Chat now with support
Chat with Support

Active Roles 8.2.1 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Introduction

The Active Roles Administration Guide provides detailed information about how to configure and maintain an installed Active Roles deployment for day-to-day administrative operations.

The document describes how to:

  • Configure rule-based and role-based administration settings.

  • Configure automatic resource provisioning and deprovisioning.

  • Set up automation and approval workflows for administrators or helpdesk personnel.

  • Manage groups via temporal group memberships, group families or dynamic groups.

  • Configure and monitor Active Roles reporting and Management History settings.

  • Configure entitlement profiles to give access to specific information resources.

  • Use the Active Directory Recycle Bin with Active Roles.

  • Integrate Active Roles with One Identity Starling.

  • Configure linked and remote Exchange mailboxes.

  • Register Azure AD tenants with Active Roles to manage Azure AD objects and resources.

  • Configure SQL Server replication.

  • Use Administrative Templates to set the behavior and appearance of the Active Roles Console with Group Policies.

  • Integrate Active Roles with other One Identity, Quest or third-party products and services.

  • Use optional utilities (the Configuration Transfer Wizard, Diagnostic Tools, Add-on Manager or the Active Roles Language Pack) to enhance and maintain your Active Roles deployment.

NOTE: For information about how to perform day-to-day administrative tasks, see the following documents:

  • For information about how to administer Active Directory resources in the Active Roles Console, see the Active Roles Console User Guide.

  • For information about how to administer Active Directory and Azure AD resources with the Active Roles Web Interface, see the Active Roles Web Interface User Guide.

In addition, for information about how to configure and customize the Active Roles Web Interface component, see the Active Roles Web Interface Configuration Guide.

Getting started with Active Roles

This section describes how to start using Active Roles to prepare it for day-to-day administration operations.

NOTE: The Active Roles Administration Guide only describes product configuration procedures. For the in-depth description of its features and user interfaces, see the following documents:

  • For more information on the product features, see the Active Roles Feature Guide.

  • For more information on the Active Roles Console and the day-to-day operations you can perform with it, see the Active Roles Console User Guide.

  • For more information on the Active Roles Web Interface and the day-to-day operations you can perform with it, see the Active Roles Web Interface User Guide.

  • For more information on customizing and configuring the Web Interface and its sites, see the Active Roles Web Interface Configuration Guide.

Starting the Active Roles Console

The Active Roles Console, also referred to as MMC Interface, is a comprehensive administrative tool that you can use to:

  • Manage Active Directory and Microsoft Exchange resources.

  • Configure organization-level access and administration policies.

  • Set up automation or approval workflows for your administrators or helpdesk personnel.

To start the Active Roles Console

  1. Log in to the system where Active RolesConsole is installed.

  2. Depending on the version of your operating system:

    • In the Apps page, click Active Roles 8.2.1 Console.

    • From the Start menu, select All Programs > One Identity Active Roles 8.2.1 > Active Roles 8.2.1 Console.

NOTE: By default, the Active Roles Console automatically chooses an Administration Service instance and establishes a connection. If the Console cannot connect to the Administration Service or you want to manually select the Administration Service, see Connecting to the Administration Service.

Restricting access to the Active Roles Console

By default, after installing Active Roles, every user can log in to the Active Roles Console. You can allow or restrict access either for all users or to users you specify.

Allowing or restricting access to the Active Roles Console for all users

Use the MMC Interface Access setting of the Active Roles Configuration Center. This setting lets you restrict Console access only to Active Roles Admin users (or allow Console access again for all users, if the access is restricted).

To allow or restrict access to the Active Roles Console for all users

  1. On the Configuration Center Dashboard page, in the MMC Interface Access area, click Manage Settings.

  2. On the MMC Interface Access page that opens, in the Settings area, click Component, then click Modify or double-click the Component item.

  3. On the MMC Interface Access wizard that appears, select one of the following options:

    • Allow Console (MMC Interface) access for all users: Enables the user to log in to Active Roles Console.

    • Restrict Console (MMC Interface) access for all users: Restricts all non-Active Roles Admin users from using the Console. This affects all delegated users, but does not apply to Active Roles Admin users.

  4. Click OK.

    Active Roles then configures the Console access settings successfully. When ready, a message appears prompting you to restart the Administration Service and disconnect all Console user sessions, so that the updated settings can be validated.

Allowing access to the Active Roles Console for selected users

If Console access is already restricted to Active Roles Admin users, you can give Console access to individual users by assigning them to the User Interface Management - MMC Full control Access Template (AT). This AT gives access permission to the Server Configuration > User Interfaces > MMC Interface object.

To allow access to Active Roles Console for selected users

  1. In the Console tree, expand Active Roles > Configuration > Server Configuration.

  2. Under Server Configuration, locate the User Interfaces container, right-click it, and click Delegate Control.

  3. On the Users or Groups page, click Add, then select the users or groups to which you want to delegate the control. Click Next.

  4. On the Access Templates page, expand the Active Directory > User Interfaces folder, and select the check box next to User Interface Management-MMC Full control.

  5. Click Next and follow the instructions in the wizard, accepting the default settings.

  6. After you complete these steps, the users and groups you selected in Step 3 are authorized to log in to the Active Roles Console.

  7. Click OK to close the Active Roles Security dialog.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating