立即与支持人员聊天
与支持团队交流

Active Roles 8.2.1 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Exporting and importing Policy Objects

You can export Policy Objects to an XML file using Active Roles Console, then import the exported Policy Objects to another instance of Active Roles. The export and import operations provide a way to move Policy Objects from a test environment to a production environment.

NOTE: When you export and import Policy Objects, Active Roles only transfers the configured list of policies. The Policy Object links are not included in the export-import operation. You must reconfigure them manually after completing the transfer.

To export and import a Policy Object

  1. In the Console tree, navigate to Configuration > Policies > Administration.

  2. Select the folder that contains the Policy Object that you want to export.

  3. In the details pane, right-click the Policy Object, then click All Tasks > Export.

  4. In the Export Objects dialog, navigate to the folder where you want to save the file, and click Save.

  5. In the destination Active Roles Console instance, under the Console tree, right-click the directory object where you want to import the Policy Object, then click Import.

  6. In the Import Directory Objects dialog, select the file where you exported Policy Object, then click Open.

Removing a Policy Object

You can delete Policy Objects using Active Roles Console.

NOTE: You can only delete or rename Policy Objects that you have created. Built-in Policy Objects can only be copied or exported.

To delete a Policy Object

  1. In the Console tree, navigate to Configuration > Policies > Administration.

  2. Select the folder that contains the Policy Object that you want to delete.

  3. In the details pane, right-click the Policy Object, then click Delete.

NOTE: Once a Policy Object is applied within Active Roles, the Policy Object cannot be deleted. If you want to remove the Policy Object, first remove all items from the list in the Active Roles Policy Scope dialog.

For more information on removing items from the policy scope, see Removing Policy Object links.

Checking for policy compliance

Checking for policy compliance provides information on directory data that does not comply with the policies—such as user or group naming conventions—defined with Active Roles. If you define some policies when data has already been entered, you can check the data and modify it accordingly to ensure that the data meets the policy requirements.

For more information about this feature, see Policy compliance checks in the Active Roles Administration Guide.

To check an object for policy compliance

  1. Right-click the object, and click Check Policy.

  2. If the object is a container or Managed Unit, select the appropriate combination of these check boxes to specify the scope of the operation:

    • This directory object: The scope includes the container or Managed Unit you have selected (this option does not cause the scope to include any child objects or members of the container or Managed Unit).

    • Child objects of this directory object: The scope includes all the child objects (or members, as applied to a Managed Unit) in the entire hierarchy under the container or Managed Unit you have selected.

    • Immediate child objects only: The scope includes only the child objects (or members, as applied to a Managed Unit) of which the container or Managed Unit that you have selected is the direct ancestor.

    Click OK.

    The progress and results of the policy check operation are displayed in the Policy Check Results window. The left pane of the window lists the objects for which a policy violation has been detected.

  3. Click an object in the left pane of the Policy Check Results window.

    When you click an object in the left pane, the right pane describes the policy violation in detail. By default, the right pane in the Policy Check Results window only displays basic options. You can display more choices by clicking the Details column heading.

  4. Use hypertext links in the right pane to perform the following tasks:

    • Modify the property value violating the policy. To do so, click the edit link next to the Property value label.

    • Remove the object from the policy scope: Click the block policy inheritance link next to the Policy Object label. If you do so, the policy no longer controls the object.

    • Modify the policy by clicking the properties link next to the Policy Object label. This displays the Properties dialog for the Policy Object. For instructions on how to add, modify, or remove policies in the Properties dialog, see Adding policies to a Policy Object, Modifying policies in a Policy Object, and Removing policies from a Policy Object.

    • View or modify the properties of the object that violates the policy. To do so, click Properties in the upper-right corner of the right pane.

    • View or modify the properties of the object to which the Policy Object is applied (linked). To do so, click the properties link next to the Applied to label.

NOTE: The Check Policy command on a Policy Object performs a check on all the objects found in the policy scope of the Policy Object. Use the Check Policy command on a Policy Object to find all objects that are not in compliance with the policies defined by that Policy Object.

To see how checking for policy compliance works in the Active Roles Console

  1. Create and configure a Policy Object with the property validation and generation policy for the Department property of user objects, specifying the policy rule as follows: Value must be specified and must be Sales or Production.

  2. Apply (link) that Policy Object to an Organizational Unit that already holds some user objects with no department specified.

  3. Right-click the Organizational Unit and click Check Policy. In the Check Policy dialog, click OK.

    Once you have performed these steps, the Policy Check Results window is displayed. Its left pane lists objects violating the policy.

  4. Wait while the list in the left pane is being populated. Then, select a user object from the list.

    The right pane, next to the Violation label, displays the prompt You must specify a value for the property ‘department’.

  5. In the right pane, click the edit link next to the Property value label.

  6. In the Properties dialog, select one of the acceptable values (Production or Sales) from the Department combo-box.

Deprovisioning users or groups

The Active Roles user interfaces, both Active Roles Console and Web Interface, provide the Deprovision command on user and group objects. This command initiates a request to deprovision the selected objects. When processing the request, Active Roles performs all operations that are set via the configured deprovisioning Policy Objects.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级