• Working with Attributes from $Request

    I'm trying to get information from $Request variable in Active Roles.

    When a user edits/changes attributes on their user account via the ARWebSelfService web portal, it triggers a workflow which performs a number of checks on the data and includes…

  • How do I use a command or script to disable Synchronization Service scheduled Sync workflow?

    I have a job separate from ARS that checks the health of the DB I am SYNCing to ARS. There are times I need to Disable Synchronization Service scheduled Sync workflow because there is an issue with the data on the source. Is there a command from the management…

  • Unable to modify attribute in onPostCreate


    I am trying to modify the attribute ""edsvaSendAsTrustees" in $DirObj in the function onPostCreate. My PowerShell function that is called in the onPostCreate looks like this:

  • onPostModify Is there a way to retrieve a list of all attributes that were modified?

    I attempted to use $Request.RequestedAttributes in the script but onPostModify this is blank. I've looked through the SDK and Sample Scripts on the oneidentity website and haven't found anything that does this. Does anyone have any ideas?

    I just…

  • Can't Access Saved Object Properties from Script / Counter Returns Empty


    We're trying to create a workflow that counts every time a user enables or disables another user every day (workflow trigger is the modifivation of edsaAccountIsDisabled). (the counter resets every day.) If the counter reaches 20, the action requires…

  • Workflows with if-then, PowerShell scripts, and $work.SavedObjectProperies


    I am working on a workflow to do some automation on our computer objects, and I am running into a weird issue that I am struggling to wrap my head around.

    The error I am receive:

    Executing the 'Run script: DEV New Computer Object Tag Location on…

  • Extended controls


    i discovered Extended Controls a while ago in Active Role Web Gui and i thought that might be a good way to control code but i guess i havent really thought about using it with onGetEffectivePolicy.

    1. For Example i have simple Form with onGetEffectivePolicy…
  • 'Parsing WS-Trust response failed' error_Connecting to Azure from PowerShell


    I'm seeing below error when I connect Azure AD. Using 'Connect-AzureAD -Credential $credObj' from PowerShell ISE.

    Could anyone please help me here.

    Connect-AzureAD : One or more errors occurred.: parsing_wstrust_response_failed: Parsing…

  • Get-QARSOperation not working in Prod OnPostUndelete Event


    I'm unable to run the 'Get-QARSOperation' cmdlet in production active roles console in the onpostundelete event. Do I need to do anything before run the cmdlet.

    But I'm able to run same in Powershell command prompt and Powershell ISE…

  • How to execute worfklow per operation?



    My goal is to limit the number of members added to a group, for example: I have a group with 4 members, and I set a limitation value of 5 (the value is set in extension attribute 1)

    I created a workflow with the operation: “add member to group…

  • How to change one common attribute for multiples groups using csv.

    How to change one common attribute for multiples groups using csv.

    i have around 2000+ groups which need to have a attribute updated. How can we achieve this.

  • How do I call the value of a policy object custom parameter value inside the script called from the policy?

    Searching the forum returned a buffet of 'not exactly it' - 

    in a nutshell "How do I access the policy parameter from within the script module called by the policy under the administration node"

    I have a policy, calling a policy script…

  • Update AD users based on csv file

    Hi There, 

    I am trying to bulk update few users based on CSV file and got the following working script:

    $users = Import-Csv "UserDetails.csv"
    foreach ($user in $users) {
         $userEmail = $user."Email"
         $UPN = get-qaduser $userEmail…

  • Assign add/remove group members permissions to AD group via script

    Hi Guys, how do I assign add/remove group members permissions to AD group via script? I know we can do it via set-acl command in Powershell, however how can we do it via script in QAD?

    I need to assign permissions to over 100 groups, and thus much easier…

  • Displaying multiple columns in Web Interface

    I have a script which queries a SQL table I created to add new users to a selected AD group on creation.

    The table originally had 1 column - AD Group Name, which returned all possible groups for the helpdesk to select from in a dropdown list in the web…

  • Pull a value out of policy or enforce a policy on one user.

    My goal is to look at the policy applied to an object and pull a value the policy would set.

    Specifically, I'd like to pull homePath and homeDirectory out of the Home Folder and AutoProvisioning Policy applied to a user object.

    This looks close to…

  • Script module to send out emails

    Hi Team,

    My issue is with the script module to send out emails.The objective is to use a secure way to call the password in the script module rather than using plain text password.

    I have encrypted the plain text password using the command


  • SMTP relay-Script

    Hi ,

    We are using  script in Active roles to send emails to the users. currently the script uses a username and a password to connect to exchange office365 as per below, we would like to use SMTP relay  to modify the below script , can you please let me…

  • Temporary group membership

    HI,  I would like to add a group by midnight through a script, I know the GUI has the setting to set date and time but how would I do it using a script.


    Add-QADgroupmember -identity "groupname" -member $ADuser   (tonight at midnight)

  • Sync servicenow with active roles cannot get certain attributes

    Good Morning.

    I am new to the forum and has been working for some time now in Active Roles although without more education that the little information that i can find in the web.

    We are trying to automatize certain tasks by synchronizing Servicenow and…

  • Set-QADUser failing with variable??

    I have this script in a workflow and this line fails when I use a variable

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype = $UserEmpType}

    If I put text it works fine.

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype…

  • Create Virtual Attribute Script?

    Need to create a bunch of Virtual Attributes. All single value Directory String, User attributes. Does any one have a script to create virtual attributes of a csv file or similar?

    I am not finding any of the Quest CmdLets that do it. 

  • Dynamic Group - Recursive membership based on nested manager chain...

    Imagine a single manage is over 12 managers who in-turn all have 12 subordinate managers who all have teams of 10+ people - is there an easy native way to create a dynamic group membership query that encompasses ALL those people?

    Head-Manager Jill <- Sub…

  • Set Active Roles (ARS) Scheduled (PowerShell) Script Modules to Execute in PWSH.exe (v6+) vs POWERSHELL.exe

    How can I explicitly instruct ARS to execute scripts in PowerShell v7

  • Detect changes that occur in Active Directory (not AR) and trigger an action?


    Is it at all possible for Active Roles to trigger off of a change made in the underlying Active Directory as opposed to within Active Roles itself?


    • A computer has BitLocker enabled and the keys are transferred to associated Active Directory…