Browse By Tags

  • Cross domain members don't inherit group delegated rights

    Hello,

    I have two ARS managed domains which are in the same forest. Let's pretend domain1 and domain2.

    I also have two groups, domain1\read-domain1 and domain2\read-domain2 which have the rights "All Objects - Read All Properties" respectiv…

  • Set-QADUser failing with variable??

    I have this script in a workflow and this line fails when I use a variable

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype = $UserEmpType}

    If I put text it works fine.

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype…

  • Logon name Custom VB Script - Creation Fire on Edit/Change?!

    We use a custom vb script to create a samAccountName (Logon name) for the user upon creation integrated in a policy. The template for the script I found somewhere on the one identity forum. it works well. Now I have found out, that if I want to edit …

  • Partner Response Brief: Cyberattack on US Pipelines

    Partner Response Brief: Cyberattack on US Pipelines

      

    Summary:

    Recent news about Colonial Pipeline further reinforces that no organization is safe from a sophisticated ransomware attack.  Bad actors only need a small window of opportunity – e.g., a simple…

  • How to Add a Custom Entry to a new Web Form

    Hello,

    We have a custom Web Interface that we have setup to easily create user accounts into various OU's. The problem we have is that the "New User" form is shared between all the OU's and not all attributes in the "New User" form are relevant.…

  • Undelete user object from Recycle bin

    Hello,

    First of all, can we undelete the users from recycle bin to actual OU's using any process like Sync Service, workflow, PS script etc, or let me know any othe process to do the process.


    I've a requirement to undelete the user object from the…

  • Active Roles 7.4.4

    Hi all, 

    Does anyone know when active roles 7.4.4 will be released to the public?


    We require the ability to write direct to AAD groups as well as create cloud only users and my understanding is that this will be supported in 7.4.4.

    Thanks in advance…

  • Active Roles 7.4.3 Collector and Report Pack's Reports missing Add or Delete Actions?

    In some of the Active Directory Management reports, for example, Directory object management or User attribute management, there is a "Select Action" dropdown for sql expression filters.  In the past 6.9 version, there were options like "(Select…

  • Dynamic Group Rebuilds

    We have been using large dynamic groups, 10k plus members, though even on the smaller one this is a problem.  Rebuilds are really problematic because a read by any service, in the middle of a rebuild, will cause that service to assume the, as yet to be…

  • web interface tree menu edit.

    I am running 7.4 and would like to remove a few links from the menu/Views.   I was able to see a forum post on Tree but Not Views.   Another idea was to get rid of this whole section or collapse and not be able to expand.

    Example all i would like is.

    • Active…
  • Dynamic Group - Recursive membership based on nested manager chain...

    Imagine a single manage is over 12 managers who in-turn all have 12 subordinate managers who all have teams of 10+ people - is there an easy native way to create a dynamic group membership query that encompasses ALL those people?

    Head-Manager Jill <- Sub…

  • Managing Active Directory via Active Roles integration with one identity manager

    We have a requirement to manage the active directory accounts and groups from one identity manager. But there should not be a direct one identity manager to ad integration rather there should be one identity manager --> active roles --> active directory…

  • Three Ways to Improve Password Security and Self-service for Your End Users

    For enhanced password security, organizations need a simple, highly secure and efficient way for users to reset forgotten passwords and unlock accounts on their own. As an IT Leader, you must implement strong password policies and eliminate risk of data…

  • Achieve Zero Trust Even When Active Directory is in the Way

    After working with Active Directory for longer than I care to confess, the term ‘Zero Trust’ has bubbled up just about everywhere I look. For years, I ignored it, mostly because it sounds too good to be true. I assumed – as with some industry buzzwords…

  • New-QADComputer userAccountControl Active Roles

    I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

    We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in…

  • New-QADUser cmdlet Issue when logging the account creation event

    So when using the new-qaduser cmdlet, see below, The Event Log for event 4720 on the DC its connecting to to create the user account shows:

    Security ID: Domain\testing3
    Account Name: $2RG100-UU7PKQ1Q51GA
    Account Domain: Domain

    Attributes:
    SAM Account…

  • How to trigger map operation and commit without using the GUI console?

    Is there a way to trigger a map operation and commit for a password sync pair without using the GUI console?  The admin guide explains how to do it with console, but I'd prefer to send a command to the QARS server to trigger that, instead (preferably from…

  • Resetting a users account within active roles just hangs

    Hello,

    We are having an issue when we log in to active roles console and attempt to reset a users password where upon clicking ok after setting the password it just hangs indefinitely. Other operations within AR still work fine but not password resets…

  • Active Roles scheduled script dies on access denied

    Hello,

    I have a Active Roles script module to move dormant objects using Move-QADObject and -ErrorAction SilentlyContinue.

    When i run it as a scheduled task the script dies when access is denied to move an object.

    I can run the job in ISE no problem and…

  • Group Owner unable to remove secondary owner from Web Portal

    Hello,

    I have "ActiveRoles Built-in\Primary Owner (Managed By)" setup for users to Read / Write Secondary Owners.

    Users are able to add but the remove button is grayed out. I cannot see where the permission need to be applied to allow the user…

  • One Identity EMEA Partner Awards 2020 -- WINNERS

    One of the highlights of the year for One Identity is the Annual Partner Awards.  Usually, we coincide this with the EMEA UNITE Partner Conference, but this year since our event in Barcelona, Spain was postponed, we want to celebrate our 2020 award winners…

  • Error while undo-deprovisioning users

    I got ARS upgraded to 7.4.3 upgraded to our test environment, during testing i found out i get an error while doing a undo-deprovionsing user from the Disabled Users - deprovionsined users container

    The error says 'Built-in Policy - Dynamic Groups' failed…

  • Create Dynamic Group in PowerShell

    The script creates a brand new Group and converts it to Dynamic upon setting the MemberShip rules.

    If the group already exists, remove the "New-QADGroup" command.

    This was tested in Active Roles 7.4.1.

    NOTE: This is provided "AS IS" and is not…

  • Is Active Directory obsolete?

    What’s all this talk about Active Directory being obsolete?

    You may have heard rumblings that Microsoft Active Directory – lovingly acronymed as ‘AD’ – is “becoming obsolete and should be replaced”. You may have also heard that “you should reduce…

  • Active Roles Rapid recovery campaign

    Campaign description 

    The theme of this campaign is focused on readiness and efficiency in Active Directory management as we prepare for the end of the crisis.  As organizations furloughed employees, reduced work-forces, or switched users to remote status…