立即与支持人员聊天
与支持团队交流

Active Roles 8.1.1 - Administration Guide

Introduction Getting started Rule-based administrative views Role-based administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based access rules
Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configure an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Managing Hybrid AD users
Creating a new Azure AD user with the Web Interface Viewing or updating the Azure AD user properties with the Web Interface Viewing or modifying the manager of a hybrid Azure user Disabling an Azure AD user Enabling an Azure AD user Deprovisioning of an Azure AD user Undo deprovisioning of an Azure AD user Adding an Azure AD user to a group Removing an Azure AD user from a group View the change history and user activity for an Azure AD user Deleting an Azure AD user with the Web Interface Creating a new hybrid Azure user with the Active Roles Web Interface Converting an on-premises user with an Exchange mailbox to a hybrid Azure user Licensing a hybrid Azure user for an Exchange Online mailbox Viewing or modifying the Exchange Online properties of a hybrid Azure user Creating a new Azure AD user with Management Shell Updating the Azure AD user properties with the Management Shell Viewing the Azure AD user properties with the Management Shell Delete an Azure AD user with the Management Shell Assigning Microsoft 365 licenses to new hybrid users Assigning Microsoft 365 licenses to existing hybrid users Modifying or removing Microsoft 365 licenses assigned to hybrid users Updating Microsoft 365 licenses display names
Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Microsoft 365 roles management for hybrid environment users Managing Microsoft 365 contacts Managing Hybrid AD groups Managing Microsoft 365 Groups Managing cloud-only distribution groups Managing cloud-only dynamic distribution groups Managing Azure security groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes Managing cloud-only shared mailboxes
Modern Authentication Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Using System Checker

You can start System Checker by running the Active Roles System Checker application from the Start menu or Apps page, depending upon your version of the Windows operating system.

From the System Checker main window, you can perform the following tasks:

  • To check your computer, click System Readiness Checks, then select the appropriate Active Roles version for which to perform the checks.

  • To check a particular SQL Server instance, click SQL Server Checks and specify the SQL Server instance to check. You can also specify the authentication method and connection credentials for access to the SQL Server instance.

  • To check a particular Active Directory domain or a particular Domain Controller (DC), click Active Directory Checks and specify the name of the domain or the name of the DC. You can also specify connection credentials for access to the domain or DC.

System Checker then creates a report of the selected action, and displays it in its report viewer. Reports are divided into sections, each of which represents the results of a single check. If a report section includes any errors or warning messages, you can view the messages by expanding the section in the report viewer.

The report viewer also allows you to:

  • Print the report.

  • Export the report to an HTML file, so that you can open the report in a web browser later.

  • Save the report to a report file, so that you can open the saved report in the report viewer later.

  • Open a saved report by clicking Open in the main menu of System Checker, and selecting the report file.

  • Rebuild the report, and optionally also changing the report options.

    To rebuild the report, click Recheck on the toolbar of the report viewer.

Using the Log Viewer tool

You can run the Active Roles Log Viewer application from the Start menu or from the Apps page, depending on the version of your Windows operating system. Alternatively, you can also start the application by navigating to its .exe file in the installation folder:

\Active Roles Diagnostic Tools\Log Viewer\arlogviewer.exe

To open a log in Log Viewer

  1. In the Active Roles Log Viewer application, click Open.

  2. Browse to the diagnostic log file or saved event log file you want to open.

  3. Select the file, and click Open.

By default, Log Viewer displays a list of errors encountered by the Administration Service and recorded in the log file. To analyze these errors further, and look for information about them, right-click an error in the list, then click Look for solution in Knowledge Base. Log Viewer then searches the One Identity Knowledge Base to list the Knowledge Base Articles related to the error you selected.

Additional tasks in Log Viewer

Besides opening and troubleshooting logs, you can also perform the following tasks in Log Viewer:

  • To view a list of requests processed by the Administration Service and traced in the log file, click Requests in the View area on the Log Viewer toolbar.

  • To view all trace records found in the diagnostic log file or all events found in the event log file, click Raw log records in the View area on the Log Viewer toolbar.

  • To search the list for a particular text string, such as an error message, type the text string in the Search box on the Log Viewer toolbar, then press Enter.

  • To narrow the set of list items to those you are interested in, click Filter on the Log Viewer toolbar and specify the desired filter conditions.

  • To view detailed information about an error, request, trace record or event, right-click the corresponding list item, and click Details.

  • To view all trace records that apply to a given request, right-click the corresponding item in the Requests list and click Stack trace.

    NOTE: Stack tracing is not available for event log files.

  • To view the request that caused a given error, right-click the error in the Errors list and click Related request. This task is unavailable in case of an event log file.

    NOTE: Stack tracing is not available for event log files.

  • To view all trace records that apply to the request that caused a given error, right-click the error in the Errors list and click Stack trace for related request. This task is unavailable in case of an event log file.

Using the Directory Changes Monitor command-line interface

Active Roles Directory Changes Monitor is a command-line tool.

To run Directory Changes Monitor

  1. Open the Windows command prompt.

  2. Navigate to the folder where Directory Changes Monitor is installed.

  3. Run the tool with the appropriate parameters.

    TIP: To list the available parameters, run the following command:

    dirchangesmon.exe /?

NOTE: Directory Changes Monitor has a single required parameter, /TargetDC, specifying the Domain Controller (DC) of the Active Directory domain from which to get directory change statistics. To retrieve information from a domain, make sure to run Directory Changes Monitor with a domain user account of that domain, or from a trusted domain.

Active Roles Add-on Manager

Active Roles Add-on Manager is an application for installing and managing add-ons for Active Roles. You can also create new addons with the solution's Add-on Editor.

For more information on installing Add-on Manager, see Steps to install Add-on Manager in the Active Roles Quick Start Guide.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级