• what is effect of ARS if domain name changes?

    Hello Experts,

    We have an ARS-enabled environment where we are using ARS ,Change auditor for AD ,recovery and backup ,Account and group management and others features of Quest software.
    we have a new Microsoft Azure tenant and on prem AD. we have installed…

  • delete group approval workflow

    We are trying to set up a workflow that will require our service desk to get approval to delete AD groups.  I thought this would be fairly simple to accomplish so not sure what I am missing here.

    I've got the work flow set up to trigger when any service…

  • Trigger Workflow on Computer Domain Join

    Hi,

    *Disclaimer* I am still really new to workflows, so I apologize if this is a stupid question or has been answered already.

    I am in the very early stages on designing a workflow that would modify a virtual attribute on computer objects with a value…

  • Staged deprovision of user account

    Hey,

    I'm just wondering if it is possible to disable the ability to delete a user account, unless it has been deprovisioned.

    Thanks,

    SJ

  • Virtual Attribute update from ARS Sync or Set-QADUSer

    Hello,

    I have a new virtual attribute that I need populated for 34k users. Can you tell me the quickest way to accomplish this?

    I've tried via Active Roles Sync from a SQL Table and also took the data from the table and used "Set-QADUser -Proxy -Connect…

  • How do I access attribute 'Member' on a Group in a Policy Script that is triggered on postCreate

    I trigger a policy script from a policy object set to handle changes from dirsync.

    the operation is limited to Computer objects, in a specific OU, that have a set prefix.

    the $Request  contains the following.  It does not include the 'Member' value -…

  • Policy error returned on task approval

    Hello,

    I've an ARS farm with 2 servers, SERVER1 and SERVER2, they are accessed by an alias prd-ars.domain.com 

    I've set approval by primary owner on one group and modified the policy (Approval by Primary Owner (Manager)) to send notifications with…

  • upgrade to 7.4.5 / prerequisite software

    Hi all,

    I try to upgrade from 7.4.4 to 7.5.5 but failing on the prerequisite software installation.
    Upgrade from 7.4.3 to 7.4.4, I did a /quiet install therefore I've skipped the prerequisite installation, but now I need the azure stuff in ARS, so I want…

  • Add user to AD group and run script

    We have 19 groups, say if user is added to 3 groups out of those 19. the WF should add that single user to another security group and execute the script or assign 0365 License.

    can someone guide me a good approach to achieve this?

  • Extract Secondary owners from Security Groups

    Hi All,

    I need powershell script to find out secondary owners from all the security groups in my domain. I searched for few blogs and found some suggestion about report but i need script/Powershell to find out the same. 

    We have thousand groups and for…

  • Read Target group's managers and send mail to email attribute value defined in other domain

    Hi ,

    We have Domain A and Domain B in ARS. Domain A and Domain B users are in sync. Domain A does not have email attribute or incorrect email attribute but corresponding user in domain B has correct email attribute. we have security groups in domain A…

  • Computer Dynamic Group Membership Rule Distinguished Name

    Hello,

    I want to create a dynamic group including all computers with a Distinguished Name containing "CRETEIL".
    Unfortunately, the membership rule "Computer distinguishedName Contains CRETEIL" doesn't return any items while many computers have…

  • Cross domain members don't inherit group delegated rights

    Hello,

    I have two ARS managed domains which are in the same forest. Let's pretend domain1 and domain2.

    I also have two groups, domain1\read-domain1 and domain2\read-domain2 which have the rights "All Objects - Read All Properties" respectiv…

  • Azure AD Questions

    Hi all,

    I am new to One Identity products and possibly looking at purchasing Active Roles to automate new user requests from Service Now but I have a few questions that i hope you can help me with:

    Environment

    We currently create users on our on premise…

  • Active Roles 7.4 SAML configuration

    Recently we configured our dev ARS 7.4 environment with SAML pointing at AzureAD.  We followed the instructions in Active Roles 7.4 Administration guide, creating an App Pool service domain account with kerberos constrained delegation with the required…

  • Group membership approval not working for DL

    HI team,

    We have separate user domain and resource domain. Exchange is in resource domain for which users master accounts is in user domain. so linked mailboxes in resource domain.

    Few Distribution list in resource domain's exchange has owners defined…

  • Component Object Model (COM) File System Object Disablement?

    Forgive me if this is a simple question, but does Active Roles Server 7.3 use the File System Object at all? Been asked to see if this would impact our ARS operations if we were to disable the registry key that is associated with the File System Object…

  • Quickconnect Deprovision from DB2 Table to Active Roles

    Source System: DB2 Table

    Destination: Active Roles Server

    I have the synchronization service read data from a table. This table is formed by user submission to deprovision accounts. From the sync server, I send a deprovision job over to Active Roles…

  • Update description field on a managed unit fail

    Hi

    In the Helpdesk site I have created custom form with access to the description attribute and linked this to the directory object type of a Managed Unit. I have also created a user account with limited permissions in ARS but enough to allow changes…

  • Active Roles 7.3.3 is now available

    Active Roles 7.3.3 is now live on the Support Portal!

    Software and documentation are available at the following location(s):

    https://support.oneidentity.com/active-roles/7.3.3/download-new-releases

    https://support.oneidentity.com/active-roles/7.3.3/technical…

  • ARS upgrade path from 6.8 to 7.3?

    I've been tasked with upgrading our Quest ARS environment.  Is there any documentation or recommendation on an upgrade path from ARS 6.8 to 7.3?  Our 6.8 environment is a just single server and management wants to go with a full HA/DR solution with…

  • Perform batch operations on User objects from the web client

    Has anyone been able to create a custom command that can be performed against multiple selected objects?  I created a custom command that would set the edsvaProtectFromDeletion attribute to 'TRUE', but this command only appears when a single objects is…

  • Is it possible to generate a Managed Unit on the fly based on a users department or site code?

    Hello,

    Is it possible to generate a Managed Unit on the fly based on a users department or site code?

    Client has large number of AD user accounts, wants to limit the view and modification to only users in same department or site code.

    I was looking…

  • Get-QADuser not returning values for edsvaHomeDirectory

    Hello,

        Quest is populating this value for us for every new user created.  I would like to pull a report containing username and edsvaHomeDirectory for all users in AD.

    This is what I am running:

    get-qaduser -Identity * -Sizelimit '0' -IncludedProperties…

  • Does Active Roles support Hybrid Joins to Starling Services?

    Yes, starting with Active Roles 7.3.1, we added support for Hybrid Joins to Starling Services.

    Please see the following article for the latest information on what products and minimum versions are required to take advantage of the Starling Services Hybrid…