立即与支持人员聊天
与支持团队交流

Active Roles 8.1.3 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Using temporal group memberships

By using temporal group memberships, you can manage group memberships of objects such as user or computer accounts that need to be members of particular groups for only a certain time period. This feature of Active Roles gives you flexibility in deciding and tracking what objects need group memberships and for how long.

This section guides you through the tasks of managing temporal group memberships in the Active Roles Console. If you are authorized to view and modify group membership lists, then you can add, view and remove temporal group members as well as view and modify temporal membership settings on group members.

Adding temporal members

A temporal member of a group is an object, such as a user, computer or group, scheduled to be added or removed from the group. You can add and configure temporal members using the Active Roles Console.

To add temporal members of a group

  1. In the Active Roles Console, right-click the group and click Properties.

  2. On the Members tab in the Properties dialog, click Add.

  3. In the Select Objects dialog, click Temporal Membership Settings.

  4. In the Temporal Membership Settings dialog, choose the appropriate options, and then click OK:

    1. To have the temporal members added to the group on a certain date in the future, select On this date under Add to the group, and choose the date and time you want.

    2. To have the temporal members added to the group at once, select Now under Add to the group.

    3. To have the temporal members removed from the group on a certain date, select On this date under Remove from the group, and choose the date and time you want.

    4. To retain the temporal members in the group for indefinite time, select Never under Remove from the group.

  5. In the Select Objects dialog, type or select the names of the objects you want to make temporal members of the group, and click OK.

  6. Click Apply in the Properties dialog for the group.

NOTE: Consider the following when adding temporal members of a group:

  • To add temporal members of a group, you must be authorized to add or remove members from the group. You can get the appropriate authorization by applying the Groups - Add/Remove Members Access Template.

  • You can make an object a temporal member of particular groups by managing the object properties rather than the group properties. Open the Properties dialog for that object, and then, on the Member Of tab, click Add. In the Select Objects dialog, specify the temporal membership settings and enter the names of the groups according to your needs.

Viewing temporal members

The list of group members displayed by the Active Roles Console makes it possible to distinguish between regular group members and temporal group members. It is also possible to hide or display so-called pending members, the temporal members that are scheduled to be added to the group in the future but are not actual members of the group so far.

To view temporal members of a group

  1. In the Active Roles Console, right-click the group, then click Properties.

  2. Examine the list on the Members tab in the Properties dialog:

    • An icon of a small clock overlays the icon for the temporal members.

    • If the Show pending members check box is selected, the list also includes the temporal members that are not yet added to the group. The icons identifying such members are shown in orange.

The list of group memberships for a particular object makes it possible to distinguish between the groups in which the object is a regular member and the groups in which the object is a temporal member. It is also possible to hide or display so-called pending group memberships, the groups to which the object is scheduled to be added in the future.

To view groups in which an object is a temporal member

  1. In the Active Roles Console, right-click the group, then click Properties.

  2. Examine the list on the Member Of tab in the Properties dialog:

    • An icon of a small clock overlays the icon for the groups in which the object is a temporal member.

    • If the Show pending group memberships check box is selected, the list also includes the groups to which the object is scheduled to be added in the future. The icons identifying such groups are shown in orange.

Rescheduling temporal group memberships

The temporal membership settings on a group member include the start time and end time settings.

The start time setting specifies when the object is to be actually added to the group. This can be a specific date and time or an indication that the object should be added to the group immediately.

The end time setting specifies when the object is to be removed from the group. This can be a specific date and time or an indication that the object should not be removed from the group.

You can view or modify both the start time and end time settings using the Active Roles Console.

To view or modify the start or end time setting for a member of a group

  1. In the Active Roles Console, right-click the group and click Properties.

  2. In the list on the Members tab in the Properties dialog, click the member and then click Temporal Membership Settings.

  3. Use the Temporal Membership Settings dialog to view or modify the start or end time settings.

The Temporal Membership Settings dialog provides the following options:

  • Add to the group > Now: Indicates that the object should be added to the group at once.

  • Add to the group > On this date: Indicates the date and time when the object should be added to the group.

  • Remove from the group > Never: Indicates that the object should not be removed from the group.

  • Remove from the group > On this date: Indicates the date and time when the object should be removed from the group.

Regular members have the Add to group and Remove from group options set to Already added and Never, respectively. You can set a particular date for any of these options in order to convert a regular member to a temporal member.

NOTE: Consider the following when rescheduling temporal group memberships:

  • You can view or modify the start time and end time settings by managing an object rather than groups in which the object has memberships. Open the Properties dialog for that object, and then, on the Member Of tab, select the group for which you want to manage the start or end time setting of the object, and click Temporal Membership Settings.

  • On the Members or Member Of tab, you can change the start or end time setting for multiple members or groups at a time. From the list on the tab, select two or more items and click Temporal Membership Settings. Then, in the Temporal Membership Settings dialog, select check boxes to indicate the settings to change and make the changes you want.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级