It seams UndoDeprovison is not possible in a work flow when you have Quest Change auditor integration.
See this KB for details: UndoDeprovision with Workflow fails with error "Specified method is not supported" if Change Auditor Deprovision policy is applied…
I have a workflow that runs ever night. It will automatically deprovision any user with a certain timeframe of inactivity. Every now and then, a user does attempt to use their account and we have a process to undo the deprovisioned status in place. However…
I am writing a powershell policy script to detect remote mailbox types (EXO), ARS is not connected to Azure.
$DirObj.GetInfoEx(@("msExchRemoteRecipientType","msExchRecipientTypeDetails","mail"),0)
$msExchRecipientTypeDetails…
The script only seems to be working if the first condition is met. It is not working if the User2 is met. ($Session.Username -ne "user2") Is there some reason why the -OR isn't working in the IF statement. Any ideas?
function onGetEffectivePolicy…
Dear All,
We built a new ARS farm of 2 servers in 7.4 using 2 mutualized databases (one for config and one for history) 6 monthes ago.
Our old farm in 6.9 is still in production and we made some changes on it during these 6 monthes (Policies, dynamic…
Hello Guys,
I'm in need of a powershell script to get all dynamic groups in our environment with the membership rules.
I can get the list using the below script but the membership rules i get is the membership rules plus GUID & SID of the OU's with…
I wrote a custom powershell script and have it run in a workflow.
I'm having an issue with the try catch statement. If I remove try catch and just run the command inside the try method, the workflow executes fine. However, when a try catch is added,…
Hi,
I've installed ARS on a on a separated Domain and now try to add managed Domains in other non-trusted Domains. All ports form the ARS documentation are open against the specific Domains, but I am still facing the error that the Domain can't be contacted…
We have installed version 7.4 on a new server connected to a new database. When launching the ARS console, we get the following message.
Cannot retrieve the Two-Factor Authentication configuration information from the Active Roles Administration Service…
Hello All,
I have to implement a solution, where I have to use Workflows with partly User Input and also getting Workflow information in Scripting (prefered PowerShell). I searched these forum for Knowledge about it, but I could not find much. And the…
Hey Everyone,
First post and still quite a newb with Active Roles so don't mind the brief ignorance you may see :)
Basically my end goal is to make a Tab in the web interface User Object properties window only visible when a virtual attribute is…
Hello All,
I have to upgrade ARS from Version 6.8 to an up-to-date Version. And I also have to update the Server OS and SQL-Version. For my understanding of the ARS update path document I first have to update to Version 6.9 before I can go to Version…
Hi All,
I just wanted to know what background process does ARS do to provision objects to AD. Is it LDAP or any scripts that it run in background.
Thanks,
zzeet.
Hello,
We have an ARS 6.9 installation and the certificates were installed locally on the server(s). Question, can we use the load balancer as the certificate holder? I heard ARS requires certificates to be installed locally only?
Also, can someone provide…
Active Roles 7.3.3 is now live on the Support Portal!
Software and documentation are available at the following location(s):
https://support.oneidentity.com/active-roles/7.3.3/download-new-releases
https://support.oneidentity.com/active-roles/7.3.3/technical…
Hi,
I want to be able to add a secondary email adresse @domaine.mail.onmicrosoft.com to all my new user account so that I can migrate them to my Office365 during the night.
I have a policy that creates new exchange account. I tried to add a new secondary…
Hi,
I'm looking for a way to update an ARS policy via a schedule.
At the moment we populate dropdown menus in IAM Websites using onGetEffectivePolicy but it slows down accessing a user object (13 seconds to open). Adding the values to an ARS policy…
Dear All,
1. How does ARS provision users from ARS to AD. I mean what scripts does it run or what method does it run when a user click on submit button for user creation.
2. How does ARS decide, in a domain which AD should it provision the objects (users…
Having followed the instructions and prerequisites, we cannot get the websites on our fresh install of ARS 7.3.1 to work. We have matched our install to an existing install that works. We have the correct .NET Framework and copied all of the settings…
Hi,
I would like to use a custom password generation script written using powershell.
The custom script is essential just a copy of the default, but I swapped the "New-Password" function with my own and then deleted some of the other checks the default…
Hi all,
I'm struggling with setting up self service for users to manage groups. What I have done is on OU (where are my groups) add permission to "authenticated users" template "self - Group manage". On other OU where are users - template "users - list…
Hello,
So I can see in the Sync Engine workflows (Old QC) we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.
However, I don…
Hi all,
we are currently planning to roll-out SelfServicePortal for group management purposes.
However, we've got some requirements when it comes to objects that can be added to groups. Types are split by OU.
We have distribution lists, which can…
Hi all,
we are about to roll-out self-service for group management.
For that reason, I need to bulk-set primary and secondary owners.
While trying to get started I am experiencing issues in settings neccessary attributes.
I can set ManagedBy flag and…
