立即与支持人员聊天
与支持团队交流

Active Roles 8.1.3 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Exchange-related settings

On the next page, you can specify whether you want the groups generated by the Group Family to be mail-enabled, and set up Exchange-related properties to assign to those groups upon their creation.

Figure 128: Exchange-related settings

If you want the Group Family groups to be mail-enabled, select the Mail-enable groups created by Group Family check box. Then, you can set up the following Exchange-related properties for the Group Family groups:

  • Expansion server: The Exchange server used to expand a Group Family group into a list of group members.

  • Hide group from Exchange address lists: Prevents the Group Family groups from appearing in address lists. If you select this check box, each of the groups will be hidden from all address lists.

  • Send out-of-office messages to originator: Select this check box if you want out-of-office messages to be sent to the message originator, when a message is sent to a Group Family group while one or more of the group members have an out-of-office message in effect.

  • Send delivery reports to group owner: Use this option if you want delivery reports to be sent to the group owner, when a message sent to a Group Family group is not delivered. This lets the group owner know that the message was not delivered.

  • Send delivery reports to message originator: Use this option if you want delivery reports to be sent to a message originator, when a message sent to a Group Family group is not delivered. This lets the message originator know that the message was not delivered.

  • Do not send delivery reports: Use this option if you do not want delivery reports to be sent, even if a message sent to a Group Family group is not delivered.

Group Family scheduling

On the next page, you can schedule the Group Family to run. During each run, the Group Family performs as described in the How Group Family works.

When setting up the schedule options, take into account that a Group Family run is a lengthy and resource intensive operation. Therefore, a Group Family run should be scheduled for a time that it will have the minimum impact on users.

Figure 129: Group family scheduling

Select the first check box to run the Group Family right after you complete the wizard and whenever the Group Family is modified by managing the configuration storage group. For more information, see Administering Group Family.

Select the Schedule Group Family to run check box to set up schedule options. As long as this check box is selected, the Group Family runs at specified time.

From the Run on this server list, you can select the Administration Service to run the Group Family. It is advisable to choose the least loaded Service.

Administering Group Family

Most of the tasks related to Group Family administration are performed by using the Properties command on the groups used to store Group Family configurations. In the Active Roles Console, such groups are marked with a special icon, to distinguish them from regular groups.

When you create a Group Family, a group is created to store the Group Family configuration. The group is assigned the name you provided for the Group Family, and marked with the (Group Family) icon.

To facilitate Group Family administration, the Properties dialog for a configuration storage group includes a number of Group Family-specific tabs:

  • General tab: Displays the name of the Group Family and allows the administrator to view or modify the description, group type, and group scope of the storage group.

  • Controlled Groups tab: Lists the groups that are under the control of the Group Family, and allows the administrator to view or modify the group-to-grouping links and group creation-related rules.

  • Groupings tab: Allows the administrator to view or modify the Group Family scope and the list of group-by properties.

  • Schedule tab: Displays Group Family schedule-related information, and allows the administrator to view or modify scheduling settings.

  • Action Summary tab: Displays information about the last run of the Group Family, and allows the administrator to view a log detailing results of the run.

NOTE: Changes to the regular, group-related properties of the configuration storage group do not affect the Group Family. For example, you can rename or move the configuration storage group without any impact on the process and results of Group Family operation. Renaming the configuration storage group only changes the display name of the Group Family.

The Action menu on each Group Family configuration storage group includes the Force Run command, so you can run the Group Family if you want to update it right away, without waiting for the scheduled run time.

To view or modify grouping rules

  1. Open the property sheet for the Group Family.

  2. Click the Groupings tab, then click Configure.

  3. Follow Steps 5 through 7 of the procedure for creating a Group Family. For more information, see Creating a Group Family.

  4. On the Group-by Properties page, click Finish.

  5. Click OK to close the property sheet.

To view or modify group creation-related rules

  1. Open the property sheet for the Group Family.

  2. Click the Controlled Groups tab, then click Manage Rules.

  3. Follow Steps 9 through 12 of the procedure for creating a Group Family. For more information, see Creating a Group Family.

  4. On the Exchange-related Settings page, click Finish.

  5. Click OK to close the property sheet.

To manually add a group to a Group Family

  1. Open the property sheet for the Group Family.

  2. Click the Controlled Groups tab, then click Capture Groups.

  3. In the Capture Groups window, click Add.

    1. In the Assign Group to Grouping dialog, do the following, then click OK:

    2. Click Select, then select the group you want to add.

  4. In Group-by property, type a value of the group-by property. If multiple group-by properties are defined, type a value for each, so as to determine the grouping to which you want the group to be assigned.

  5. Click OK to close the Capture Groups window.

  6. Click OK to close the property sheet.

To remove a group from a group family

  1. Open the property sheet for the Group Family.

  2. Click the Controlled Groups tab, then click Capture Groups.

  3. In the Capture Groups window, select the group you want to remove from the Group Family, click Remove, then click OK.

  4. Click OK to close the property sheet.

To schedule a Group Family update

  1. Open the property sheet for the Group Family.

  2. Click the Schedule tab, then click Configure.

  3. On the Group Family Scheduling page, do the following, then click Finish:

    1. Select Schedule Group Family to run, then set the appropriate date, time, and frequency of Group Family update.

    2. If you also want the Group Family to run one time immediately after you close the property sheet, select Run Group Family once after completing this page.

    3. From the Run on this server list, select the Administration Service you want to run the Group Family.

  4. Click OK to close the property sheet.

To view results of a Group Family update

  1. Open the property sheet for the Group Family.

  2. Click the Action Summary tab, then click View Log.

To delete a Group Family

  1. In the Active Roles Console, navigate to the Group Family you want to delete.

  2. Right-click the Group Family configuration storage group, then click Delete.

NOTE: Deleting a Group Family only deletes the configuration storage group of the Group Family. This operation does not delete the controlled groups of the Group Family. Later, you can configure another Group Family to take control of those groups.

Controlled groups

To help distinguish the groups that are under the control of a Group Family (controlled groups), the Active Roles Console marks them with a special icon. For example, the following icon is used to indicate a global group that is under the control of a Group Family:

In addition, an explanatory text is added to the Notes field for such groups, stating that the Group Family will override any changes made directly to the group membership list.

In the Active Roles Console, the Properties dialog for controlled groups includes a Group Family-specific tab named Controlled By. From that tab, you can manage the configuration of the Group Family that controls the group.

The Controlled By tab displays the name and path of the group that stores the configuration of the Group Family. To view or change the configuration of the Group Family, click Properties.

There are two ways to access the Properties dialog of the Group Family configuration storage group:

  • On the Controlled By tab in the Properties dialog for any group controlled by the Group Family, click Properties.

  • Right-click the Group Family configuration storage group, and click Properties.

The following sections elaborate on the Group Family-specific tabs found in the Properties dialog for the Group Family configuration storage group.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级