• Add script to specific user attribute


    I'm trying to add a script to users attributes that will generate a 8 digit pin every 24 hours.

    We  have the script ready to go and will set it up in a scheduled task however,  I am having trouble linking the script to the specific attribute…

  • QARS Workflow/Policy Script to capture onPostModify of the mail attribute for a user and then write user's employeeID and mail attribute to a CSV file for export to our Workday HR system

    I need to implement a workflow/policy script that triggers onPostModify of the mail attribute, both for new users and changes to the mail attribute of existing users, and writes the user's employeeID and mail attribute to a CSV file and uploads it to…

  • Add-qadpermission -extendedrights

     Good morning,

    So I have a bit of an issue, I'm currently trying to script the entire lock down of AD

    Access Applies to Permission
    Allow  This object and all child objects Create user
    Allow  user Write userAccountControl
    Allow  user ExtendedRight…
  • Active Roles 7.2.1 and Collector public hotfix (KB 250838)

    Active Roles 7.2.1 public hotfix is now available on the Support portal (KB 250838).


    This hotfix package addresses several issues with Active Roles 7.2.1 and the Collector and Report pack.

  • How can I stop ARS from detecting my on-premise exchange environment? I do NOT want any mail options available at all.

    Currently using ARS 7.2.1 in a hybrid environment with on-premise Exchange and O365.  ARS is currently detecting the on-prem exchange environment and causing a few minor issues.  Is there a way to stop ARS from detecting the on-prem exchange environment…

  • Change/replace SIP address from the edsvaOffice365-UserID field

    Ill start off by saying I am a complete novice

    I would like to change user SIP address with the field edsvaOffice365-UserID

    Id also like to be able to update this by OU if possible

    I am using Quest Commandlet to pull this information. Get-QADUser -SearchRoot…

  • Active Roles 7.2 Language Pack is now available

    The Active Roles 7.2 Language Pack is now available for download here:


  • Home Folder provisioning

    Hi, I'm very new to Active Roles. Trying to figure out a way to provision Home Folder for users.

    We cannot put all our users in one share folder, we have over 40,000 home folders and can be a nightmare to manage. As of now, our provisioning team manually…

  • O365 Distribution Group Sync to ARS

    I have a bunch of O365 Distribution Groups that I used to bring down into ARS via the sync tool.  The issue is whenever I add someone to the group it doesn't update in O365.  When I add someone to the managed by field it doesn't update the owner field…

  • Import-module SQLPS - Script Modules


    I just upgraded to 7.2 and trying to run a powershell script module with SQL cmdlets.

    The cmdlets runs fine from ISE but I cannot get them to run from the script module.

    I even run Import-Module SQLPS in the script module. This was not an issue…

  • ARS 7.2 and Skype for Business

    I have upgraded to ARS 7.2 and applied the "Skype for Business - User Management" policy.  I have specified the Skype servers, and selected the appropriate OU for the Policy Object scope. There are no Skype commands showing on user accounts. 

  • Translating Objectsid to SID

    We have a postcreate script (powershell) that we run to set permissions for a users home directory. I am attempting to convert the script from using the users samaccountname to use the users sid. The problem is that from the $Request I am only able to…

  • ActiveRoles Managed DLs in O365

    Is there a way or ARS Powershell script to bulk change on-prem MS Exchange DLs to ActiveRole managed DLs in O365.
  • Is there a way to successfully update the MemberOf field using Synchronization Service?

    We would like to use Synch Service to update user's group membership from a SQL DB, instead of manually adding groups. We get the below message and found a KB article that says to create a virtual attribute for each group, but this workflow will apply…

  • ARS 7.2 and O365 account passwords

    When creating an account in ActiveRoles and then creating that same account in the tenant, where is the password stored?  Is it also stored in the tenant?  If it is, what process updates that password if the synchronization service is not setup to sync…

  • change user password via workflow

    I would like to automate the KRBTGT user password reset via a workflow as a countermeasure to the Golden ticket problem.

    I've tried to set up a workflow that makes works as follow


    search activity looks for users  in active directory with condition samaccountname…

  • How to remove breadcrumbs

    I am recreating all my site and want to know how to remove breadcrumbs and the tree view Tab in the new web interface in version 7.2

  • Deprovision help

    I started a deprovision task but i need some components to configure I know the power shell task to get this done not sure how to call the attributes from a deprovision script.  I guess overall how would the community do it.


    • Backup mailbox to PST
    • setup…
  • Service Account management?

    Can the Active Roles service account be managed by a PAM solution?

  • Why does changehistory take so much space now?

    Upon migrating from ARS 6.9 to 7.1 I noticed that the change history database quadrupled in size after importing the previous version's change history database.  Is this typical?

  • Group Owners and Self Service

    I'm wondering if there is a method to list groups that an employee is a manager of in the self service portal of active roles? I see that there are custom commands built by default but I do now have the option to perform any group maintenance. Thanks…

  • Get-QADUser returns blank values

    In the process of upgrading our v6.9 to the latest version but there is a burning issue for which our Operations team is looking for a report. The requirement is to gather the list of all user accounts in AD with their EmployeeIDReference and Division…

  • Script for Quest Powershell in order to pull data from AD

    Hi All, im new to powershell and need to extract out some data.

    I would like to extract below attributes from AD for a User. Could you please help me in fixing the script.

    Get-QADUser t70869 | select -ObjectAttributes samAccountName, givenName, sn, displayName…

  • Access Rule - Creator Owner

    Most access to objects is by MU and custom properties on the objects.

    If a technician creates and object with incorrect properties, they have no rights to the object they created because its out of their MU scope by design.

    I have created a security…

  • Workflow to check for Duplicate SAMAccount Name in multi-domain forest

    Can someone point me in the right direction to create a workflow which upon create request will check to see if there is a user by that SAMAccount name already in the forest?