Chat now with support
与支持团队交流

Active Roles 7.3.3 - Quick Start Guide

Introduction System Requirements Deploying the Administration Service Deploying user interfaces Installing additional components Upgrade of an earlier version Separate Management History database Performing a pilot deployment Deployment considerations Silent installation of Active Roles components Configuring Active Roles to Manage Hybrid Active Directory Objects Active Roles on Windows Azure VM

Introduction

Introduction

Active Roles simplifies and streamlines creation and ongoing management of user accounts and groups in Windows Active Directory (AD) environments by automating user and group account creation in AD, Azure AD, mailbox creation in Exchange and Exchange Online, group population, and resource assignment in Windows.

It provides strictly enforced security, rich capabilities for automating directory management tasks, change approval and easy-to-use Web interfaces, to achieve practical user and group account management for the Windows enterprise.

This document is for individuals responsible for deploying Active Roles in their organization. It provides step-by-step instructions for preparing the environment and installing the Active Roles components.

Active Roles Components

Active Roles components

Active Roles divides the workload of directory administration into three functional layers: presentation components, service components, and network data sources.

Figure 1: Active Roles Components

The presentation components include client interfaces for the Windows platform and the Web, which allow users with appropriate rights to perform a precisely defined set of administrative activities. Active Roles also includes the reporting solution to generate reports on the administrative activities.

The service components constitute a secure layer between administrators and managed data sources. It ensures consistent policy enforcement, provides automation capabilities, and enables the integration of business processes for administration of Active Directory, Exchange and other corporate data sources.

The main component of Active Roles is the Administration Service—a powerful rules-based proxy for the management of network data sources. The Administration Service features advanced delegation capabilities and provides the ability to enforce administrative policies that keep data current and accurate. The Administration Service acts as a bridge between the presentation components and network data sources. In large networks, multiple instances of the Administration Services can be deployed to improve performance and ensure fault tolerance.

The Administration Service uses the configuration database to store configuration data that includes definitions of objects specific to Active Roles, assignments of administrative roles and policies, and procedures used to enforce policies.

The Administration Service provides a complete audit trail by creating records in the Active Roles event log. The log shows all actions performed and by whom, including actions that were not permitted. The log entries display the success or failure of each action, as well as which attributes were changed while managing objects in data sources.

System Requirements

System requirements

Active Roles Setup includes the following components:

  • Administration Service
  • Console (MMC Interface)
  • Web Interface
  • Management Tools
  • Synchronization Service

The Active Roles Release Notes document, included on the Active Roles distribution media, provides information about the hardware and software requirements for each of these components.

The Active Roles distribution media includes separate installation packages for additional components, such as Add-in for Outlook, Collector and Report Pack. The system requirements for these components are as follows:

Table 1:

Active Roles Add-in for Outlook requirements

Requirement

Details

Microsoft Office Outlook

Microsoft Office Outlook 2007 or later

Other Microsoft Office features

  • .NET Programmability Support for Microsoft Office Outlook
  • Microsoft Forms 2.0 .NET Programmability Support

Microsoft .NET Framework

Microsoft .NET Framework 4.6.2

 

Table 2:

Active Roles Collector and Report Pack requirements

Requirement

Details

Operating system

Any operating system listed in requirements for Active Roles Console

SQL Server

Any SQL Server version listed in requirements for Administration Service

SQL Server Reporting Services

Any SQL Server version listed in requirements for Administration Service

Microsoft .NET Framework

Microsoft .NET Framework 4.6.2

Active Roles ADSI Provider

Management Tools of the current Active Roles version must be installed

Deploying the Administration Service

Deploying the Administration Service

Use the following checklist to ensure that you are ready to install the Administration Service.

Table 3: Checklist: Deploying the Administration Service

Item to Check

Description

Administration Service computer

The Administration Service can be installed on any computer that meets the hardware and software requirements.

It is not mandatory to install the Administration Service on a domain controller. However, the Administration Service computer must have reliable network connections with at least one of the domain controllers for each managed domain.

SQL Server

The Administration Service requires Microsoft SQL Server. It is possible to use SQL Server on the computer running the Administration Service or on a different computer that has a reliable network connection with the computer running the Administration Service.

Administration Service account

The Administration Service logs on with the account that you specify during installation. The account must have sufficient rights for Active Roles to function properly.

Active Roles uses the Administration Service account when accessing a managed domain unless an override account is specified when registering the domain with Active Roles. Therefore, the Administration Service account must have the appropriate rights in any domain for which an override account is not specified.

Additionally, the Administration Service account must have sufficient permissions to publish the Administration Service in Active Directory.

Information about how to configure the Administration Service account and an override account can be found later in this document.

Account used for connection to SQL Server

When installing the Administration Service you may configure it to use Windows authentication or SQL Server authentication for connection to SQL Server.

If you choose Windows authentication, the connection is established using the Administration Service account. In this case, the service account must at minimum be a member of the db_owner fixed database role and have the default schema of dbo in the Active Roles database.

If you choose SQL Server authentication, the connection is established with the login you are prompted to specify when installing the Administration Service. This login must at minimum be a member of the db_owner fixed database role and have the default schema of dbo in the Active Roles database.

For more information on what permissions must be granted to the account for connection to SQL Server, see SQL Server permissions later in this document.

Active Roles Admin

Active Roles Admin is a group for which Active Roles does not perform permission checking. If the Administration Service itself has sufficient rights to perform a certain task, then Active Roles Admin can also perform that task using Active Roles.

In addition, Active Roles Admin is authorized to perform any task related to the Active Roles configuration, such as adding managed domains and managing replication settings. Therefore, the membership in the Active Roles Admin group should be restricted to highly trusted individuals.

By default, Active Roles Admin is the Administrators local group on the computer running the Administration Service. You can change this setting when installing the Administration Service.

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
联系我们
获得许可 帮助
技术支持
查看全部
相关文档