立即与支持人员聊天
与支持团队交流

Active Roles 8.1.3 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Rule-based autoprovisioning and deprovisioning
Provisioning Policy Objects Deprovisioning Policy Objects How Policy Objects work Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning Exchange Mailbox AutoProvisioning AutoProvisioning in SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Microsoft 365 and Azure Tenant Selection E-mail Alias Generation User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Using rule-based and role-based tools for granular administration Workflows
Key workflow features and definitions About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Configuring Active Roles to manage Hybrid AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports Active Roles and supported Azure environments Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Exporting and importing Policy Objects

With the Active Roles Console, you can export Policy Objects to an XML file and then import them from that file to populate another instance of Active Roles. The export and import operations provide a way to move Policy Objects from a test environment to a production environment.

NOTE: When you export and then import Policy Objects, only policies are transferred. The Policy Object links are not included in the export-import operation. You need to reconfigure them manually after completing the operation.

To export Policy Objects, select them, right-click the selection, and select All Tasks > Export. In the Export Objects dialog, specify the file where you want to save the data, and click Save.

To import Policy Objects, right-click the container where you want to place the Policy Objects, and then click Import. In the Import Directory Objects dialog, select the file to which the Policy Objects were exported, and click Open.

Deleting a Policy Object

You can delete Policy Objects with the Active Roles Console.

To delete a Policy Object

  1. In the Console tree, under Configuration > Policies > Administration, locate and select the folder that contains the Policy Object you want to delete.

  2. In the details pane, right-click the Policy Object, then click Delete.

NOTE: Once a Policy Object is applied within Active Roles to determine policy settings in the directory, the Policy Object cannot be deleted. You can view a list of objects to which the Policy Object is applied: right-click the Policy Object, and click Policy Scope. If you need to delete the Policy Object, first remove all items from the list in the Active Roles Policy Scope dialog.

Policy configuration tasks

This section discusses how to configure policies of the following types, grouped by Policy Object category.

Table 4: Policy Configuration Tasks

Policy Object category

Policy type

Provisioning Policy Object

Property Generation and Validation

User Logon Name Generation

Group Membership AutoProvisioning

E-mail Alias Generation

Exchange Mailbox AutoProvisioning

Home Folder AutoProvisioning

Script Execution

Microsoft 365 and Azure Tenant Selection

AutoProvisioning in SaaS products

Office 365 Licenses Retention

Deprovisioning Policy Object

User Account Deprovisioning

Group Membership Removal

Exchange Mailbox Deprovisioning

Home Folder Deprovisioning

User Account Relocation

User Account Permanent Deletion

Group Object Deprovisioning

Group Object Relocation

Group Object Permanent Deletion

Notification Distribution

Report Distribution

Script Execution

Property Generation and Validation

Property Generation and Validation policies help you automate the configuration of directory object properties. Using this policy, you can:

  • Automatically generate default property values for new directory objects (for example, when creating new user accounts or groups).

  • Automatically check if the configured property values comply with the specified corporate policy rules.

To set up a policy, you can specify conditions that the property values must meet, and can also determine the default value for each property provisioned with the policy. For example, you can configure a policy to enforce a certain type of telephone number formatting in the contact information properties for your directory.

TIP: Consider the following when planning to configure a Property Generation and Validation policy:

  • To help you get started with configuring policy-based administration in your organization, Active Roles includes a set of built-in Policy Objects that offer provisioning and deprovisioning rules to the most typical administrative use cases. To find the built-in Policy Objects, navigate to the following node of the Active Roles Console:

    Configuration > Policies > Administration > Builtin

  • If the directory of your organization contains cloud-only Azure objects (Azure users, guest users or contacts), then use the built-in Azure CloudOnly Policy - Default Rules to Generate Properties Policy Object to provision their default properties and accepted values.

NOTE: Policy Object settings specific to Azure cloud-only objects (such as cloud-only Azure users, guest users, or contacts) are available only if your Active Roles deployment is licensed for managing cloud-only Azure objects. Contact One Identity support for more information.

Also, Policy Objects specific to Azure cloud-only objects will work correctly only if an Azure tenant is already configured in the AD of the organization, and Active Roles is already set as a consented Azure application for that Azure tenant. For more information on these settings, see Configuring a new Azure tenant and consenting Active Roles as an Azure application.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级