• Add Users directly to M365 groups in workflow or policies


    We are currently setting up ARS 7.4.4 and trying to add a user to a M365 group (cloud only, not synced from on-premise) using a workflow or provisioning policy however we have been unable to get this to work.

    Has anyone been able to achieve this without…

  • Active Roles 7.4.4 Capabilities


    We are looking to automate our current joiners, movers and leavers process and believe that this can be achieved using the latest version of AR. 

    We would like to setup AR integration with ServiceNow and then create the following workflows in its…

  • Temporary group membership

    HI,  I would like to add a group by midnight through a script, I know the GUI has the setting to set date and time but how would I do it using a script.


    Add-QADgroupmember -identity "groupname" -member $ADuser   (tonight at midnight)

  • Report of all users for Proxyaddress attribute


    I need Proxyaddress attribute of all users in domain. Since there are multiple values available in this attribute i need either to get each attribute separately in column or search users with one particular value only. for an example i need all users…

  • Enable-RemoteMailbox cmdlet not handling non terminating errors


    I'm using Enable-RemoteMailbox cmdlet and I wanted to handle non-terminating exceptions generated by the cmdlet. I searched '-ErrorAction Stop' parameter and used with Enable-RemoteMailbox cmdlet but no luck.

    Someone please help me out…

  • Computer Dynamic Group Membership Rule Distinguished Name


    I want to create a dynamic group including all computers with a Distinguished Name containing "CRETEIL".
    Unfortunately, the membership rule "Computer distinguishedName Contains CRETEIL" doesn't return any items while many computers have…

  • AccountExpires Approval Notification with a real date

    In the approval notification for when a users account expiration is changed, the client is wanting to show a date when the account will expire, or the number of days until the account expires.  The problem is that if we add the AccountExpires attribute…

  • Cross domain members don't inherit group delegated rights


    I have two ARS managed domains which are in the same forest. Let's pretend domain1 and domain2.

    I also have two groups, domain1\read-domain1 and domain2\read-domain2 which have the rights "All Objects - Read All Properties" respectiv…

  • Set-QADUser failing with variable??

    I have this script in a workflow and this line fails when I use a variable

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype = $UserEmpType}

    If I put text it works fine.

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype…

  • Logon name Custom VB Script - Creation Fire on Edit/Change?!

    We use a custom vb script to create a samAccountName (Logon name) for the user upon creation integrated in a policy. The template for the script I found somewhere on the one identity forum. it works well. Now I have found out, that if I want to edit …

  • How to Add a Custom Entry to a new Web Form


    We have a custom Web Interface that we have setup to easily create user accounts into various OU's. The problem we have is that the "New User" form is shared between all the OU's and not all attributes in the "New User" form are relevant.…

  • Undelete user object from Recycle bin


    First of all, can we undelete the users from recycle bin to actual OU's using any process like Sync Service, workflow, PS script etc, or let me know any othe process to do the process.

    I've a requirement to undelete the user object from the…

  • Active Roles 7.4.4

    Hi all, 

    Does anyone know when active roles 7.4.4 will be released to the public?

    We require the ability to write direct to AAD groups as well as create cloud only users and my understanding is that this will be supported in 7.4.4.

    Thanks in advance…

  • Active Roles 7.4.3 Collector and Report Pack's Reports missing Add or Delete Actions?

    In some of the Active Directory Management reports, for example, Directory object management or User attribute management, there is a "Select Action" dropdown for sql expression filters.  In the past 6.9 version, there were options like "(Select…

  • Dynamic Group Rebuilds

    We have been using large dynamic groups, 10k plus members, though even on the smaller one this is a problem.  Rebuilds are really problematic because a read by any service, in the middle of a rebuild, will cause that service to assume the, as yet to be…

  • web interface tree menu edit.

    I am running 7.4 and would like to remove a few links from the menu/Views.   I was able to see a forum post on Tree but Not Views.   Another idea was to get rid of this whole section or collapse and not be able to expand.

    Example all i would like is.

    • Active…
  • Dynamic Group - Recursive membership based on nested manager chain...

    Imagine a single manage is over 12 managers who in-turn all have 12 subordinate managers who all have teams of 10+ people - is there an easy native way to create a dynamic group membership query that encompasses ALL those people?

    Head-Manager Jill <- Sub…

  • New-QADComputer userAccountControl Active Roles

    I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

    We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in…

  • New-QADUser cmdlet Issue when logging the account creation event

    So when using the new-qaduser cmdlet, see below, The Event Log for event 4720 on the DC its connecting to to create the user account shows:

    Security ID: Domain\testing3
    Account Name: $2RG100-UU7PKQ1Q51GA
    Account Domain: Domain

    SAM Account…

  • How to trigger map operation and commit without using the GUI console?

    Is there a way to trigger a map operation and commit for a password sync pair without using the GUI console?  The admin guide explains how to do it with console, but I'd prefer to send a command to the QARS server to trigger that, instead (preferably from…

  • Resetting a users account within active roles just hangs


    We are having an issue when we log in to active roles console and attempt to reset a users password where upon clicking ok after setting the password it just hangs indefinitely. Other operations within AR still work fine but not password resets…

  • Active Roles scheduled script dies on access denied


    I have a Active Roles script module to move dormant objects using Move-QADObject and -ErrorAction SilentlyContinue.

    When i run it as a scheduled task the script dies when access is denied to move an object.

    I can run the job in ISE no problem and…

  • Group Owner unable to remove secondary owner from Web Portal


    I have "ActiveRoles Built-in\Primary Owner (Managed By)" setup for users to Read / Write Secondary Owners.

    Users are able to add but the remove button is grayed out. I cannot see where the permission need to be applied to allow the user…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Help exporting list of OS versions for multiple machines using Active Roles Management Shell

    Hi all,

    Apologies if this is in the wrong place,

    I'm very new to Active Roles and have been tasked with obtaining the OS of multiple machines throughout the business.I have the list in a .CSV format and I would like to run a script that will ask Active…