立即与支持人员聊天
与支持团队交流

Active Roles 8.2 - Web Interface User Guide

Getting Started Web Interface Basics Performing Management Tasks
Managing your personal account Managing Active Directory objects Running an automation workflow Managing temporal group memberships Managing Azure AD, Microsoft 365, and Exchange Online objects
Managing cloud-only Azure contacts Managing Hybrid AD users
Creating a new Azure AD user with the Web Interface Viewing or updating the Azure AD user properties with the Web Interface Viewing or modifying the manager of a hybrid Azure user Disabling an Azure AD user Enabling an Azure AD user Deprovisioning of an Azure AD user Undo deprovisioning of an Azure AD user Adding an Azure AD user to a group Removing an Azure AD user from a group View the change history and user activity for an Azure AD user Deleting an Azure AD user with the Web Interface Creating a new hybrid Azure user with the Active Roles Web Interface Converting an on-premises user with an Exchange mailbox to a hybrid Azure user Licensing a hybrid Azure user for an Exchange Online mailbox Viewing or modifying the Exchange Online properties of a hybrid Azure user Creating a new Azure AD user with Management Shell Updating the Azure AD user properties with the Management Shell Viewing the Azure AD user properties with the Management Shell Delete an Azure AD user with the Management Shell Assigning Microsoft 365 licenses to new hybrid users Assigning Microsoft 365 licenses to existing hybrid users Modifying or removing Microsoft 365 licenses assigned to hybrid users Updating Microsoft 365 licenses display names Microsoft 365 roles management for hybrid environment users
Managing Hybrid AD groups Managing Microsoft 365 Groups Managing cloud-only distribution groups Managing cloud-only dynamic distribution groups Managing Azure security groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Viewing or modifying the Exchange Online properties of a remote mailbox Managing room mailboxes Managing cloud-only shared mailboxes Deleting or changing the remote mailbox of an on-premises user
Managing AD LDS data Managing computer resources Restoring deleted objects
Using Approval workflows

Managing Active Directory objects

The Directory Management section of the Web Interface allows you to browse for, and administer, directory objects in your organization. You can navigate through containers in the directory; view, filter and select objects held in the container; and apply commands to the selected object or container.

Whether you can perform a certain management task depends upon permissions granted to your user account, and the Web Interface customization settings.

NOTE: If your environment has a large number of Microsoft Exchange mailboxes (or a complex Microsoft Exchange deployment), Active Roles may retrieve the properties of users with Exchange mailboxes slower than for users without Exchange mailboxes.

To solve this problem, enable a performance fix by creating a new registry key as described in Knowledge Base Article 4336544:

  1. On the machine(s) running the Administration Service and the Web Interface, launch the Windows Registry Editor.

  2. In the Registry Editor, navigate to the following registry path:

    HKEY_LOCAL_ MACHINE\SOFTWARE\One Identity\Active Roles\Configuration

  3. Create a new DWORD (32-bit) Value named PerformanceFlag.

  4. Double-click the new PerformanceFlag DWORD, and set its Value data to 1.

  5. To apply the fix, restart the Active Roles Administration Service and IIS. If the fix is enabled successfully, the following Active Roles event log with Event ID 2508 will appear in the Event Viewer:

    Performance flag value set to 1.
  6. (Optional) To deactivate the fix later, set the Value data of the PerformanceFlag DWORD to 0.

The PerformanceFlag registry key accepts only a value of 1 (to activate the fix) or 0 (to deactivate it).

To perform a management task

  1. On the Navigation bar, click Directory Management.

  2. On the Views tab in the Browse pane, click one of the following:

    • To manage objects in Active Directory containers, such as domains or Organizational Units, click Active Directory. This displays a list of Active Directory domains.

    • To manage directory objects in a certain Managed Unit, click Managed Units. This displays a list of Managed Units.

  3. In the list of objects, do one of the following:

    • To navigate to a container, such as an Organizational Unit, click the name of that container.

    • To perform a command that applies to the current container, click that command in the Command pane under the name of the current container.

    • To perform a command on a particular object held in the current container, select the check box next to the name of that object, then click the command in the top area of the Command pane, under the name of the object.

    • To perform a command on two or more objects at a time, select the check box next to the name of each object, then click the command in the top area of the Command pane.

    NOTE: In the list of objects, clicking the name of a leaf object such as a user or group, will display a page where you can view or modify object properties. Clicking a container object such as a domain or an organizational unit will display a list of objects held in that container.

When you perform a management tasks, the Web Interface supplements and restricts your input based on policies and permissions defined in Active Roles. The Web Interface displays the data generated by policies, and prevents the input of data that would cause policy violations. The following rules apply:

  • If a policy requires that a value be specified for a particular property, the name of the field for that property is marked with an asterisk (*).

  • If a policy imposes any restrictions on a property, an information icon is displayed next to the name of the field for that property. Click the icon to view policy information, which you can use to enter an acceptable value.

  • When you specify a property value that violates a policy, and click Save, the Web Interface displays an error message. Review the error message and correct your input.

  • Pages for object creation must include the entries for all required properties. Otherwise, the Web Interface fails to create the object. For information on how to configure forms, see Configuring forms in the Active Roles Web Interface Configuration Guide.

  • Object property pages display the values of the properties for which you have the Read permission. You can modify only those properties for which you have the Write permission. The properties for which you only have the Read permission are displayed as read-only.

  • The Command pane includes only the commands that you are permitted to use.

  • The list of objects includes only the objects that you are permitted to view.

Batch operations

In the Web Interface, you can select multiple objects (such as users, groups and computers), then apply a certain command to your selection of objects. This allows you to perform a batch operation on all the selected objects at a time instead of running the command on each object separately. The Web Interface supports the following batch operations:

  • Delete Allows you to delete multiple objects at a time.

  • Deprovision Allows you to deprovision multiple users or groups at a time.

  • Move Allows you to move a batch of objects to a different Organizational Unit or container.

  • Add to groups Allows you to add a batch of objects to one or more groups of your choice.

  • Update object attributes Allows you to perform bulk attributes operations on multiple users at a time.

  • Reset Password Allows you to reset the password for multiple users at a time.

Batch operations are available in the list of objects on the following Web Interface pages:

  • Search This page lists the search results when you perform a search.

  • View Contents This page displays the objects held in a given Organizational Unit, Managed Unit, or container.

To perform a batch operation, select the check box next to the name of each of the desired objects in the list, then click one of the available commands in the Command pane. This runs the command on each object within your selection.

NOTE: Active Roles administrators can customize Web Interface by adding and removing commands, and modifying pages associated with commands. For more information, see Customizing the Web Interface in the Active Roles Web Interface Configuration Guide Guide.

Enabling a user account

You can enable a disabled user account with the Web Interface.

To enable a disabled user account

  1. Locate the user account you want to enable. For instructions on how to locate objects in the Web Interface, see Locating directory objects.

  2. In the list of objects, select the user account you want to enable.

  3. In the Command pane, click Enable Account.

NOTE: If the user account is not disabled, the Command pane includes the Disable Account command instead of the Enable Account command.

Adding a user to a group

You can add user accounts to a group with the Web Interface.

To add a user account to a group

  1. In the Web Interface, locate and select the user account. For more information on locating objects in the Web Interface, see Locating directory objects.

  2. In the Command pane, click Member Of.

  3. On the Member Of page that appears, click Add.

  4. On the Select Object page that appears, perform a search to locate the group. For more information on how to search in the Web Interface, see Searching for directory objects.

  5. In the list of search results on the Select Object page, select the group to which you want to add the selected user account, then click Add.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级