Chat now with support
Chat with Support

Active Roles 8.2.1 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Applying the Master Account Management policy

To configure Skype for Business Server User Management in a multi-forest environment, apply the Built-in Policy - Skype for Business - Master Account Management Policy Object to user accounts in Active Directory forests that are external to the Skype for Business Server forest.

To enable the Skype for Business Server User Management feature:

  1. Configure the Policy Object according to the Skype for Business Server forest mode in your organization (resource forest or central forest).

  2. Link the Policy Object to the domains or containers in the external user forest(s) holding the user accounts you want to manage with Active Roles.

To configure the Master Account Management Policy Object

  1. In the Active Roles Console, navigate to Configuration > Policies > Administration > Builtin.

  2. In the details pane, double-click the Built-in Policy - Skype for Business - Master Account Management Policy Object.

  3. In the Properties dialog that appears, go to the Policies tab, and double-click the entry in the list of policies.

  4. In the Properties dialog that appears, go to the Forest Mode tab and select the option that matches the Skype for Business Server forest mode in your Skype for Business Server deployment (see Skype for Business Server forest mode).

  5. (Optional) Review the rest of the policy settings if needed:

    • On the Shadow Account tab, view or change the container and default description for new shadow accounts.

    • On the Master Account tab, view or change the attribute to store a reference to shadow account.

    • On the Synced tab, view or change the list of synchronized properties.

    • On the Substituted tab, configure your custom list of substituted properties in addition to the default list.

    • On the Back-synced tab, view or change the list of back-synchronized properties.

For detailed description of the policy settings, see Master Account Management policy settings for Skype for Business Server User Management.

To link the Master Account Management Policy Object to an Organizational Unit or domain

  1. In the Active Roles Console, navigate to Configuration > Policies > > Builtin.

  2. In the details pane, right-click the Built-in Policy - Skype for Business - Master Account Management Policy Object, then click Policy Scope.

  3. In the dialog that appears, click Add, then select the Organizational Unit or domain.

Applying the User Management policy

You can configure the Skype for Business Server User Management feature for user accounts in the Skype for Business Server forest with the Built-in Policy - Skype for Business - User Management Policy Object. To enable the feature, link the policy to domains or containers in the Skype for Business Server forest that contains the shadow accounts of the users.

If your organization uses a central forest topology, also link the policy to Active Directory domains or containers in the Skype for Business Server forest that contains the login-enabled Skype for Business user accounts you want to manage with Active Roles.

To link the User Management Policy Object to an Organizational Unit or domain

  1. In the Active Roles Console, navigate to Configuration > Policies > Administration > Builtin.

  2. In the details pane, right-click the Built-in Policy - Skype for Business - User Management Policy Object, then click Policy Scope.

  3. In the dialog that appears, click Add, then select the Organizational Unit or domain.

By default, the Policy Object has all policy settings configured. To change the policy settings, use the Active Roles Console.

To view or change the settings of the User Management Policy Object

  1. In the Active Roles Console navigate to Configuration > Policies > Administration > Builtin.

  2. In the details pane, double-click the Built-in Policy - Skype for Business - User Management Policy Object.

  3. In the Properties dialog that appears, go to the Policies tab, and double-click the entry in the list of policies.

  4. In the Properties dialog box that appears, do any of the following:

    • On the Server tab, specify how you want Active Roles to select a computer running Skype for Business Server.

    • On the SIP User Name tab, configure a rule for generating the SIP user name in the user SIP address.

    • On the SIP Domain tab, configure a rule to restrict selection of a SIP domain for the user SIP address.

    • On the Pool tab, configure a rule to restrict selection of an Enterprise Edition Front End pool or Standard Edition server to which Skype for Business Server users can be assigned.

    • On the Telephony tab, configure a rule to restrict selection of a Telephony option for Skype for Business Server users.

For more information on the policy settings, see Skype for Business Server User Management policy settings.

Upgrading the Skype for Business Server configuration from an earlier version

If you already manage Skype for Business Server resources with Active Roles Add-on for Skype for Business Server, you can update your deployment to use the Skype for Business Server User Management feature. The procedure has the following main steps:

  1. Identify the Active Directory topology option used by the add-on. For more information on how Skype for Business User Management works with the supported forest types, see the following sections:

    If your organization uses a multi-forest environment, take note of the Distinguished Name of the container in which the add-on creates the shadow accounts.

  2. Uninstall Active Roles Add-on for Skype for Business Server from Active Roles Add-on Manager. Then, uninstall the add-on from the computer where it is installed.

  3. Upgrade to the latest version of Active Roles. For more information, see the Active Roles Upgrade Guide.

  4. Deploy the Skype for Business Server User Management feature. Depending on the Active Directory topology option used by the add-on, see the applicable section for more information:

The following instructions provide more detailed information on the procedure.

NOTE: The instructions apply to Active Roles Add-on for Skype for Business Server 2.1.

NOTE: The instructions apply to Active Roles Add-on for Skype for Business Server 2.1.

To identify the Active Directory topology option used by the Skype for Business Server Add-on

  1. In the Active Roles Console, select Applications > Active Roles Add-on for Skype for Business Server.

  2. In the Configure Add-on area of the details pane, review the add-on settings:

    • The Active Directory topology option is selected in the Active Directory topology box.

    • If a multi-forest option is selected, the Distinguished Name of the container in which the add-on creates shadow accounts is specified in the Container for shadow accounts/contacts box.

If the add-on was configured with the resource forest or central forest option, you must configure and apply the Built-in Policy - Skype for Business - Master Account Management Policy Object.

To configure and apply the Master Account Management Policy Object

  1. In the Active Roles Console, navigate to Configuration > Policies > Administration > Builtin.

  2. In the details pane, double-click the Built-in Policy - Skype for Business - Master Account Management Policy Object.

  3. In the Properties dialog that appears, go to the Policies tab, and double-click the entry in the list of policies.

  4. In the Properties dialog that appears, go to the Forest Mode tab and select the option that matches the Active Directory topology option that was used by the add-on.

    • If the add-on was configured with the option Multiple forests - Resource forest, then select the Resource forest option on the Forest Mode tab.

    • If the add-on was configured with the option Multiple forests - Central forest, then select the Central forest option on the Forest Mode tab.

  5. Go to the Shadow Account tab and configure the policy to use the container for shadow accounts that was used by the add-on. To do so, click This container > Browse, and select the container.

  6. Close the Properties dialog for the policy entry by clicking OK.

  7. In the Properties dialog box for the Policy Object, click Apply, go to the Scope tab, then click the Scope button on that tab.

  8. In the dialog that appears, add the containers that hold the master accounts you managed using the add-on, then click OK.

  9. Close the Properties dialog box for the Policy Object by clicking OK.

TIP: The Skype for Business Server User Management feature will identify the existing master accounts, enabling Active Roles to manage their shadow accounts for Skype for Business Server in the same way as when using the add-on. To speed up the identification of the existing master accounts, you can run the Master Account Management scheduled task manually:

  1. In the Active Roles Console, navigate to the following container:

    Configuration/Server Configuration/Scheduled Tasks/Builtin

  2. Right-click the Skype for Business - Master Account Management scheduled task.

  3. Select All Tasks, then click Execute.

Managing Skype for Business Server users

The Skype for Business Server User Management feature lets you manage Skype for Business Server users with the Active Roles Web Interface. This includes:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating