• Domain sync with groups to a sub domain and users as member of the root domain

    Hello Experts,

    Anyone happen to have handled a domain groups sync in a situation where the groups and users are in the same forest but the groups need to be created in the sub domain but the users are in the root domain.

    • (Source)
      • Acquired Domain (Acquired…
  • Use workflow script to modify Azure attribute of removed member (disabling)

    Good morning

    I am a beginner in ARS Workflows....

    I have a use case where an account which is synched from AD on-Premise to Azure is disabled on premise and must be immediately disabled on Azure without waiting for next the AAD synch run.

    i know how to…

  • Backlink attributes

    Is it possible to create a virtual attribute on one class of objects and tie it to another class via a backlink attribute?

    Similar to Members in groups and Memberof in Users, how can I create a banklink that works like this?

    I haven't found any references…

  • Policy User Logon Name: Compound name

    Hello!
    In Spain it is very common to have compound names, for example: Maria Del Carmen.
    I am looking for how to create the samaccountname as follows:
    Maria (Attribute 1)
    Del Carmen (Attribute 2)
    Perez (Attribute 3)
    First letter of attribute 1 + First letter…

  • Name and description policy for pre-create Computer object

    I'm trying to create a policy which requires the following two conditions to be met in order for a computer object to be created:

    1. The name must be prefixed with the first six characters of the containing ou (ou name=LA0001PES)

    2. The description…

  • PowerShell - Access Template - checkboxs for apply permissions onto

    The command being leveraged is:

    New-QARSAccessTemplateLink -AccessTemplate $AccessTemplate -DirectoryObject $DirObj -Trustee $TrustedGroup -Proxy
    What additional parameters are required to remove "Child objects of this directory object" selection (uncheck…
  • How to connect to ARS v8 from PowerShell?

    I have the following function in PowerShell:

    Function Get-ARSServers {

    $searchRoot = "CN=Enterprise Directory Manager,CN=Aelita,CN=System,$([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().GetDirectoryEntry() | Select-Object -ExpandProperty…

  • Can Active Roles perform WMI queries

    Hi,

    I'm working on a way to filter devices based on their type (laptop, tablet, desktop) to move them into a corresponding OU.  I've done this before using the parent OU or name but in my new situation all devices will be in one big OU to start so…

  • Remove a list users from a list of groups

    Hey everyone, 
    I am new to the community and new to Active Roles. 
    I have been able to create a couple of scripts for bulk add/remove users and groups, but am having issues with creating a script to launch that will remove a list of users (CSV) from a list…

  • Copy Managed Resources between users

    Hello

    I want to copy/move Managed Resources between users in ARwebAdmin/Console

    How can I do it?

  • Synchronization service powershell write to datetime attribute error

    Hello,

    I have been trying to script getting a datetime from MS Graph and output this to a virtual attribute (configured as general time) in Active Roles, but every time I receive the same error, no matter what I do:

    "The string was not recognized as…

  • Get Users of Dynamic Groups

    I have a dynamic group called F_AllManagers. It is made up of multiple dynamic groups. I need to get a list of the actual users from the multiple dynamic groups that make up the F_AllManagers. How can this be done in Quest Powershell?

  • Pop-up to Form in Home Page ARS 8.0

    Hello,

    I build a Web Interface to create users, and I send the URL forms to the home page. The Forms

    but when I open the form it's open on a new page,

    can I configure it to open in a pop-up like a normal form in ou? For example - pop-up

    Thanks!

  • ARS Upgrade to 8.0 workflow approvals that request information causes error

    Hello,

    This is my very first posting to any One Identity forum.  I recently upgraded my Active Roles server from 7.4.3 to 8.0 and noticed that some of my workflows are throwing web errors.  This big red error banner on the approval pop-up states "Object…

  • workflow trigger not an Active Roles operation

    Hi,

    I'm using Active Roles 7.5 and I'm looking for assistance on creating a workflow (on demand or automated) where the trigger isn't initiated within an Active Roles operation.  We have our computers sorted into Operating system and type…

  • Default Search criteria

    Hello ARS experts,

    We have a need to make employeeNumber a default search criteria in the webportal when adding a user to a group. I see that you can add the criteria for searching one person. Although if allowing the search to default to employee number…

  • samAccountName Generation with no Recycling

    Hi All,

    We recently decided to delete several thousand inactive accounts - we are now being told this is causing issues with Application historical records as the usernames are now being recycled.

    We are planning to stop this by building either an LDS…

  • Ldap filter for edsaDGOriginatingService

    Hello All,

    I don't see a way to do a ldapfilter for edsaDGOriginatingService. It seems to not work. I can use some virtual attribute to do ldap filter but this one is not working.

    We have over 8k Dynamic groups and I need to just filter those that…

  • KB5020276—Netjoin: Domain join hardening change breaks ARS allow domain join

    I've opened a support request up with One Identity already but  wanted to see if anyone here has seen this yet. October client patches from MS have a domain join hardening update.  In a nutshell if the account doing the join to an existing object in…

  • Extended controls

    Hi 

    i discovered Extended Controls a while ago in Active Role Web Gui and i thought that might be a good way to control code but i guess i havent really thought about using it with onGetEffectivePolicy.

    1. For Example i have simple Form with onGetEffectivePolicy…
  • Unable to get Danish language web modification working

    Hi

    I have an installation of Active Roles at one of our clients and the preferred language is in Danish in the web interface. Now we would like to change the label text on the deprovision command in the action pane to the right when selecting an individual…

  • Web interface force authentication

    Is it possible to force users to authenticate using a Username and password to login to any of the AR web interfaces

  • group membership approval workflow request question

    I am trying to setup the approval by primary owner workflow for group membership change. However, it didn't seem to work and I am hoping to get some help here. This is a new AR 7.4.3 setup without too much customization. 

    What I did

    Defined the primary…

  • Generating a unique CN and UPN Prefix

    Hi,
    I'm trying to write a script that will check the build the Uniqueness value of the cn attribute and then set the UPNPrefix (edsaUPNPrefix) attribute to the CN. I understand that the normal way is just to set a uniqueness value at the end of the SAM…

  • How to execute worfklow per operation?

    Hello

     

    My goal is to limit the number of members added to a group, for example: I have a group with 4 members, and I set a limitation value of 5 (the value is set in extension attribute 1)

    I created a workflow with the operation: “add member to group…