• New-QADComputer userAccountControl Active Roles

    I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

    We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in…

  • New-QADUser cmdlet Issue when logging the account creation event

    So when using the new-qaduser cmdlet, see below, The Event Log for event 4720 on the DC its connecting to to create the user account shows:

    Security ID: Domain\testing3
    Account Name: $2RG100-UU7PKQ1Q51GA
    Account Domain: Domain

    SAM Account…

  • How to trigger map operation and commit without using the GUI console?

    Is there a way to trigger a map operation and commit for a password sync pair without using the GUI console?  The admin guide explains how to do it with console, but I'd prefer to send a command to the QARS server to trigger that, instead (preferably from…

  • Resetting a users account within active roles just hangs


    We are having an issue when we log in to active roles console and attempt to reset a users password where upon clicking ok after setting the password it just hangs indefinitely. Other operations within AR still work fine but not password resets…

  • Active Roles scheduled script dies on access denied


    I have a Active Roles script module to move dormant objects using Move-QADObject and -ErrorAction SilentlyContinue.

    When i run it as a scheduled task the script dies when access is denied to move an object.

    I can run the job in ISE no problem and…

  • Group Owner unable to remove secondary owner from Web Portal


    I have "ActiveRoles Built-in\Primary Owner (Managed By)" setup for users to Read / Write Secondary Owners.

    Users are able to add but the remove button is grayed out. I cannot see where the permission need to be applied to allow the user…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Help exporting list of OS versions for multiple machines using Active Roles Management Shell

    Hi all,

    Apologies if this is in the wrong place,

    I'm very new to Active Roles and have been tasked with obtaining the OS of multiple machines throughout the business.I have the list in a .CSV format and I would like to run a script that will ask Active…

  • One Identity Support Product Public RSS Feeds

    We have recently made several improvements to our product RSS feeds. They are now updating in real time so that you can immediately see any new content posted for the product you have an interest in.

    From our Support portal, when viewing a product, you…

  • ARS upgrade path from 6.8 to 7.3?

    I've been tasked with upgrading our Quest ARS environment.  Is there any documentation or recommendation on an upgrade path from ARS 6.8 to 7.3?  Our 6.8 environment is a just single server and management wants to go with a full HA/DR solution with…

  • UnDeprovision In ActiveRoles Sync Engine


    So I can see in the Sync Engine workflows (Old QC)  we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.

    However, I don…

  • ARS Quesry Based Distribution Group

    Is it possible to create a query based distribution group where the LDAP query compares two attributes and adds a user to the group if they are not the same?

    The two attributes that I want to compare are 'mail' and a virtual attribute 'edsvaFirstEmailAddress…

  • Perform batch operations on User objects from the web client

    Has anyone been able to create a custom command that can be performed against multiple selected objects?  I created a custom command that would set the edsvaProtectFromDeletion attribute to 'TRUE', but this command only appears when a single objects is…

  • difference between active roles version.


    Can anybody provide the details about the difference between active roles version 6.9 vs version 7.3.



  • Web customization not replicating to users - ARS 7.2.1


    We recently made a change the group form in Directory.

    The changes don't seem to be replicating to users.

    I see the changes when i logon to the admin console and login as the ARS Admin.

    I've save and reloaded the portal for publishing several…

  • Does Active Roles support Hybrid Joins to Starling Services?

    Yes, starting with Active Roles 7.3.1, we added support for Hybrid Joins to Starling Services.

    Please see the following article for the latest information on what products and minimum versions are required to take advantage of the Starling Services Hybrid…

  • Unable to set edsvaSecondaryOwnersCanUpdateMembershipList attribute on a group object using PowerShell

    Hello all,

    I have run into another snag when trying to modify objects in ARS with PowerShell. Currently, I am working on scripting DL creation but am hung up on changing one attribute. My current code is as follows:

    Connect-QADService -Proxy


  • LAPS attribute not visible under "Access Templates" in Active Roles Console

    Hi all,

    I've added the LAPS attribute "ms-Mcs-AdmPwd" in the Web Interface, so that the local admin password is visible under computer object. That worked fine and the password is there.
    Now I've tried to restrict the visibility to the password…

  • Active Roles 7.2.1 public hotfix now available on the Support Portal (KB 247276)

    Active Roles 7.2.1 public hotfix, KB 247276, is now available on the Support Portal:



    This hotfix package address several issues with both Active Roles and the Sync Service.

  • Active Roles 7.2 Language Pack is now available

    The Active Roles 7.2 Language Pack is now available for download here:


  • Active Roles 7.0.2 support discontinued as of November 30 2017

    This is an advisory notification on changes to current product version support status in line with our life cycle policy.

    Support for Active Roles 7.0.2 will be in discontinued support on November 30, 2017. To ensure your product is eligible for full…

  • change deprovisioned user's reporting objects to it's manager

    I am looking for a way to change all of a deprovisioned user's Direct Reports to the deprovisioned user's manager. For example I have Manager1 and Manager2. Manager2 has 50 employees who report to him listed under direct reports of manager2. Manager2…

  • Active Roles Server Auto Deprovission

    Hello all,

    With the help of members I have created a managed unit which houses users who have not logged on for over 90 days.

    and alos recieved help with script/ task to auto deprovision.

    However, I have come across below situation.

    User's are de-provisioned…