After installing Active Roles, you perform the initial configuration task to create the Administration Service instance, getting it ready for use. Then, you can use Configuration Center to:
- View or change the core Administration Service settings such as the service account, the Active Roles Admin account, and the database
- Import configuration data from an Active Roles database of the current version or an earlier version to the current database of the Administration Service
- Import management history data from an Active Roles database of the current version or an earlier version to the current database of the Administration Service
- View the state of the Administration Service
- Start, stop or restart the Administration Service
Here you can find an overview of these tasks.
On the Administration Service page in the Configuration Center main window, you can view:
- The logon name of the service account
- The name of the group or user account that has the Active Roles Admin rights
- The SQL Server instance that hosts the Active Roles Configuration database
- The name of the Active Roles Configuration database
- The Configuration database connection authentication mode (Windows authentication or SQL Server login)
- The SQL Server instance that hosts the Active Roles Management History database
- The name of the Active Roles Management History database
- The Management History database connection authentication mode (Windows authentication or SQL Server login)
From the Administration Service page in the Configuration Center main window, you can change:
- The Active Roles database
Click Change in the Active Roles database area. In the wizard that appears, specify the database type and the database server instance and the database you want the Administration Service to use, and choose the database connection authentication mode (Windows authentication or SQL Server login). You have the option to specify a separate database for storing management history data.
NOTE: Azure Databases can be connected only using SQL Server authentication.
IMPORTANT:
During in-place upgrade, when importing from the source database (Configuration and Management History database), the following database permissions are automatically migrated from the previously used (source) SQL database to the new (destination) SQL database:
The service account that is used for performing the in-place upgrade or the import or migration operation should have the following permissions in the SQL Server to perform the operation:
-
db_datareader fixed database role in the source database.
-
db_owner fixed database role and the default schema of dbo in the destination database.
-
sysadmin fixed server role in the destination database.
By default, the database users, permissions, logins, and roles are imported to the destination database. You can clear the Copy database users, permissions, logins, and roles check box in the following locations depending on the operation:
-
During in-place upgrade: in the Upgrade configuration window.
-
Importing configuration: Import Configuration > Source Database > Configure advanced database properties.
-
Importing management history: Import Management History > Source database > Configure advanced database properties.
NOTE: Depending on the infrastructure, the import operation may take several minutes to complete.
The task of importing configuration data arises when you upgrade the Administration Service. In this case, you need to transfer the Active Roles configuration data from the database used by your Administration Service of the earlier version to the database used by your Administration Service of the new version. To perform this task, click Import configuration on the Administration Service page in the Configuration Center main window, and follow the steps in the Import configuration wizard that appears.
The Import configuration wizard prompts you to specify the Active Roles database from which you want to import the configuration data (source database) and identifies the database of the current Administration Service to which the configuration data will be imported (destination database), letting you choose the connection authentication mode (Windows authentication, SQL Server login or Azure AD login) for each database.
The Add-on advisor page displays all the pre-installed add-ons for the earlier version of Active Roles. These Add-ons must be uninstalled manually from the earlier version using the Active Roles Add-on Manager and from the system where ever applicable, before continuing configuration import.
The Azure Tenant association page displays the lists of configured Azure tenants in the source database and options for association. The Azure Tenant association section notifies you to select an Azure tenant from the drop-down list of Azure tenants configured in the source database, and the selected Azure tenant is associated with all Azure objects in the destination database. You can also choose to Run Azure Tenant association immediately or Schedule Azure Tenant association, where you select the date and time from the Calendar to run the Azure tenant association.
NOTE:
- If Azure Tenant association is scheduled at a certain time and the upgrade/import operation is still in progress or completes after the Azure Tenant association scheduled time, the tenants are not associated. You have to run the built-in scheduled task Update Azure Objects Associated Tenant Id from the Active Roles console to manually associate the Azure Tenants.
-
Alternatively, Azure Tenant association can be run at any time using the template workflow Update Azure Objects Associated Tenant Id available in the Built-in Workflow Container. The parameter in the script used by the workflow can be configured with the required tenant ID. You can use the drop-down to select a default Azure Tenant from the list of available Azure Tenants. The script used by the workflow can be modified to Search Azure objects based on the requirement.
The Services association page displays options to configure the Administration services for executing Dynamic Groups, Group Families, and Scheduled tasks. You can choose to run the Services association immediately or Schedule Service association.
NOTE: If Services association is scheduled at a certain time and the upgrade/import operation is still in progress or completes after the Services association scheduled time, the services are not associated. You have to run the built-in scheduled task Update Services To ExecuteOn from the Active Roles console to manually associate the Services.
To ensure Dynamic Groups, Group Families, and Scheduled tasks continue to function after an import the installation configures the new Active Roles server as the executing server for the tasks mentioned above. The configuration mentioned in the Services association page runs after an upgrade.
NOTE:
- Alternatively, Services association can be performed any time using the template workflow Update Services To Execute On available in the built-in Workflow Container. The parameters in the script used by the workflow can be configured to the required administration services, such as, Dynamic Group Service, Group Family Service, Scheduled Task Service. You can select the administration service from the drop-down list. The drop-down list displays all the currently running administration services that are connected to the current configuration database. If the parameter value is not selected, then the current administration service is used.
- Services association does not update certain scheduled tasks, For example, scheduled tasks that cannot be edited (Managed Object Counter) or scheduled tasks that are set to All servers option.
After successfully uninstalling the add-ons, the wizard performs the import operation. During the import operation, the wizard retrieves and upgrades the data from the source database, and replaces the data in the destination database with the upgraded data from the source database.
For further information and step-by-step instructions, see “Importing configuration data” in the Active Roles Quick Start Guide.