• ARS: The specified Domain is not available for Management. The specified Domain either does not exist or could not be contacted.


    I've installed ARS on a on a separated Domain and now try to add managed Domains in other non-trusted Domains. All ports form the ARS documentation are open against the specific Domains, but I am still facing the error that the Domain can't be contacted…

  • When launching ActiveRoles74, we receive the following message. Cannot retrieve the Two-Factor Authentication configuration information from the Active Roles Administration Service. This is new installation of 7.4 on new server with new database.

    We have installed version 7.4 on a new server connected to a new database. When launching the ARS console, we get the following message.

    Cannot retrieve the Two-Factor Authentication configuration information from the Active Roles Administration Service…

  • ARS Script Wiki and Best Practices. Still existing on Quest Website? Or only dead links to Dell Software?

    Hello All,

    I have to implement a solution, where I have to use Workflows with partly User Input and also getting Workflow information in Scripting (prefered PowerShell). I searched these forum for Knowledge about it, but I could not find much. And the…

  • Setting Virtual Attribute on the fly when user Properties are opened

    Hey Everyone,

    First post and still quite a newb with Active Roles so don't mind the brief ignorance you may see :)

    Basically my end goal is to make a Tab in the web interface User Object properties window only visible when a virtual attribute is…

  • Upgrade ARS 6.8 and Upgrad Server OS and SQL-Version - All in one step possible?

    Hello All,

    I have to upgrade ARS from Version 6.8 to an up-to-date Version. And I also have to update the Server OS and SQL-Version. For my understanding of the ARS update path document I first have to update to Version 6.9 before I can go to Version…

  • ARS background process

    Hi All,

    I just wanted to know what background process does ARS do to provision objects to AD. Is it LDAP or any scripts that it run in background.



  • ARS V6.9 and V7.3.1 certificates installation


    We have an ARS 6.9 installation and the certificates were installed locally on the server(s).  Question, can we use the load balancer as the certificate holder? I heard ARS requires certificates to be installed locally only?

    Also, can someone provide…

  • Create secondary alias in à create mailbox policy


    I want to be able to add a secondary email adresse @domaine.mail.onmicrosoft.com to all my new user account so that I can migrate them to my Office365 during the night.

    I have a policy that creates new exchange account.  I tried to add a new secondary…

  • Populate dropdown menus using an ARS policy


    I'm looking for a way to update an ARS policy via a schedule. 

    At the moment we populate dropdown menus in IAM Websites using onGetEffectivePolicy but it slows down accessing a user object (13 seconds to open). Adding the values to an ARS policy…

  • Active Roles User Provisioning

    Dear All,

    1. How does ARS provision users from ARS to AD. I mean what scripts does it run or what method does it run when a user click on submit button for user creation.

    2. How does ARS decide, in a domain which AD should it provision the objects (users…

  • Application Pool stops - No IIS Worker Process - Event ID 5009 with exit code c0000135 - http 503 error - Fresh Install ARS 7.3.1

    Having followed the instructions and prerequisites, we cannot get the websites on our fresh install of ARS 7.3.1 to work. We have matched our install to an existing install that works. We have the correct .NET Framework and copied all of the settings…

  • Using a custom password generation script


    I would like to use a custom password generation script written using powershell.

    The custom script is essential just a copy of the default, but I swapped the "New-Password" function with my own and then deleted some of the other checks the default…

  • Group manage self service

    Hi all,

    I'm struggling with setting up self service for users to manage groups. What I have done is on OU (where are my groups) add permission to "authenticated users" template "self - Group manage". On other OU where are users - template "users - list…

  • UnDeprovision In ActiveRoles Sync Engine


    So I can see in the Sync Engine workflows (Old QC)  we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.

    However, I don…

  • Restrict object types to be added to groups

    Hi all,

    we are currently planning to roll-out SelfServicePortal for group management purposes.

    However, we've got some requirements when it comes to objects that can be added to groups. Types are split by OU.

    We have distribution lists, which can…

  • Issues setting attributes via PowerSHell

    Hi all,

    we are about to roll-out self-service for group management.

    For that reason, I need to bulk-set primary and secondary owners.

    While trying to get started I am experiencing issues in settings neccessary attributes.

    I can set ManagedBy flag and…

  • ARS Quesry Based Distribution Group

    Is it possible to create a query based distribution group where the LDAP query compares two attributes and adds a user to the group if they are not the same?

    The two attributes that I want to compare are 'mail' and a virtual attribute 'edsvaFirstEmailAddress…

  • Workflow - How to set an attribute to the secondary owner's e-mail address of workflow target?

    Hi everyone,

    Does anyone know how I can set an attribute of my choice, to the e-mail address of the secondary owner of the workflow target? 

    So far, I have the following: 

    >>Operation execution: Create User; where secondary owner of workflow target is not…

  • Deprovision Account Linked to Another Account

    We are looking for a solution to the following. We have employees that are assigned managers in ARS. We have found that if the Manager account deprovisions, the user account is not updated to reflect that the Manager account has been deprovisioned. What…

  • ARS access rule with claims enabled, appears to work but when user closes the ARS console and reopens the claim is not working as expected

    Hello ,

    To test a scenario out where I have a single Managed unit with all users. Only want admins from same department to see and modify users from same department.

    Enabled AD claim rules on domain and ARS server, setspns as described in the admin guide…

  • Active Roles Workflow Search function

    Hello im hoping one of you fine people can help me with a dilemma..

    I have a workflow where if the user selects a Virtual Attribute say "edsvaCreateADM" it will go and create the Admin Account with all the attributes populated... however, I have put a…

  • Update the Deprovisioning Report Record in a Script called by a Workflow

    Hello, Im hoping someone can give me a hand.

    Im trying to update the users Deprovision Report record in a script after I have performed a function.. the script is being called by a workflow.

    This is an example what I tried..

    Function Oninit($Request)

  • Okta User Generation - Not Seen as Creation

    We've got Okta provisioning users, soon to be from Workday, through Okta, and then into AR. However, the issue that I'm running into is that when a user is created in Okta that then is replicated to ARS, ARS isn't seeing it as a new user creation. Because…