Browse By Tags

  • Achieve Zero Trust Even When Active Directory is in the Way

    After working with Active Directory for longer than I care to confess, the term ‘Zero Trust’ has bubbled up just about everywhere I look. For years, I ignored it, mostly because it sounds too good to be true. I assumed – as with some industry buzzwords…

  • New-QADComputer userAccountControl Active Roles

    I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

    We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in…

  • New-QADUser cmdlet Issue when logging the account creation event

    So when using the new-qaduser cmdlet, see below, The Event Log for event 4720 on the DC its connecting to to create the user account shows:

    Security ID: Domain\testing3
    Account Name: $2RG100-UU7PKQ1Q51GA
    Account Domain: Domain

    SAM Account…

  • How to trigger map operation and commit without using the GUI console?

    Is there a way to trigger a map operation and commit for a password sync pair without using the GUI console?  The admin guide explains how to do it with console, but I'd prefer to send a command to the QARS server to trigger that, instead (preferably from…

  • Resetting a users account within active roles just hangs


    We are having an issue when we log in to active roles console and attempt to reset a users password where upon clicking ok after setting the password it just hangs indefinitely. Other operations within AR still work fine but not password resets…

  • Active Roles scheduled script dies on access denied


    I have a Active Roles script module to move dormant objects using Move-QADObject and -ErrorAction SilentlyContinue.

    When i run it as a scheduled task the script dies when access is denied to move an object.

    I can run the job in ISE no problem and…

  • Group Owner unable to remove secondary owner from Web Portal


    I have "ActiveRoles Built-in\Primary Owner (Managed By)" setup for users to Read / Write Secondary Owners.

    Users are able to add but the remove button is grayed out. I cannot see where the permission need to be applied to allow the user…

  • One Identity EMEA Partner Awards 2020 -- WINNERS

    One of the highlights of the year for One Identity is the Annual Partner Awards.  Usually, we coincide this with the EMEA UNITE Partner Conference, but this year since our event in Barcelona, Spain was postponed, we want to celebrate our 2020 award winners…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Create Dynamic Group in PowerShell

    The script creates a brand new Group and converts it to Dynamic upon setting the MemberShip rules.

    If the group already exists, remove the "New-QADGroup" command.

    This was tested in Active Roles 7.4.1.

    NOTE: This is provided "AS IS" and is not…

  • Is Active Directory obsolete?

    What’s all this talk about Active Directory being obsolete?

    You may have heard rumblings that Microsoft Active Directory – lovingly acronymed as ‘AD’ – is “becoming obsolete and should be replaced”. You may have also heard that “you should reduce…

  • Active Roles Rapid recovery campaign

    Campaign description 

    The theme of this campaign is focused on readiness and efficiency in Active Directory management as we prepare for the end of the crisis.  As organizations furloughed employees, reduced work-forces, or switched users to remote status…

  • Help exporting list of OS versions for multiple machines using Active Roles Management Shell

    Hi all,

    Apologies if this is in the wrong place,

    I'm very new to Active Roles and have been tasked with obtaining the OS of multiple machines throughout the business.I have the list in a .CSV format and I would like to run a script that will ask Active…

  • One Identity Support Product Public RSS Feeds

    We have recently made several improvements to our product RSS feeds. They are now updating in real time so that you can immediately see any new content posted for the product you have an interest in.

    From our Support portal, when viewing a product, you…

  • Dark Present but Brighter Future for AD Account Lifecycle Management

    From onboarding new hires to quickly removing access of fired employees, tracking promotions, third-party access and an organization in constant flux, account lifecycle management can turn into a security nightmare for enterprises. High maturity – high…

  • You Can Live a Dual Life – Use Cases and Solutions for a Hybrid World

    Hannah Montana was right: you can have the best of both worlds. Though the late 2000s teen queen was singing about her secret double life as a high-flying pop star and a down-to-earth high school student, it turns out that that life goal now also applies…

  • Can Pauline Find Productivity without AD-Centered Identity Management?

    Which introductory experience do new hires to your organization get? Are they able to login on their first day and access all necessary resources to do their basic job? Or… are they temporarily assigned a left-over cubicle with no phone, computer or network…

  • Starling Connect extends your identity administration and governance capabilities to the cloud

    You already know the amazing capabilities of One Identity Active Roles and how it simplifies and centralizes provisioning and deprovisioning processes for your Active Directory and Azure Active Directory-controlled identities. You know that it provides…

  • PowerShell Library Source Code

    # *****************************************************************************
    # Best Practices Library For PowerShell
    # *****************************************************************************\
    # Copyright One Identity
    # Last modified: July 5, 20…

  • ARS upgrade path from 6.8 to 7.3?

    I've been tasked with upgrading our Quest ARS environment.  Is there any documentation or recommendation on an upgrade path from ARS 6.8 to 7.3?  Our 6.8 environment is a just single server and management wants to go with a full HA/DR solution with…

  • UnDeprovision In ActiveRoles Sync Engine


    So I can see in the Sync Engine workflows (Old QC)  we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.

    However, I don…

  • ARS Quesry Based Distribution Group

    Is it possible to create a query based distribution group where the LDAP query compares two attributes and adds a user to the group if they are not the same?

    The two attributes that I want to compare are 'mail' and a virtual attribute 'edsvaFirstEmailAddress…

  • Perform batch operations on User objects from the web client

    Has anyone been able to create a custom command that can be performed against multiple selected objects?  I created a custom command that would set the edsvaProtectFromDeletion attribute to 'TRUE', but this command only appears when a single objects is…

  • difference between active roles version.


    Can anybody provide the details about the difference between active roles version 6.9 vs version 7.3.