• Active Roles scheduled script dies on access denied


    I have a Active Roles script module to move dormant objects using Move-QADObject and -ErrorAction SilentlyContinue.

    When i run it as a scheduled task the script dies when access is denied to move an object.

    I can run the job in ISE no problem and…

  • Group Owner unable to remove secondary owner from Web Portal


    I have "ActiveRoles Built-in\Primary Owner (Managed By)" setup for users to Read / Write Secondary Owners.

    Users are able to add but the remove button is grayed out. I cannot see where the permission need to be applied to allow the user…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Help exporting list of OS versions for multiple machines using Active Roles Management Shell

    Hi all,

    Apologies if this is in the wrong place,

    I'm very new to Active Roles and have been tasked with obtaining the OS of multiple machines throughout the business.I have the list in a .CSV format and I would like to run a script that will ask Active…

  • One Identity Support Product Public RSS Feeds

    We have recently made several improvements to our product RSS feeds. They are now updating in real time so that you can immediately see any new content posted for the product you have an interest in.

    From our Support portal, when viewing a product, you…

  • ARS upgrade path from 6.8 to 7.3?

    I've been tasked with upgrading our Quest ARS environment.  Is there any documentation or recommendation on an upgrade path from ARS 6.8 to 7.3?  Our 6.8 environment is a just single server and management wants to go with a full HA/DR solution with…

  • UnDeprovision In ActiveRoles Sync Engine


    So I can see in the Sync Engine workflows (Old QC)  we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.

    However, I don…

  • ARS Quesry Based Distribution Group

    Is it possible to create a query based distribution group where the LDAP query compares two attributes and adds a user to the group if they are not the same?

    The two attributes that I want to compare are 'mail' and a virtual attribute 'edsvaFirstEmailAddress…

  • Perform batch operations on User objects from the web client

    Has anyone been able to create a custom command that can be performed against multiple selected objects?  I created a custom command that would set the edsvaProtectFromDeletion attribute to 'TRUE', but this command only appears when a single objects is…

  • difference between active roles version.


    Can anybody provide the details about the difference between active roles version 6.9 vs version 7.3.



  • Web customization not replicating to users - ARS 7.2.1


    We recently made a change the group form in Directory.

    The changes don't seem to be replicating to users.

    I see the changes when i logon to the admin console and login as the ARS Admin.

    I've save and reloaded the portal for publishing several…

  • Does Active Roles support Hybrid Joins to Starling Services?

    Yes, starting with Active Roles 7.3.1, we added support for Hybrid Joins to Starling Services.

    Please see the following article for the latest information on what products and minimum versions are required to take advantage of the Starling Services Hybrid…

  • Unable to set edsvaSecondaryOwnersCanUpdateMembershipList attribute on a group object using PowerShell

    Hello all,

    I have run into another snag when trying to modify objects in ARS with PowerShell. Currently, I am working on scripting DL creation but am hung up on changing one attribute. My current code is as follows:

    Connect-QADService -Proxy


  • LAPS attribute not visible under "Access Templates" in Active Roles Console

    Hi all,

    I've added the LAPS attribute "ms-Mcs-AdmPwd" in the Web Interface, so that the local admin password is visible under computer object. That worked fine and the password is there.
    Now I've tried to restrict the visibility to the password…

  • Active Roles 7.2.1 public hotfix now available on the Support Portal (KB 247276)

    Active Roles 7.2.1 public hotfix, KB 247276, is now available on the Support Portal:



    This hotfix package address several issues with both Active Roles and the Sync Service.

  • Active Roles 7.2 Language Pack is now available

    The Active Roles 7.2 Language Pack is now available for download here:


  • Active Roles 7.0.2 support discontinued as of November 30 2017

    This is an advisory notification on changes to current product version support status in line with our life cycle policy.

    Support for Active Roles 7.0.2 will be in discontinued support on November 30, 2017. To ensure your product is eligible for full…

  • change deprovisioned user's reporting objects to it's manager

    I am looking for a way to change all of a deprovisioned user's Direct Reports to the deprovisioned user's manager. For example I have Manager1 and Manager2. Manager2 has 50 employees who report to him listed under direct reports of manager2. Manager2…

  • RE: Group Family Maintenance

    I was looking for an answer to this question also.

    Here is something I put together. I'm not all that great with powershell but this works.

    It would be nice to get the control group cleaned automatically when the group goes empty and the attribute…

  • Will the use of Active Roles affect current integrations with AD? e.g. BMC Remedy ARS - AD integration

    Hi Everyone

    A customer of ours has integrations between AD and BMC Remedy ARS. These integrations have been done to make use of the data stored in AD with the connection of a bind user via port 3268.

    1. for Authentication and
    2. for the creation of user from…
  • List of Icons in Web Access

    Is there a fill list of icons displayed in Active Roles Web Interface and their meanings? cant find in manuals.

    We got this returned on a search, can guess what it means but not what it actually means.


  • Active Roles Server Auto Deprovission

    Hello all,

    With the help of members I have created a managed unit which houses users who have not logged on for over 90 days.

    and alos recieved help with script/ task to auto deprovision.

    However, I have come across below situation.

    User's are de-provisioned…

  • Upgrade Web Interface from 6.7 to 6.8 failed


    we want to Upgrade our Active Roles in Lab from 6.7 to 6.8. The Administration Service and the MMC upgrade works as expected. Only the Web Interface Upgrade fails with an error.


    Is there any log we can look why the installation failed??