 (build 8.1.5.3) release.

  • For more information on the enhancements in 8.1.5, see Enhancements.

  • For more information on the resolved issues fixed in releases 8.1.5 and 8.1.5 SP1, see Resolved issues.

  • For more information on the list of known issues, see Known issues.

Enhancements

Active Roles 8.1.5 SP1 (build 8.1.5.104) contains no new enhancements. The following enhancement has been implemented in the initial Active Roles 8.1.5 (build 8.1.5.3) release.

Table 1: General Active Roles enhancements
Enhancement Issue ID

General security enhancements in all Active Roles components.

444729, 426064

Resolved issues

The following is a list of issues addressed in Active Roles 8.1.5 SP1 (build 8.1.5.104) and 8.1.5 (build 8.1.5.3).

Resolved issues in Active Roles 8.1.5 SP1

NOTE: The following issues were fixed only in Active Roles 8.1.5 SP1 (build 8.1.5.104). To check the build of your Active Roles 8.1.5 installation:

  • In the Active Roles Configuration Center, navigate to (Information) > Technical Information.

  • Alternatively, open the Add or Remove Programs list of the operating system, search for One Identity Active Roles, then click its entry.

Table 2: Active Roles Console resolved issues
Resolved Issue Issue ID

Previously, the Deleted Objects container did not appear if additional Active Directory features (for example, Privileged Access Management) were enabled.

This issue is now fixed, and the Deleted Objects container appears regardless of the number of AD features enabled in your environment.

455321

Resolved issues in Active Roles 8.1.5

NOTE: The following issues were fixed starting from Active Roles 8.1.5 (build 8.1.5.3).

Table 3: General Active Roles resolved issues
Resolved Issue Issue ID

Previously, when upgrading Active Roles from any version to 8.1.4, the upgrade step of importing custom Script Modules could silently fail, with the failure indicated only in the upgrade log.

This issue was caused by a fix introduced in the now-deprecated Active Roles 8.1.3 release, which changed the GUID of the UpdateServicesToExecute module. This resulted in the in-place upgrade process not recognizing the module anymore as a built-in Script Module and attempting to insert it, resulting in its DN not being unique, and halting the upgrade process.

The issue was fixed by implementing a safeguard which prevents the duplication of DN values.

NOTE: Although the issue has been fixed, importing custom Script Modules during upgrade may still result in the following error generated in the build log:

Error: Violation of UNIQUE KEY constraint 'UQ_ScriptModules_distinguishedName'. Cannot insert duplicate key in object 'dbo.ScriptModules'. The duplicate key value is (CN=UpdateServicesToExecute,CN=Builtin,CN=Script Modules,CN=Configuration).

If this error occurs, verify that your custom Script Modules have been imported from your previous configuration. If not, import your previous configuration again.

452818

Previously, Active Roles forced rebuilding dynamic groups each time a member was added to or removed from the dynamic group.

This issue is now fixed, so Active Roles now rebuilds dynamic groups only if the rebuild is triggered manually or with a Scheduled Task.

443493

Table 4: Active Roles Console resolved issues
Resolved Issue Issue ID

Previously, when checking the group membership of hybrid Azure users, it could occur that their Advanced properties > Member Of page or their edsaAzureMemberOf attribute did not list all the groups in which the user was a member.

This issue is now fixed.

432835

Previously, when selecting multiple hybrid users, an intrusive error message appeared and the Member Of view of the users were not created properly. The issue is now fixed.

432427

Previously, in case of a hybrid user, the email address displayed in the Properties window of the user did not match the email address displayed in the list of OU users.

The issue has been fixed and now the correct email address appears.

432127

Previously, attempting to run the Update Services To ExecuteOn built-in scheduled task failed, as Active Roles ran the ReauthenticatedTenantsUpdater built-in script module for the task instead of the UpdateServicesToExecute built-in script module.

This issue occurred because the GUID of the UpdateServicesToExecute built-in script module was tied to the ReauthenticatedTenantsUpdater script module. The issue was fixed by changing the GUID of the UpdateServicesToExecute built-in script module to a new unique value.

NOTE: You can only run the UpdateServicesToExecute built-in script module in a scheduled task named Update Services To ExecuteOn. Attempting to run the UpdateServicesToExecute built-in script in a scheduled task with a different name will result in an error.

317060

Table 5: Active Roles Synchronization Service resolved issues
Resolved Issue Issue ID

Previously, the Azure AD Connector could fail finding all objects in Azure during import tasks.

This issue could occur if HttpClient timed out during Graph API requests, for example because of network issues. In such cases, the Azure AD Connector could not handle the timeout correctly.

The issue was fixed by:

  • Modifying the import process so that it stops when a timeout occurs, preventing the successful import of incomplete data.

  • Implementing a new retry policy which retries the request up to 3 times before timeout, minimizing the chance of the issue occurring.

437816

Previously, synchronizing (adding) a group member from a plain text source to the members attribute of a group with the Azure AD Connector, the procedure failed with the following error:

Invalid property 'members'

The issue was fixed by modifying the Azure AD Connector to use the proper Graph API calls and ExchangeOnlineManagement PowerShell module cmdlets when synchronizing Azure groups.

414643

Table 6: Active Roles Web Interface resolved issues
Resolved Issue Issue ID

Previously, when using Active Roles in a forest topology with:

  • One root domain,

  • Several child domains,

  • Active Directory Federation Services and Active Roles with federated authentication configured on one of the child domains,

Then users registered in another child domain of the forest could not log in to the Active Roles Web Interface.

This issue was fixed by making sure that if Active Roles does not find the user in the current domain, then it continues searching for them in the forest using wider referral scopes each time it fails.

447483

Previously, when listing all attributes of an on-premises or hybrid user in the Active Roles Console or the Web Interface, users could experience performance degradation after some time.

This issue could occur if:

  • Active Roles was not connected to any Azure tenants (as the Active Roles Service still attempted fetching data from Azure AD regardless).

  • The on-premises Exchange Server was unavailable (as Active Roles still attempted to repeatedly call Exchange Server regardless).

To solve this problem, Active Roles now:

  • No longer attempts fetching data from Azure AD if Active Roles is not connected to any Azure tenants.

  • Has a 10-minute-long timeout in place in between calls to the on-premises Exchange Server if the first call attempt to Exchange Server fails.

    NOTE: The duration of this timeout cannot be modified.

438247

Previously, authentication failed under the following conditions:

  • When using WS-Federation authentication to the Web Interface.

  • When authenticating a user from an Active Directory forest or domain that was trusted by the AD domain that Active Roles was joined to.

  • When that authenticated user in the trusted AD domain had a UPN suffix that existed in both AD domains.

The issue has been fixed.

437298

Previously, when creating a new cloud-only or hybrid Azure user, the Create Azure Account > Usage Location field was a text box instead of a drop-down box (as in the Azure Properties page of existing Azure users).

To maintain consistency between Web Interface pages, this is fixed, and the Create Azure Account > Usage Location field is now also a drop-down box.

393881

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating