• How to change one common attribute for multiples groups using csv.

    How to change one common attribute for multiples groups using csv.

    i have around 2000+ groups which need to have a attribute updated. How can we achieve this.

  • upgrade to 7.4.5 / prerequisite software

    Hi all,

    I try to upgrade from 7.4.4 to 7.5.5 but failing on the prerequisite software installation.
    Upgrade from 7.4.3 to 7.4.4, I did a /quiet install therefore I've skipped the prerequisite installation, but now I need the azure stuff in ARS, so I want…

  • Add user to AD group and run script

    We have 19 groups, say if user is added to 3 groups out of those 19. the WF should add that single user to another security group and execute the script or assign 0365 License.

    can someone guide me a good approach to achieve this?

  • Automating user process - retrieve initial password


    We have setup some new user automation however we would like to store the users initial password somewhere so that we can then send this via email to the IT Technician setting up the users account.

    Does anyone know where this attribute is stored…

  • Saved object properties in workflow


    Does anyone know if its possible to have two saved object properties in a single workflow. 

    To give context, the first saved object is configured for "Workflow target" (i.e. the user) and targets email address, company etc. 

    The second…

  • Synchronization Service Output potential changes to a CSV

    Is there a way to output the changes Synchronization Service will be making if you committed a workflow.

    I know that I can click on the numbers and a grey window will pop up detailing the changes that would be made were I to hit commit on the workflow…

  • Is it possible to apply a VA value to multiple users in one pass?

    I have a few thousand users to apply a VA value to - in order for a DynamicGroup to pull them in as members.

    Other than my normal practice, of looping through the list - is there an array way to feed set-qaduser an attributeValue append that would take…

  • Computer Dynamic Group Membership Rule Distinguished Name


    I want to create a dynamic group including all computers with a Distinguished Name containing "CRETEIL".
    Unfortunately, the membership rule "Computer distinguishedName Contains CRETEIL" doesn't return any items while many computers have…

  • Check to see when a user has last logged into ARS

    Hi all, this is probably a simple question, but I am trying to find out when a particular user logged into ARS. We use the web console for the majority of our admins and a few have the full client console. I am looking to see if a particular admin logged…

  • Uncheck and Disable 'Creation of Mailbox' option in Contact creation wizard


    I'm have tried below script in policy to uncheck and disable 'Create a mailbox' option in the contact creation wizard but its not reflecting on the screen.

    function onGetEffectivePolicy($Request)
    if($Request.Class -ne "contact"){return…

  • Cross domain members don't inherit group delegated rights


    I have two ARS managed domains which are in the same forest. Let's pretend domain1 and domain2.

    I also have two groups, domain1\read-domain1 and domain2\read-domain2 which have the rights "All Objects - Read All Properties" respectiv…

  • How to use Connect-QADService


    I have tried ARS access, it works but the following command does not work :

    Connect-QADService -proxy
    Connect-QADService : Server not exist or could not be contacted:
    Au caractère Ligne:4 : 1
    + Connect-QADService -proxy
    + ~~~~~~~~~~~~~~~~~…

  • set-QADUser Question Help

    Anybody know how to use Replace with set-QADUser?

    Trying to switch email suffix on users through a workflow. 

    $workflow.ActivityTarget("CreateDev511Account") is the name of the activity target. The workflow creates a user earlier with the old…

  • Azure AD Questions

    Hi all,

    I am new to One Identity products and possibly looking at purchasing Active Roles to automate new user requests from Service Now but I have a few questions that i hope you can help me with:


    We currently create users on our on premise…

  • Workflow - Custom subject


    I created a workflow who move an account and send a notification when is done. We would like to have the subject of the email customized like " Operation done for 'John Doe' " for exemple.

    But unfortunately to use to use an attribute…

  • Set Active Roles (ARS) Scheduled (PowerShell) Script Modules to Execute in PWSH.exe (v6+) vs POWERSHELL.exe

    How can I explicitly instruct ARS to execute scripts in PowerShell v7

  • Procedure In-Place Upgrade AR from version 7.4 to 7.4.3


    When in-place upgrade procedure is performed then ActiveRoles creates a new database each time ?

    When I change current database I get the error - 

    [InsertArServiceRecord] :Error Generated. Details: System.Data.SqlClient.SqlException (0x80131904): Violation…

  • Anomaly with forms edit properties


    I am in version 7.4.3 with all the fixes.

    I want to create a form to edit people in our AD with multiple tabs and dynamic lists. The anomaly is that when creating the form, I only have the choice to save and not next to go to the next tab. So dynamic…

  • Specify a friendly name for ARS Service Connection Point

    Is there a way to specify a friendly name for the service connection point that ARS Administration service creates in AD?  We name our servers in a complex way (like aaa-bbb-ccc-###) and it would be nice if I could specify a name like (ars01 or ADManagement01…

  • Auto Generate a password in a script


    I need to generate a password for a user in a policy script.  I'd like the password to be compliant with the password policy I've already setup in ARS, and which is generated if I use the New User wizard from the ARS MMC console.  I don't…

  • Active Role Synchronization for GAL entries


    I'm hoping someone can provide any information or experience on syncing a GAL between two Exchange environments.

    Right now I am just creating a contact in the target domain using a user account info from the source and giving the contact the…

  • SAML Error Unable to uniquely identify the user using provided claims Federation Authentication with Azure AD (327057)

    We continue to see the error described here support.oneidentity.com/.../error-unable-to-uniquely-identify-the-user-using-provided-claims-federation-authentication-with-azure-ad

    Our on-prem UPN and AzureAD UPN are different, so we are using the feature…

  • How to trigger map operation and commit without using the GUI console?

    Is there a way to trigger a map operation and commit for a password sync pair without using the GUI console?  The admin guide explains how to do it with console, but I'd prefer to send a command to the QARS server to trigger that, instead (preferably from…

  • Active Roles Web UI boolean value default to true

    Is there a way in the ARS web ui to set a virtual attribute boolean value to a default?  I have a boolean VA on a web form that isn't populated.  Not all users are created by the sync service, so I need this attribute to default to true, regardless…

  • Access Template for Microsoft LAPS - I have seen a template to grant reader to the ms-Mcs-AdmPwdattributes in ARS, but not a template to Grant Self (the computer account) access to write to the ms-Mcs-AdmPwdExpirationTime and ms-Mcs-AdmPwd.

    I tried to create an access template for granting self write access to the ms-Mcs-AdmPwd attributes and it seemed to do nothing.  I had to manually set the rights using powershell.  It would be so much easier to do this with an ARS Access Template.  This…