Chat now with support
Chat with Support

Active Roles 8.2 - Release Notes

Product licensing

Use of this software is governed by the Software Transaction Agreement found at https://www.oneidentity.com/legal/sta.aspx. This software does not require an activation or license key to operate.

Upgrade and installation instructions

This section contains information about the upgrade and installation changes affecting Active Roles 8.2.

NOTE: You must run the Active Roles installer with administrator privileges.

Supported Active Roles upgrade paths

You can upgrade the following versions of Active Roles to Active Roles 8.2:

  • Active Roles 7.5

  • Active Roles 7.5.3

  • Active Roles 7.5.4

  • Active Roles 7.6.1

  • Active Roles 7.6.2

  • Active Roles 7.6.3

  • Active Roles 8.0 LTS

  • Active Roles 8.0.1 LTS and its service packs

  • Active Roles 8.1.1

  • Active Roles 8.1.2

  • Active Roles 8.1.3 and its service pack

  • Active Roles 8.1.5 and its service pack

  • For instructions on how to upgrade from an earlier version of Active Roles, see the Active Roles Upgrade Guide.

  • For instructions on how to install the Active Roles Language Pack, see Active Roles Language Pack in the Active Roles Administration Guide.

  • For special considerations regarding the installation of Active Roles 8.2, see the following information.

Microsoft OLE DB Driver for SQL Server security impacts

IMPORTANT: Starting from version 8.2, Active Roles supports (and its installer is shipped with) Microsoft OLE DB Driver 19.x for SQL Server. However, Active Roles still supports earlier OLE DB Driver versions as well (18.4 or newer).

  • If you upgrade to Active Roles 8.2 from an earlier version via in-place upgrade, and you want to keep using an earlier version of Microsoft OLE DB Driver (version 18.4 or newer), this change has no impacts on your Active Roles installation.

  • If you upgrade to Active Roles 8.2 from an earlier version via in-place upgrade, and you want to switch to Microsoft OLE DB Driver 19.x from an earlier OLE DB Driver version due to security concerns, you must perform additional configuration steps. Otherwise, the Active Roles Administration Service might fail to start. For more information, see Configuring Active Roles for a newer Microsoft OLE DB Driver for SQL Server version in the Active RolesUpgrade Guide.

  • If you perform a clean installation of Active Roles 8.2 and want to use Microsoft OLE DB Driver 19.x (bundled with the Active Roles installer) due to security concerns, then verify that your SQL Server has SSL configured and the necessary trusted certificate set. Otherwise, Active Roles cannot communicate with the SQL Server and the Active Roles Administration Service might not start. For more information on these requirements, see Configuration permissions in the Active Roles Installation Guide.

  • If you perform a clean installation of Active Roles 8.2 but you want to use an earlier supported version of Microsoft OLE DB Driver (18.4 or newer) instead of version 19.x that is bundled with the Active Roles installer, you must perform additional configuration steps in your environment. For more information, see Rolling back to a previous Microsoft OLE DB Driver for SQL Server version in the Active Roles Installation Guide.

Compatibility with earlier Active Roles components and custom solutions

NOTE: Consider the following before upgrading to a new version of Active Roles:

  • Components of an earlier Active Roles version may not work with the components of the new version you are upgrading to.

  • Custom solutions (scripts or other modifications) that rely on Active Roles features may fail to work after an upgrade due to compatibility issues. Therefore, before starting the upgrade, test your existing solutions with the new version of Active Roles in a lab environment to verify that your custom solutions will continue to work.

TIP: When upgrading to a new Active Roles version, One Identity recommends upgrading the Active Roles Administration Service first, and the client components (Active Roles Console and Active Roles Web Interface) afterwards.

Changes related to Azure tenants

NOTE: If your organization has any Azure tenants that are managed with Active Roles, you need to reauthenticate and reconsent them after installing Active Roles 8.2. Otherwise, Active Roles will not receive the required permissions for managing existing Azure tenants, and tenant administration in Active Roles 8.2 will not work correctly. For more information, see Reconfiguring Azure tenants during upgrade configuration in the Active Roles Upgrade Guide.

Upgrade information related to Active Roles Synchronization Service

NOTE: Active Roles 7.5 introduced support for Modern Authentication in the Azure BackSync workflows of Active Roles Synchronization Service. After upgrading to Active Roles Synchronization Service 8.2 from an earlier version, if you previously had an Azure BackSync workflow configured, you will be prompted to reconfigure it in the Synchronization Service Console.

CAUTION: If you previously had an Azure BackSync workflow configured in Active Roles Synchronization Service, and you use more than one Azure Active Directory (Azure AD) service in your deployment, you must specify the Azure AD for which you want to configure Azure BackSync. Failure to do so may either result in directory objects not synchronized at all, or synchronized to unintended locations.

For more information on how to specify the Azure AD used for back-synchronization, see Configuring automatic Azure BackSync in the Active Roles Synchronization Service Administration Guide.

If you have sync workflows configured and run by Quick Connect (the predecessor of Synchronization Service), or earlier versions of Active Roles Synchronization Service, then you can transfer those sync workflows to the current version of Active Roles Synchronization Service.

You can transfer sync workflows from the following Quick Connect or Active Roles Synchronization Service versions:

  • Quick Connect for Active Directory 6.1

  • Quick Connect for AS400 1.4

  • Quick Connect for Base Systems 2.4

  • Quick Connect for Cloud Services 3.7

  • Quick Connect for RACF 1.3

  • Quick Connect Sync Engine 5.5 and 6.1

  • Synchronization Service 7.5 and later

For more information, see Transferring sync workflows from Quick Connect in the Active Roles Synchronization Service Administration Guide.

If you are upgrading from an older version of Active Roles to Active Roles 8.1.3 or later, and the Microsoft 365 or Azure AD connectors were configured manually, then to run synchronization workflows, you must update the authentication data.

To update the authentication data, you can:

  • Use automatic configuration. One Identity recommends this approach, as the process is handled automatically by the Active Roles Synchronization Service.

  • Use manual configuration.

For more information about the automatic and manual configuration of the Microsoft 365 or Azure AD connectors, see Modifying a Microsoft 365 connection and Modifying a Microsoft Azure Active Directory connection, respectively, in the Active Roles Synchronization Service Administration Guide.

Active Roles availability on Azure and AWS Marketplace

Active Roles availability on Azure and AWS Marketplace

Active Roles supports deployment on the Amazon Web Services (AWS) and Azure platforms via Active Roles Marketplace images, using your organization subscription.

The marketplace images contain Active Roles running on Windows Server 2022 Datacenter Edition.

NOTE: Amazon Marketplace does not offer AWS EC2 instances preinstalled with Active Roles. You must deploy the EC2 instances first, then install and configure Active Roles manually on them.

TIP: To install additional Active Roles components later, modify your existing installation. For more information, see Installing optional tools and components in the Active Roles Installation Guide.

AWS and Azure virtual environment recommendations

If you deploy Active Roles in an AWS or Azure virtual environment via its marketplace image, One Identity recommends using the following virtual environments to host your Active Roles installation.

TIP: Before choosing the Azure virtual machine (VM) or Amazon Elastic Compute Cloud (EC2) instance to use, see the following resources:

NOTE: One Identity offers limited support for the virtual environments recommended in this section, as the actual performance on the listed environments (and the optimal environment to choose) might depend on the number of dynamic groups, Managed Units (MU), policies, scripts, workflows and other resources managed in your organization.

One Identity reserves the right to withhold support until you adapt your virtual environment for optimal performance to manage your resources with Active Roles.

Recommended AWS EC2 instance types

The Active Roles marketplace image was tested to work with the following Amazon Elastic Compute Cloud (EC2) instances:

  • m5a.2xlarge: 8 vCPU, 32 GB RAM, up to 10 Gbps network bandwidth, up to 2880 Mbps EBS bandwidth.

  • m5a.xlarge: 4 vCPU, 16 GB RAM, up to 10 Gbps network bandwidth, up to 2880 Mbps EBS bandwidth.

  • m5.2xlarge: 8 vCPU, 32 GB RAM, up to 10 Gbps network bandwidth, up to 4750 Mbps EBS bandwidth.

  • m5.xlarge: 4 vCPU, 16 GB RAM, up to 10 Gbps network bandwidth, up to 4750 Mbps EBS bandwidth.

  • m4.2xlarge: 8 vCPU, 32 GB RAM, EBS-only storage, high network performance.

  • m4.xlarge: 4 vCPU, 16 GB RAM, EBS-only storage, high network performance.

  • m3.2xlarge (previous generation): 2 vCPU, 30 GB RAM, non-EBS optimized SSD, high network performance.

  • m3.xlarge (previous generation): 4 vCPU, 15 GB RAM, non-EBS optimized SSD, high network performance.

Recommended Azure VMs

One Identity recommends using the following Azure VMs with the Active Roles marketplace image:

  • Standard D8s v3: 8 vCPU, 32 or 64 GB RAM, 12800 max IOPS, 64 GiB local storage.

  • Standard D4s v3: 4 vCPU, 16 GB RAM, 6400 max IOPS, 32 GiB local storage.

  • Standard D3 v2: 4 vCPU, 14 GB RAM, 0 max IOPS, 200 GiB local storage.

  • Standard DS3 v2: 4 vCPU, 14 GB RAM, 12800 max IOPS, 28 GiB local storage.

  • Standard D2 v4: 2 vCPU, 8 GB RAM, 3200 max IOPS, 16 GiB local storage.

  • Standard D2s v3: 2 vCPU, 16 GB RAM, 3200 max IOPS, 16 GiB local storage.

  • Standard D2 v2: 2 vCPU, 7 GB RAM, 0 max IOPS, 100 GiB local storage.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating