• Specify a friendly name for ARS Service Connection Point

    Is there a way to specify a friendly name for the service connection point that ARS Administration service creates in AD?  We name our servers in a complex way (like aaa-bbb-ccc-###) and it would be nice if I could specify a name like (ars01 or ADManagement01…

  • New-QADComputer userAccountControl Active Roles

    I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

    We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in…

  • Active Role Synchronization for GAL entries


    I'm hoping someone can provide any information or experience on syncing a GAL between two Exchange environments.

    Right now I am just creating a contact in the target domain using a user account info from the source and giving the contact the…

  • SAML Error Unable to uniquely identify the user using provided claims Federation Authentication with Azure AD (327057)

    We continue to see the error described here support.oneidentity.com/.../error-unable-to-uniquely-identify-the-user-using-provided-claims-federation-authentication-with-azure-ad

    Our on-prem UPN and AzureAD UPN are different, so we are using the feature…

  • Active Roles Web UI boolean value default to true

    Is there a way in the ARS web ui to set a virtual attribute boolean value to a default?  I have a boolean VA on a web form that isn't populated.  Not all users are created by the sync service, so I need this attribute to default to true, regardless…

  • Sync virtual attribute values in side by side setup (6.9 -> 7.4)


    we are running ARS 6.9 in our production environment and are heavily using virtual attributes. I've set up ARS 7.4 side by side a while ago to familiarize with the new version, imported the 6.9 configuration and MH and already configured some workflows…

  • Access denied managing two domains on single ARS server

    I have ARS configured on one of our domain (abc.com), we had a request to setup ARS for an another domain. We want to have both the domain setup on the same ARS Server & both the domain appear & manage under the same ARS website.

    I've added the…

  • if we made changes in spmlschema.config file is restart needed


    We added virtual attribute in spmlschema.config. is Active Roles restart is need?



  • Need help to get special information from user as powershell script

    Hello Community. 

    Following problem i have.

    We useing Blackberry Server as MDM.

    I need a script that get the Username which have activated Blackberry UEM Android for Wor, Blackberry Work Dynamics and Blackberry allowExport Contacts.

    Those information…

  • How to call a remote powershell script from within a ARS workflow?

    Hi all, 

    Using ARS 7.4.3. I have a rather long Powershell script which I would like to start from a workflow. Meaning the workflow starts an Active Roles Powershell script which then fires the external script. In a normal powershell command windows, I…

  • addRequest was not working in Active Roles server

    addRequest was not working in Active Roles server

  • ARS - Replication status "unknown" / Publisher - Subscriber


    I have two ARS servers and two DBs, configured one of the ARS servers and promoted it as Publisher.
    I then added the second server as subscriber.

    Both ARS servers 2016 are running under version, SQL servers are 2016.

    In the ARS console, under…

  • ActiveRoles Management Shell for Active Directory version 1.6

    Hi team,

    I know that ActiveRoles Management Shell for Active Directory version 1.5 was last free version post that they have mentioned it should be commercial software but however no details on version 1.6 if it is free or commercial, because 1.7 mentioned…

  • (edsaisdynamicgroup=True)


    I'm having an issue with seeing all dynamic groups using this query. I query and not all show. When i look up and individual group that does not show in the query I check edsaisdynamicgroup and it is showing true.

    Anyone know how to correct…

  • Integrating ARS with BambooHR (3rd party HRIS software)

    Hi! We are looking to integrate ARS with BambooHR. We would like to use BambooHR (3rd party cloud based HRIS software) to create our user accounts, then push them to ARS so all the policies, workflows, etc are used when the user is created in AD. Is this…

  • Exchange Properties of users are not getting open for some users


    We are recently facing the issue on few users for whom we are not able to open exchange properties. Other tabs are working fine, but when we select exchange properties in ARS portal after opening user general properties, it takes time and finally…

  • Active Roles Upgrade - Slow SQL Replication

    During Active Roles upgrade to 7.2 version we caught such a problem:

    After deploying new change history databae on new server and configuring it as publisher we added a subscriber. 95% of database on publisher migrated during first hours, but the rest…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Populate attribute with list of Server Names

    I am trying to build a Workflow for User Logon restrictions. I need the workflow to search for servers that exist in different groups, OU's or managed Unit. If necessary i can consolidate them into 1. The issue is I need to then populate the user attribute…

  • Password Generation Script (Latest) (296930)

    Password Generation Script (Latest) (296930)

    As per the below KB, I'm trying to modify our password generation script to remove obscure characters such as "^-')({" from the ARS password generation action, i tried to use the the script in the KB and modified…

  • Stale User Deprovision and Undoing deprovision

    I have a workflow that runs ever night. It will automatically deprovision any user with a certain timeframe of inactivity. Every now and then, a user does attempt to use their account and we have a process to undo the deprovisioned status in place. However…

  • Get-QADuser - Odd Behavior - Using SerializeValues switch alters datetime values

    Hey Community,

    Ran into an odd behavior when utilizing the SerializeValues switch for Get-QADUser.

    Whenever it is used in a query that includes an DateTime values, it reformats it and changes the value by an hour or two in the past.



  • Getting msExchRecipientDisplayType values via $dirObj, returns a System.__ComObject reference, not the integer.

    I am writing a powershell policy script to detect remote mailbox types (EXO), ARS is not connected to Azure.

  • Web Interface Command Filter on Group Member

    So I am trying to see if it is possible to only show a custom group command to a user only if that user is NOT a member. I am aware of the AVFilter in the <IsCommandAllowedFilter> tag, but that seems like it only takes hard-coded strings, in which my…

  • Issue: clearing edsva-ScheduledLink-Endtime - unintended consequence

    Hi - We leverage temporal group membership to control the length of time a user can remain password allowed before being flipped back to smartcard required.

    When we need to reset the edsva-ScheduledLink-Endtime  for entries in the group, we clear that value…