Side by Side

Guys.

Our ARS version has been in use from the version 6 days and has been upgraded along the way to version 7.3 where we are today.

What I would like to do and not sure if its even possible.

I would like to install a brand new fresh installation of ARS on the latest version, fresh DB and settings and build up a new environment while the 7.3 version is still in use. Is this the correct way to do it? can it be done? anything to watch out for?

Thanks in advance.

Parents
  • This is possible, but not recommended long-term for several reasons.

    The most painful issue is going to be the discrepancy between the Active Roles Virtual Attribute values in these configurations. Deprovisioning information, for example, is stored in Virtual Attributes in the Active Roles configuration. So, objects that are Deprovisioned in one Active Roles configurations will not have the same statuses in the other configuration, and an Undo-Deprovision operation will not be possible. Any custom Virtual Attributes will also be out-of-sync.

    Is there a specific reason why you want a fresh start? If you are looking to retire legacy components, it may be simpler just to disable them and implement new configurations inside the existing Active Roles solution.

Reply
  • This is possible, but not recommended long-term for several reasons.

    The most painful issue is going to be the discrepancy between the Active Roles Virtual Attribute values in these configurations. Deprovisioning information, for example, is stored in Virtual Attributes in the Active Roles configuration. So, objects that are Deprovisioned in one Active Roles configurations will not have the same statuses in the other configuration, and an Undo-Deprovision operation will not be possible. Any custom Virtual Attributes will also be out-of-sync.

    Is there a specific reason why you want a fresh start? If you are looking to retire legacy components, it may be simpler just to disable them and implement new configurations inside the existing Active Roles solution.

Children
  • Thanks for the reply. I am not to worried about the deprovisoon and then undo deprovison. We have a pretty good handle on this and if needs be we would just delete from AD. We don't typically undo deprovision. VA were something that I identified as needing to be recreated. It would be a very slow process of migrating a bit at a time.

    The reason I wanted to start again was that over time policies and settings get created that now don't make sense ,    we have security templates that we could streamline and make better. with nobody on the replacement system it would be easier for us to build this and get it how we want. There are decisions that we took when we first started with layout that we would not use today or make better. The replacement system would only be there long enough to allow us to get it how we want and then cut over to it.

  • Dynamic Groups, if you use them, take care of themselves. Their configuration is stored in a native Active Directory attribute, so it will be visible and actioned by any Active Roles instance, even without a shared configuration.

    Any custom scripts which are firing based on native changes may be a problem. The Active Roles instances could potentially end up fighting each over, worst-case. If this isn't a concern in this environment, then it should be do-able.