Chat now with support
Chat with Support

Active Roles 8.2.1 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Active Directory Assessment/Users/Account Information

  • User account list: Lists the Active Directory domain user accounts held in a given domain or container (Organizational Unit).

  • User account options: Lists Active Directory domain user accounts along with information about the state of the account options such as User must change password at next logon and Password never expires.

  • Password age information: Lists Active Directory domain user accounts along with information about the account’s password age. For each listed account, its password age is calculated using the pwdLastSet attribute of the account. The password age information helps determine when the user last changed their password.

  • Bad password information: Lists Active Directory domain user accounts along with information about the number of times the user tried to log on to the account using an incorrect password and the last time the user tried to log on using an incorrect password.

Active Directory Assessment/Users/Exchange

  • Mailbox information by user: Lists Active Directory user accounts along with information on whether the user account is mailbox-enabled (has an Exchange mailbox), allowing you to examine the user’s mailbox-related information in detail.

  • Email delivery restrictions: Lists Exchange mailbox-enabled user accounts along with information on mailbox delivery restrictions (such as the maximum size of incoming and outgoing messages for the mailbox), and from whom the mailbox can or cannot receive email.

  • Email delivery options: Lists Exchange mailbox-enabled user accounts along with information on mailbox delivery options (such as who is allowed to send messages on behalf of the mailbox user, the forwarding address for messages addressed to the mailbox, and the maximum number of recipients to whom the mailbox user can send a message).

Active Directory Assessment/Users/Obsolete Accounts

  • Disabled user accounts: Lists Active Directory domain user accounts that are currently disabled, and allows you to examine each account in detail.

  • Expired user accounts: Lists Active Directory domain user accounts that are past their expiration date, and allows you to examine each account in detail.

  • Inactive user accounts: Lists Active Directory domain user accounts that have not been used to log on within a given time period, and allows you to examine each account in detail.

  • Locked user accounts: Lists Active Directory domain user accounts that are currently locked out due to a number of failed logon attempts, and allows you to examine each account in detail.

  • User accounts with expired password: Lists Active Directory domain user accounts with passwords past their expiration date, and allows you to examine each account in detail.

  • Deprovisioned user accounts: Lists Active Directory domain user accounts that have been deprovisioned by Active Roles, and allows you to examine each account in detail.

  • All discontinued user accounts: Lists Active Directory domain user accounts that are not in use for whatever reason (such as accounts that are disabled, expired, locked, deprovisioned, or accounts with expired passwords), and allows you to examine each account in detail.

Active Directory Assessment/Users/Miscellaneous Information

  • Users with specified properties: Lists Active Directory domain user accounts that have the properties you specify, and allows you to examine each account in detail.

  • User profile information: Lists Active Directory domain user accounts, along with information on their profile settings (such as the path to the user’s profile, the name of the logon script, and the path to the user’s home folder).

  • Objects managed by user: Lists Active Directory domain user accounts, along with information about their managed objects. For a given account, the list of managed objects contains the objects whose Managed By property specifies that account.

  • Personnel Hierarchy: Lists Active Directory domain user accounts, along with information about their manager and subordinates. The manager ID is retrieved from the account’s Manager property. The list of subordinates is based on the Direct Reports property.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating