Active Roles

The Change History log can be accessed from the Active Roles Console, allowing you to quickly review the changes made to any user or group. This includes details on what changes were made, when they occurred and who made them. For example, if a user's password was reset via Active Roles, the change history will show when the reset occurred and who performed it.

Active Directory allows groups (referred to here as basic groups) to include members statically by selecting objects and adding them to groups manually. In contrast, Active Roles provides a flexible, rule-based mechanism for populating groups. Once set up, this process automatically adds and removes members from groups based on predefined rules.

Add Membership Rules with the tab in the Properties dialog.

By using temporal group memberships, Active Roles provides the ability to automate the tasks of adding or removing group members who only need access for a specific time period. Administrators can specify the exact time to add objects, such as users, computers, or groups, to a particular group and indicate when these objects should be removed from the group. This feature simplifies the management of temporary group memberships.

Active Roles offers the ability to define custom (virtual) attributes for any existing object type. This allows additional object properties to be specified without extending the Active Directory schema. For example, custom attributes can be used to store specific user data. You can configure a virtual attribute to store its value in the Active Roles database. Otherwise, to use the virtual attribute, you would need to implement a script policy to manage the attribute value.

Active Roles offers an extensive suite of preconfigured Access Templates that represent typical administrative roles, enabling the correct level of administrative authority to be delegated quickly and consistently.

A Policy Object is a collection of administrative policies that define the business rules to be enforced. A Policy Object includes stored policy procedures and specifications of events that trigger each procedure. A Policy Object associates specific events with its policy procedures, which can be built-in procedures or custom scripts. This provides an easy way to define policy constraints, implement sophisticated validation criteria, synchronize different data sources and perform several administrative tasks in a single batch.

Active Directory domains registered with Active Roles are referred to as managed domains. Each Administration Service maintains a list of managed domains and stores this list in the Administration Database as part of the service configuration.

Active Roles facilitates the administration and provisioning of Azure AD resources in on-premises, cloud-only and hybrid environments as well. You can manage all these resources through the Active Roles Web Interface.

Active Roles supports three types of web interfaces by default. These can be expanded and customized for any purpose.