立即与支持人员聊天
与支持团队交流

Active Roles 8.2 - Administration Guide

Introduction Getting started with Active Roles Configuring rule-based administrative views Configuring role-based administration Configuring rule-based autoprovisioning and deprovisioning
Configuring Provisioning Policy Objects
User Logon Name Generation E-mail Alias Generation Exchange Mailbox AutoProvisioning Group Membership AutoProvisioning Home Folder AutoProvisioning Property Generation and Validation Script Execution O365 and Azure Tenant Selection AutoProvisioning in SaaS products
Configuring Deprovisioning Policy Objects
User Account Deprovisioning Group Membership Removal User Account Relocation Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Permanent Deletion Office 365 Licenses Retention Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Script Execution Notification Distribution Report Distribution
Configuring entry types Configuring a Container Deletion Prevention policy Configuring picture management rules Managing Policy Objects Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Configuring policy extensions
Using rule-based and role-based tools for granular administration Workflows
About workflow processes Workflow processing overview Workflow activities overview Configuring a workflow
Creating a workflow definition for a workflow Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Approval workflow Email-based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic groups Active Roles Reporting Management History Entitlement profile Recycle Bin AD LDS data management One Identity Starling Join and configuration through Active Roles Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Migrating Active Roles configuration with the Configuration Transfer Wizard Managing Skype for Business Server with Active Roles
About Skype for Business Server User Management Active Directory topologies supported by Skype for Business Server User Management User Management policy for Skype for Business Server User Management Master Account Management policy for Skype for Business Server User Management Access Templates for Skype for Business Server Configuring the Skype for Business Server User Management feature Managing Skype for Business Server users
Exchanging provisioning information with Active Roles SPML Provider Monitoring Active Roles with Management Pack for SCOM Configuring Active Roles for AWS Managed Microsoft AD Azure AD, Microsoft 365, and Exchange Online Management
Azure tenant types and environment types supported by Active Roles Using Active Roles to manage Azure AD objects Unified provisioning policy for Azure M365 Tenant Selection, Microsoft 365 License Selection, Microsoft 365 Roles Selection, and OneDrive provisioning Changes to Active Roles policies for cloud-only Azure objects
Managing the configuration of Active Roles
Connecting to the Administration Service Managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the Console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server replication Using regular expressions Administrative Template Configuring federated authentication Communication ports and URLs used by Active Roles Integrating Active Roles with other products and services Active Roles Language Pack Active Roles Diagnostic Tools Active Roles Add-on Manager

Using the Undo Deprovisioning command

The Undo Deprovisioning command is available in both the Active Roles Console and Web Interface to those who are authorized to restore deprovisioned users or groups. By using this command, you start the Undo Deprovisioning operation on the objects you have selected, causing Active Roles to undo the results of deprovisioning on those objects.

To restore a deprovisioned user account

  1. In the Active Roles Console, right-click the user account, and then click Undo Deprovisioning.

  2. In the Password Options dialog, choose the options to apply to the password of the restored account, and then click OK.

    For information about each option, open the Password Options dialog, and then press F1.

  3. Wait while Active Roles restores the user account.

To restore a deprovisioned group

  1. In the Active Roles Console, right-click the group, and then click Undo Deprovisioning.

  2. Wait while Active Roles restores the group.

The operation progress and results are displayed in the Results of Undo Deprovisioning window, which is similar to the Deprovisioning Results window discussed earlier in this chapter. When the operation is completed, the window displays the operation summary, and allows you to examine operation results in detail.

Configuring policy extensions

Active Roles supports creating custom policies based on the Script Execution built-in Policy Type. However, creating and configuring a script policy from scratch can be time-consuming. Custom Policy Types provide a way to mitigate this overhead. Once a custom Policy Type is deployed that points to a particular script, administrators can easily configure and apply policies of that type, having those policies perform the actions determined by the script. The policy script also defines the policy parameters specific to the Policy Type.

Custom Policy Types provide an extensible mechanism for deploying custom policies. This feature is implemented by using the Policy Type object class. You can create Policy Types via the Active Roles Console, with each object representing a specific custom Policy Type.

For more details on policy extensions, see Concept: Policy extension with custom Policy Types in the Active Roles Feature Guide.

Creating and managing custom policy types

In Active Roles, you can use Policy Type objects to store the definition of a custom policy in a single object. You can also import and export Policy Type objects, which makes it easy to distribute custom policies to other environments.

For more information on managing custom Policy Types, see the following procedures:

Creating a Policy Type object

Active Roles stores Policy Type objects in the Policy Types container. You can access that container in the Active Roles Console by expanding the Configuration > Server Configuration branch of the Console tree.

To create a new Policy Type object

  1. In the Console tree, under Configuration/Server Configuration/Policy Types, right-click the Policy Type container in which you want to create a new object, and select New > Policy Type.

    For example, if you want to create a new object in the root container, right-click Policy Types.

  2. In the New Object - Policy Type Wizard, type a name, a display name and, optionally, a description for the new object.

    The display name and description are displayed on the page for selecting a policy, in the wizards that are used to configure Policy Objects.

  3. Click Next.

  4. Click Browse and select the Script Module containing the script that will be run by the policies of this policy type.

    The Script Module must exist under the Configuration/Script Modules container and hold a policy script.

  1. In the Policy Type category area, do one of the following:

    1. Click Provisioning if policies of this type are intended for Policy Objects of the provisioning category.

    2. Click Deprovisioning if policies of this type are intended for Policy Objects of the deprovisioning category.

    The policy types that have the Provisioning option selected appear on the page for selecting a policy in the wizard that is used to create a provisioning Policy Object or to add policies to an existing provisioning Policy Object. The policy types that have the Deprovisioning option selected appear in the wizard for creating a deprovisioning Policy Object or adding policies to such a Policy Object.

  2. From the Function to declare parameters list, select the name of the script function that defines the parameters specific to this type of administration policy.

    The list contains the names of all the functions found in the script you selected in Step 4. Every policy of this type will have the parameters that are specified by the function you select from the Function to declare parameters list. Normally, this is a function named onInit.

  3. Click Policy Type Icon to verify the image that denotes this type of policy. To choose a different image, click Change and open an icon file containing the image you want.

    This image appears next to the display name of the policy type on the wizard page for selecting a policy to configure, to help identify and visually distinguish this policy type from the other policy types.

    The image is stored in the Policy Type object. In the dialog that appears when you click Policy Type Icon, you can view the image that is currently used. To revert to the default image, click Use Default Icon. If the button is unavailable, then the default image is currently used.

  4. Click Next and follow the steps in the wizard to complete the creation of the new Policy Type object.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级