Chat now with support
Chat with Support

Active Roles 8.1.5 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Introduction

The Active Roles Administration Guide provides detailed information about how to configure and maintain an installed Active Roles deployment for day-to-day administrative operations.

The document describes how to:

  • Configure rule-based and role-based administration settings.

  • Configure automatic resource provisioning and deprovisioning.

  • Set up automation and approval workflows for administrators or helpdesk personnel.

  • Manage groups via temporal group memberships, group families or dynamic groups.

  • Configure and monitor Active Roles reporting and Management History settings.

  • Configure entitlement profiles to give access to specific information resources.

  • Use the Active Directory Recycle Bin with Active Roles.

  • Integrate Active Roles with One Identity Starling.

  • Configure linked and remote Exchange mailboxes.

  • Register Azure AD tenants with Active Roles to manage Azure AD objects and resources.

  • Configure SQL Server replication.

  • Use Administrative Templates to set the behavior and appearance of the Active Roles Console with Group Policies.

  • Integrate Active Roles with other One Identity, Quest or third-party products and services.

  • Use optional utilities (the Configuration Transfer Wizard, Diagnostic Tools, Add-on Manager or the Active Roles Language Pack) to enhance and maintain your Active Roles deployment.

NOTE: For information about how to perform day-to-day administrative tasks, see the following documents:

  • For information about how to administer Active Directory resources in the Active Roles Console, see the Active Roles Console User Guide.

  • For information about how to administer Active Directory and Azure AD resources with the Active Roles Web Interface, see the Active Roles Web Interface User Guide.

In addition, for information about how to configure and customize the Active Roles Web Interface component, see the Active Roles Web Interface Configuration Guide.

Getting started with Active Roles

This section describes how to start using Active Roles to prepare it for day-to-day administration operations.

NOTE: The Active Roles Administration Guide only describes product configuration procedures. For the in-depth description of its features and user interfaces, see the following documents:

  • For more information on the product features, see the Active Roles Feature Guide.

  • For more information on the Active Roles Console and the day-to-day operations you can perform with it, see the Active Roles Console User Guide.

  • For more information on the Active Roles Web Interface and the day-to-day operations you can perform with it, see the Active Roles Web Interface User Guide.

  • For more information on customizing and configuring the Web Interface and its sites, see the Active Roles Web Interface Configuration Guide.

Starting the Active Roles Console

The Active Roles Console, also referred to as MMC Interface, is a comprehensive administrative tool that you can use to:

  • Manage Active Directory and Microsoft Exchange resources.

  • Configure organization-level access and administration policies.

  • Set up automation or approval workflows for your administrators or helpdesk personnel.

To start the Active Roles Console

  1. Log in to the system where Active RolesConsole is installed.

  2. Depending on the version of your operating system:

    • In the Apps page, click Active Roles 8.1.5 Console.

    • From the Start menu, select All Programs > One Identity Active Roles 8.1.5 > Active Roles 8.1.5 Console.

NOTE: By default, the Active Roles Console automatically chooses an Administration Service instance and establishes a connection. If the Console cannot connect to the Administration Service or you want to manually select the Administration Service, see Connecting to the Administration Service.

Restricting access to the Active Roles Console

By default, after installing Active Roles, every user can log in to the Active Roles Console. To restrict access:

  1. Use the MMC Interface Access setting of the Active Roles Configuration Center. This setting lets you restrict Console access only to Active Roles Admin users (or allow Console access again for all users, if the access is restricted). For details, see Restricting access to the Active Roles Console.

  2. If Console access is already restricted to Active Roles Admin users, you can give Console access to individual users by assigning them to the User Interface Management - MMC Full controlAccess Template (AT). This AT gives access permission to the Server Configuration > User Interfaces > MMC Interface object. For details, see Restricting access to the Active Roles Console.

For more information, see Restricting access to the Active Roles Console in the Active Roles Installation Guide.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating