• Active Roles Upgrade - Slow SQL Replication

    During Active Roles upgrade to 7.2 version we caught such a problem:

    After deploying new change history databae on new server and configuring it as publisher we added a subscriber. 95% of database on publisher migrated during first hours, but the rest…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Quickconnect Deprovision from DB2 Table to Active Roles

    Source System: DB2 Table

    Destination: Active Roles Server

    I have the synchronization service read data from a table. This table is formed by user submission to deprovision accounts. From the sync server, I send a deprovision job over to Active Roles…

  • UnDeprovision In ActiveRoles Sync Engine


    So I can see in the Sync Engine workflows (Old QC)  we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.

    However, I don…

  • Inactive Users Deprovisioning - Filter not working


    I have a workflow that finds inactive user accounts, this has two filters to exclude accounts that have "NODEL" in the comment filed, OR the account password is set to never expire, but the password expiration filter does not seem to be…

  • QARS Workflow/Policy Script to capture onPostModify of the mail attribute for a user and then write user's employeeID and mail attribute to a CSV file for export to our Workday HR system

    I need to implement a workflow/policy script that triggers onPostModify of the mail attribute, both for new users and changes to the mail attribute of existing users, and writes the user's employeeID and mail attribute to a CSV file and uploads it to…

  • Active Roles 7.2.1 and Collector public hotfix (KB 250838)

    Active Roles 7.2.1 public hotfix is now available on the Support portal (KB 250838).


    This hotfix package addresses several issues with Active Roles 7.2.1 and the Collector and Report pack.

  • How can I stop ARS from detecting my on-premise exchange environment? I do NOT want any mail options available at all.

    Currently using ARS 7.2.1 in a hybrid environment with on-premise Exchange and O365.  ARS is currently detecting the on-prem exchange environment and causing a few minor issues.  Is there a way to stop ARS from detecting the on-prem exchange environment…

  • Active Roles 7.2 Language Pack is now available

    The Active Roles 7.2 Language Pack is now available for download here:


  • O365 Distribution Group Sync to ARS

    I have a bunch of O365 Distribution Groups that I used to bring down into ARS via the sync tool.  The issue is whenever I add someone to the group it doesn't update in O365.  When I add someone to the managed by field it doesn't update the owner field…

  • Translating Objectsid to SID

    We have a postcreate script (powershell) that we run to set permissions for a users home directory. I am attempting to convert the script from using the users samaccountname to use the users sid. The problem is that from the $Request I am only able to…

  • ActiveRoles Managed DLs in O365

    Is there a way or ARS Powershell script to bulk change on-prem MS Exchange DLs to ActiveRole managed DLs in O365.
  • Is there a way to successfully update the MemberOf field using Synchronization Service?

    We would like to use Synch Service to update user's group membership from a SQL DB, instead of manually adding groups. We get the below message and found a KB article that says to create a virtual attribute for each group, but this workflow will apply…

  • ARS 7.2 and O365 account passwords

    When creating an account in ActiveRoles and then creating that same account in the tenant, where is the password stored?  Is it also stored in the tenant?  If it is, what process updates that password if the synchronization service is not setup to sync…

  • How to remove breadcrumbs

    I am recreating all my site and want to know how to remove breadcrumbs and the tree view Tab in the new web interface in version 7.2

  • Get-QADUser returns blank values

    In the process of upgrading our v6.9 to the latest version but there is a burning issue for which our Operations team is looking for a report. The requirement is to gather the list of all user accounts in AD with their EmployeeIDReference and Division…

  • Script a different person in a notification other than manager

    I am creating a user and trying to use the notification task in a workflow but i need a way to add a different person other than a manager to send to.  I have a virtual attrib that has a sam account name that would like to send the notification to.  the…

  • Customized workflow approval process

    Good day to all..

    We got a request from the customer saying.. If a user added to a specific group, workflow trigger a approvals mail to user's manager.

    We selected "Manager of person being added or removed from a Target group", in "Approvers…

  • New Active Roles Policy


    We want to add 2 new policy's on user creation these are

    Property Generation and Validation

    . accountExpires (accountExpires)

    .edsaMemberOf (edsaMemberOf)


    But we want them to be optional not Must be specifed, how can this be done?




  • Create New User - Policy Property Value not there?


    I've created a policy object which includes a Property Generation and Validation Policy and applied to the Users OU(Similar to the City example used in Quest Videos and documentation). However when i go through the wizard to create a new user the property…

  • Notification email: including properties of objects added/removed from groups

    Hi all,

    I seem to recall this being discussed before but I havent managed to find the thread.  I need to send a custom email notification when users are removed from a particular group.  The notification email needs to contain certain attribute data from…

  • Access Denied to Web and Admin Console

    Hi all,

    I have been haveing an issue and am hoping to get some insight.

    I have a user account that should have access to both the web console and the admin console but they keep getting prompted for username and password for the webpage. if they type…

  • Dynamic Groups - Membership Rule Strategies

    Hi all,

    We've been having some discussions within our org about our deployment of Dynamic Groups.   Our deployment strategy has been gradual where we have been converting existing groups and issuing Dynamic Groups for all new requests where possible…

  • Unexpected behaviour from IADsPropertyEntry


    The following is a snippet of code that I use very often to determine when a particular attribute is being modified on an object:

    for ($i=0; $i -le $Request.PropertyCount; $i++) {

      if ($Request.Item($i).Name -eq "Attribue I'm Watching") {…

  • Collector freezes on collection on of event logs

    Hi Everyone,

    I run 2 separate collection jobs on 2 separate servers.  The frist job collects AD information and runs without issues.  The second job runs against the event logs on both servers.  I've found an issue that causes the collector to freeze up on…