After upgrading to ARS 7.2.1 some users are no longer able to be disabled. The option is gone from the right click context menu for the user in the console. There is an option to deprovision, but not disable. I'm unable to figure out why. Two different…

Active Roles 7.2.1 public hotfix, KB 247276, is now available on the Support Portal:

https://support.oneidentity.com/kb/247276

This hotfix package address several issues with both Active Roles and the Sync Service.

We recently updated 2 servers to patch 4 for ARS 6.9 and since then, when attempting to reset passwords of users using the ARS MMC or web interface, the password reset dialog hangs and the session becomes unusable. This can be remedied by resetting the…

Hello,

We just upgraded to 7.2 and seem to be having some dynamic group issues.

Object are not getting added to dynamic groups right away as they were in 6.9.

An object will get added instantly when you create the object in ARS but when created in AD…

Hi, I've installed the new ARS 7.0.3.2320 version, old version is 6.7.0. I am using the exact same scripts for the new version.

When I am now unlock a locked account over ARS web, the event viewer on the ARS server shows:

operation: modification on…

I'm disappointed to see that in ARS 7.2, still, the Generate Password function does not take into account Fine Grained Password Policies.

Has anyone else found a way to get around this? I have different departments that need to have different length…

We would like to use Synch Service to update user's group membership from a SQL DB, instead of manually adding groups. We get the below message and found a KB article that says to create a virtual attribute for each group, but this workflow will apply…

I would like to automate the KRBTGT user password reset via a workflow as a countermeasure to the Golden ticket problem.

I've tried to set up a workflow that makes works as follow

search activity looks for users  in active directory with condition samaccountname…

 Hey guys,

is it possible to give a user-group permissons (eg PW-reset) on all user in another user-group? Further we need do design this delegation dynamic.

An example:

All members of the group "APW123" can reset the password for each user, that is member…

I would like to create a managed unit to find Inactive users, I know there is a workflow that can search inactive users.  I was thinking a managed unit with a custom search but not sure.

I am recreating all my site and want to know how to remove breadcrumbs and the tree view Tab in the new web interface in version 7.2

This is an advisory notification on changes to current product version support status in line with our life cycle policy.

Support for Active Roles 7.0.2 will be in discontinued support on November 30, 2017. To ensure your product is eligible for full…

Hello 

I want to push a boolean FALSE in a Forward Sync Rule in Active Roles Synchronisation Service?

I tried sync new User from a SQL Database to Active Roles. At the sync process I have to fill edsaPasswordNeverExpire with false, because there is a policy…

Using ARS 7 through the web interface, users are unable to search for contacts when adding objects to a distribution list. Users can find the contact in the global search, click the contact's "member of" and add the group that way but when adding a contact…

We're working on implementing ARS 7.0 (clean install) after having 6.9 for quite awhile. We've kind of hit a snag with our elevated permissions.

We have workstation support that uses temporal membership to "elevate" themselves into a group that…

Hi,

Just wondering if/how I could use ActiveRoles to put a limit on the number of members a group can have? Ideally I would like certain AD groups to have a maximum number of members, and then preventing new members from being added until the member count…

I am creating a user and trying to use the notification task in a workflow but i need a way to add a different person other than a manager to send to.  I have a virtual attrib that has a sam account name that would like to send the notification to.  the…

I've created a workstation deprovisioning policy, this policy changes properties, disabled and moves a workstation to a deprovisioned OU. This isn't a form policy, it's an attribute setter command. It flips a boolean to true which kicks off the policy…

When a manager receives an approval to add a user to a group is there a way we can provide a link to check the existing membership ?

We want the email to say “remember it is your responsibility to ensure the correct list of people have access to this…

Hi,

We want to add 2 new policy's on user creation these are

Property Generation and Validation

. accountExpires (accountExpires)

.edsaMemberOf (edsaMemberOf)

But we want them to be optional not Must be specifed, how can this be done?

regards,

B…

Hi,

We want to add 2 new policy's on user creation these are

Property Generation and Validation

. accountExpires (accountExpires)

.edsaMemberOf (edsaMemberOf)

But we want them to be optional not Must be specifed, how can this be done?

regards,

B…

We use the lousy nested structure for shared folder ntfs permissions where a domain local group contains a universal which contains a global and the global has the users.  I want to find a way to create the 3 groups required when a new folder is setup…

I remember seeing a document for ARS several years back - but am not able to locate one on the forums.    Does anyone have a pointer to the information? A Voluntary Product Accessibility Template , or VPAT, is a standardized form developed by the Information…