Browse By Tags

  • Add Users directly to M365 groups in workflow or policies


    We are currently setting up ARS 7.4.4 and trying to add a user to a M365 group (cloud only, not synced from on-premise) using a workflow or provisioning policy however we have been unable to get this to work.

    Has anyone been able to achieve this without…

  • Active Roles 7.4.4 Capabilities


    We are looking to automate our current joiners, movers and leavers process and believe that this can be achieved using the latest version of AR. 

    We would like to setup AR integration with ServiceNow and then create the following workflows in its…

  • Temporary group membership

    HI,  I would like to add a group by midnight through a script, I know the GUI has the setting to set date and time but how would I do it using a script.


    Add-QADgroupmember -identity "groupname" -member $ADuser   (tonight at midnight)

  • Report of all users for Proxyaddress attribute


    I need Proxyaddress attribute of all users in domain. Since there are multiple values available in this attribute i need either to get each attribute separately in column or search users with one particular value only. for an example i need all users…

  • Enable-RemoteMailbox cmdlet not handling non terminating errors


    I'm using Enable-RemoteMailbox cmdlet and I wanted to handle non-terminating exceptions generated by the cmdlet. I searched '-ErrorAction Stop' parameter and used with Enable-RemoteMailbox cmdlet but no luck.

    Someone please help me out…

  • Computer Dynamic Group Membership Rule Distinguished Name


    I want to create a dynamic group including all computers with a Distinguished Name containing "CRETEIL".
    Unfortunately, the membership rule "Computer distinguishedName Contains CRETEIL" doesn't return any items while many computers have…

  • AccountExpires Approval Notification with a real date

    In the approval notification for when a users account expiration is changed, the client is wanting to show a date when the account will expire, or the number of days until the account expires.  The problem is that if we add the AccountExpires attribute…

  • Active Roles Script Center

    Welcome to the Active Roles Script Center.

    These examples are provided as is, without warranty of any kind, either expressed or implied, including but not limited to the warranties or merchantability and/or fitness for a particular purpose.

    If you want…

  • Sync servicenow with active roles cannot get certain attributes

    Good evening.

    I am new to the forum and has been working for some time now in Active Roles although without more education that the little information that i can find in the web.

    We are trying to automatize certain tasks by synchronizing Servicenow and…

  • Cross domain members don't inherit group delegated rights


    I have two ARS managed domains which are in the same forest. Let's pretend domain1 and domain2.

    I also have two groups, domain1\read-domain1 and domain2\read-domain2 which have the rights "All Objects - Read All Properties" respectiv…

  • Set-QADUser failing with variable??

    I have this script in a workflow and this line fails when I use a variable

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype = $UserEmpType}

    If I put text it works fine.

    set-Qaduser -identity agntest\$usr -ObjectAttributes @{employeetype…

  • Logon name Custom VB Script - Creation Fire on Edit/Change?!

    We use a custom vb script to create a samAccountName (Logon name) for the user upon creation integrated in a policy. The template for the script I found somewhere on the one identity forum. it works well. Now I have found out, that if I want to edit …

  • Partner Response Brief: Cyberattack on US Pipelines

    Partner Response Brief: Cyberattack on US Pipelines



    Recent news about Colonial Pipeline further reinforces that no organization is safe from a sophisticated ransomware attack.  Bad actors only need a small window of opportunity – e.g., a simple…

  • How to Add a Custom Entry to a new Web Form


    We have a custom Web Interface that we have setup to easily create user accounts into various OU's. The problem we have is that the "New User" form is shared between all the OU's and not all attributes in the "New User" form are relevant.…

  • Undelete user object from Recycle bin


    First of all, can we undelete the users from recycle bin to actual OU's using any process like Sync Service, workflow, PS script etc, or let me know any othe process to do the process.

    I've a requirement to undelete the user object from the…

  • Active Roles 7.4.4

    Hi all, 

    Does anyone know when active roles 7.4.4 will be released to the public?

    We require the ability to write direct to AAD groups as well as create cloud only users and my understanding is that this will be supported in 7.4.4.

    Thanks in advance…

  • Active Roles 7.4.3 Collector and Report Pack's Reports missing Add or Delete Actions?

    In some of the Active Directory Management reports, for example, Directory object management or User attribute management, there is a "Select Action" dropdown for sql expression filters.  In the past 6.9 version, there were options like "(Select…

  • Dynamic Group Rebuilds

    We have been using large dynamic groups, 10k plus members, though even on the smaller one this is a problem.  Rebuilds are really problematic because a read by any service, in the middle of a rebuild, will cause that service to assume the, as yet to be…

  • web interface tree menu edit.

    I am running 7.4 and would like to remove a few links from the menu/Views.   I was able to see a forum post on Tree but Not Views.   Another idea was to get rid of this whole section or collapse and not be able to expand.

    Example all i would like is.

    • Active…
  • Dynamic Group - Recursive membership based on nested manager chain...

    Imagine a single manage is over 12 managers who in-turn all have 12 subordinate managers who all have teams of 10+ people - is there an easy native way to create a dynamic group membership query that encompasses ALL those people?

    Head-Manager Jill <- Sub…

  • Managing Active Directory via Active Roles integration with one identity manager

    We have a requirement to manage the active directory accounts and groups from one identity manager. But there should not be a direct one identity manager to ad integration rather there should be one identity manager --> active roles --> active directory…

  • Three Ways to Improve Password Security and Self-service for Your End Users

    For enhanced password security, organizations need a simple, highly secure and efficient way for users to reset forgotten passwords and unlock accounts on their own. As an IT Leader, you must implement strong password policies and eliminate risk of data…

  • Achieve Zero Trust Even When Active Directory is in the Way

    After working with Active Directory for longer than I care to confess, the term ‘Zero Trust’ has bubbled up just about everywhere I look. For years, I ignored it, mostly because it sounds too good to be true. I assumed – as with some industry buzzwords…

  • New-QADComputer userAccountControl Active Roles

    I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

    We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in…

  • New-QADUser cmdlet Issue when logging the account creation event

    So when using the new-qaduser cmdlet, see below, The Event Log for event 4720 on the DC its connecting to to create the user account shows:

    Security ID: Domain\testing3
    Account Name: $2RG100-UU7PKQ1Q51GA
    Account Domain: Domain

    SAM Account…