Active Roles simplifies creating and managing user accounts and groups in Windows Active Directory (AD) environments by automating the following:
-
User and group account management in AD and Azure AD.
-
Mailbox management in Exchange and Exchange Online.
-
Group population, and resource assignment in Windows.
Active Roles enforces security, automates directory management tasks, and provides change approval and a Web Interface.
This document describes how to upgrade Active Roles and its components to a newer version.
Detailed information about this topic
Upgrading from an earlier version
You can upgrade from Active Roles 7.5 or later to the latest version of Active Roles using one of the following methods:
-
In-place upgrade: Install the latest version of Active Roles on the computer without removing the earlier version.
-
New installation with importing database from earlier version: Install the latest version of Active Roles and import the database from the earlier version of Active Roles.
Figure 1: Supported Active Roles upgrade path
NOTE: Consider the following when upgrading from an earlier version:
-
To perform a clean installation of Active Roles, uninstall the currently installed version before installing Active Roles 8.2.1.
-
Active Roles supports selecting a custom installation path only during a clean installation. During an in-place upgrade, Active Roles does not support changing the previously set installation path.
For information on importing configuration data from the database of an earlier version of Active Roles, see Importing configuration data in the Active Roles Installation Guide.
NOTE: Before upgrading to the latest version of Active Roles, you must uninstall the add-ons of the earlier versions using the Add-on Manager.
IMPORTANT: During in-place upgrade, when importing from the source database (Configuration and Management History database), the following database permissions are automatically migrated from the previously used (source) SQL database to the new (destination) SQL database:
The service account that is used for performing the in-place upgrade or the import or migration operation should have the following permissions in the SQL Server to perform the operation:
If the SQL access account used for performing the in-place upgrade does not have permission to create a database, then you must manually create the database for Active Roles. In the Configuration Center, during the initial configuration, select Use a pre-created blank database. For more information, see Knowledge Base Article 4303098 on the One Identity Support Portal.
By default, Copy database users, permissions, logins, and roles is selected, but you can clear it in the following locations depending on the operation:
-
During in-place upgrade: in the Upgrade configuration window.
-
Importing configuration: Import Configuration > Source Database > Configure advanced database properties.
-
Importing management history: Import Management History > Source database > Configure advanced database properties.
|
CAUTION: Upgrading from Active Roles 6.9 to a newer version is only meant to be a temporary solution, as the side-by-side installation of two different Active Roles versions can have a negative impact on the environment.
Different versions of Active Roles are not supported in the same Active Directory (AD) domain. Different versions of Active Roles servers in the same AD domain will cause issues with dynamic groups, policies, workflows, custom scripts, and conflicts in product functionality.
When upgrading Active Roles to a later version, One Identity recommends to upgrade all servers running Active Roles components to the same version, otherwise the configuration is not supported.
For more information, see Knowledge Base Article 4307177. |
Before upgrading to the latest version of Active Roles, One Identity recommends that you complete the following prerequisite tasks.
Microsoft OLE DB Driver for SQL Server security impacts
IMPORTANT: Starting from version 8.2, Active Roles supports (and its installer is shipped with) Microsoft OLE DB Driver 19.x for SQL Server. However, Active Roles still supports earlier OLE DB Driver versions as well (18.4 or newer).
-
If you upgrade to Active Roles 8.2.1 from an earlier version via in-place upgrade, and you want to keep using an earlier version of Microsoft OLE DB Driver (version 18.4 or newer), this change has no impacts on your Active Roles installation.
-
If you upgrade to Active Roles 8.2.1 from an earlier version via in-place upgrade, and you want to switch to Microsoft OLE DB Driver 19.x from an earlier OLE DB Driver version due to security concerns, you must perform additional configuration steps. Otherwise, the Active Roles Administration Service might fail to start. For more information, see Configuring Active Roles for a newer Microsoft OLE DB Driver for SQL Server version.
Backing up the Active Roles database
|
CAUTION: Not backing up the Active Roles database and the existing Web Interface site configurations might result in data loss. |
-
Back up the Active Roles database. For more information on general best practices, see Create a Full Database Backup in the Microsoft SQL documentation.
-
Back up the current Web Interface site configurations.
Any Web Interface sites that were created in Active Roles 7.5 or later versions will continue to function in 8.2.1. However, One Identity recommends to thoroughly test before upgrading, as some customizations will not work in newer versions of Active Roles.
To back up the Web Interface site configurations
-
Open the Active Roles Configuration Center.
-
Click Web Interface.
-
Select the site(s) to back up and click Export Configuration.
-
Verify that your SQL Server has SSL configured and the necessary trusted certificate set.
-
Approve all pending approval activities.
-
Uninstall the add-ons of the earlier versions in the Add-on Manager or the Active Roles Console.
-
Remove replication partners, if there are any. For more information, see Removing Subscribers from a replication group in the Active Roles Administration Guide.
-
Make sure you have enough disk space in SQL Server. For more information, see Disk space requirements in the Microsoft SQL Server documentation.
Impact on custom solutions
Custom solutions, such as scripts that rely on Active Roles functions or the Console might stop working after upgrading Active Roles.
|
CAUTION: Before upgrading Active Roles, test the existing custom solutions with the new Active Roles version in a lab environment to verify that they continue to work. |
Impact on the Office 365 add-on
The latest version of Active Roles manages Microsoft 365 and Azure AD natively, therefore the Office 365 add-on is no longer supported and it will stop working after upgrading Active Roles. Before upgrading Active Roles, One Identity recommends uninstalling the Office 365 add-on.
NOTE: Active Roles does not support managing and selecting Microsoft 365 domains through policies, which the Office 365 add-on supported.
After completing the prerequisite tasks, to upgrade Active Roles, perform the steps in Upgrading to Active Roles 8.2.1 using in-place upgrade.
Using in-place upgrade, you can install the latest version of Active Roles on the computer without removing the earlier version.
NOTE: The in-place upgrade of Active Roles automatically upgrades the following Active Roles components to the latest version:
The in-place upgrade of Active Roles does not upgrade the following Active Roles tools:
To upgrade the tools installed with Active Roles, use the respective installers available in the Active Roles ISO.
Before upgrading, make sure you perform the prerequisite tasks. For more information, see Prerequisites of upgrading Active Roles using in-place upgrade.
To upgrade the existing Active Roles 7.5 or later version to the latest version, perform the following steps.
To upgrade Active Roles using in-place upgrade
-
Log in with a user account that has administrator rights on the computer.
-
Navigate to the location of the Active Roles ISO, and to start the Setup wizard, double-click ActiveRoles.exe.
-
Follow the instructions in the Setup wizard.
-
Select the check box and click Next.
-
Select I accept the terms in the license agreement, and click Next.
-
Review the summary and warning, and click Next.
-
Make sure that the prerequisite software are installed, then click Upgrade.
NOTE: If your organization enforces the AllSigned policy, install the One Identity Certificate.
-
Click Finish.
-
After upgrading to Active Roles, you are prompted to restart the system. Click Restart Now.
-
After the system restarts and the Configuration Center opens automatically, click Update Service Instance.
Due to the update of the database schema, the 7.5 or later versions of the Web Interface sites are no longer compatible. For more information, see Upgrading the Active Roles Web Interface.
After upgrading the Active Roles package to 8.2.1, perform the steps of Configuring Active Roles 8.2.1 during in-place upgrade.