Active Roles is a single, unified and rich tool to automate the most
troublesome user and group management tasks.
Administrators struggle to keep up with requests to create, change or remove
access in today’s hybrid AD environments and with the limited
capabilities of Microsoft Active Directory (AD) and Azure Active Directory
(AAD) native tools. Thankfully, help has arrived.
With One Identity Active Roles, you can streamline user and group
administration, solve security issues
– and meet those never-ending compliance requirements by managing and
securing on-prem, and cloud AD resources simply and efficiently with a single,
intuitive solution.
Automatic, consistent, and complete management
Active Roles overcomes the shortcomings of native tools for hybrid Active Directory management and security
Specifications
Before installing Active Roles 7.1, ensure that your system meets the
following minimum hardware and software requirements.
Active Roles includes the following components:
- Administration Service
- Web Interface
- Console (MMC Interface)
- Management Tools
- Synchronization Service
This section lists the hardware and software requirements for installing and
running each of these components.
- Platform
Any of the following:
Processor speed: 2.0 GHz or faster
For best results, a multi-core processor recommended.
- Memory
At least 2 GB of RAM. The amount required depends on the total
number of managed objects.
- Hard Disk Space
100 MB or more of free disk space. If SQL Server and
Administration Service are installed on the same computer, the amount
required depends on the size of the Active Roles database.
- Operating System
You can install Administration Service on a computer running:
- Microsoft Windows Server 2008 R2, Standard or Enterprise
edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows Server 2016, Standard or Datacenter edition
- Microsoft .NET Framework
- SQL Server
You can host the Active Roles database on:
- Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit
(x64), with or without any Service Pac
- Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or
64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit
(x64), with or without any Service Pack
- Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit
(x64), with or without any Service Pack
- Microsoft SQL Server 2012 Native Client
is required on the computer running the Administration Service
- Microsoft SQL Server 2016, any edition
- Windows Management Framewor
- Microsoft Exchange Server Management Tools
To manage Exchange 2007 recipients, Active Roles requires the
Exchange 2007 SP3 management tools installed on the computer running
the Administration Service. For installation instructions, see
“How to Install the Exchange 2007 Management Tools” at
http://go.microsoft.com/fwlink/?linkid=88090.
- Operating system on domain controllers
Active Roles retains all features and functions when managing Active
Directory on domain controllers running any of these operating
systems, any edition, with or without any Service Pack:
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
NOTE:
- Active Roles does not support domain controllers running
Microsoft Windows 2000 Server. Ensure that the Active Directory
domains managed by Active Roles do not have Windows 2000 Server
based domain controllers.
- Active Roles deprecates managed domains with the domain
functional level lower than Windows Server 2008. We recommend
that you raise the functional level of the domains managed by
Active Roles to Windows Server 2008 or higher.
- Exchange Serve
Active Roles is capable of managing Exchange recipients on:
- Microsoft Exchange Server 2007 Service Pack 3
- Microsoft Exchange Server 2010 Service Pack 3
- Microsoft Exchange Server 2013
NOTE: Microsoft Exchange Server 2003 is not
supported.
- Platform
Any of the following:
Processor speed: 2.0 GHz or faster
- Memory
At least 2 GB of RAM. The amount required depends on the total
number of managed objects.
- Hard Disk Space
About 100 MB of free disk space.
- Operating System
You can install Web Interface on a computer running:
- Microsoft Windows Server 2008 R2, Standard or Enterprise
edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows Server 2016, Standard or Datacenter edition
- Microsoft .NET Framework
- Internet Services
On Windows Server 2008 R2, Web Interface requires the Web Server
(IIS) server role with the following role services:
- Web Server/Common HTTP Features/
- Static Content
- Default Document
- HTTP Errors
- HTTP Redirection
- Web Server/Application Development/
- ASP.NET
- .NET Extensibility
- ASP
- ISAPI Extensions
- ISAPI Filters
- Web Server/Security/
- Basic Authentication
- Windows Authentication
- Request Filtering
- Management Tools/IIS 6 Management Compatibility/
- IIS 6 Metabase Compatibility
On Windows Server 2012 or Windows Server 2012 R2, Web Interface
requires the Web Server (IIS) server role with the
following role services:
- Web Server/Common HTTP Features/
- Default Document
- HTTP Errors
- Static Content
- HTTP Redirection
- Web Server/Security/
- Request Filtering
- Basic Authentication
- Windows Authentication
- Web Server/Application Development/
- .NET Extensibility 4.5
- ASP
- ASP.NET 4.5
- ISAPI Extensions
- ISAPI Filters
- Management Tools/IIS 6 Management Compatibility/
- IIS 6 Metabase Compatibility
Internet Information Services (IIS) must be configured to provide
Read/Write delegation for the fo;llowing features:
Use Feature Delegation in Internet Information Services (IIS)
Manager to confirm that these features have delegation set to
Read/Write.
- Web browser
You can access Web Interface using:
- Firefox 36 on Windows
- Google Chrome 41 on Windows
- Windows Internet Explorer 11
- Microsoft Edge on Windows 10
You can use a later version of Firefox, Google Chrome or Internet
Explorer to access Web Interface; however, Web Interface 7.1 has been
tested only against the browser versions listed above.
- Minimum screen resolution
Web Interface is optimized for screen resolutions of 1280 x 800 or
higher. The minimum supported screen resolution is 1024 x 768.
- Platform
Any of the following:
- Intel x86
- Intel 64 (EM64T)
Processor speed: 1.0 GHz or faster
- Memory (RAM)
At least 1 GB of RAM. The amount required depends on the total
number of managed objects.
- Hard Disk Space
About 100 MB of free disk space.
- Operating System
You can install Active Roles console on a computer running:
- Microsoft Windows Server 2008 R2, Standard or Enterprise
edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows 7, Ultimate, Professional or Enterprise
edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
- Microsoft Windows 8, Professional or Enterprise edition, 32-bit
(x86) or 64-bit (x64)
- Microsoft Windows 8.1, Professional or Enterprise edition,
32-bit (x86) or 64-bit (x64)
- Microsoft Windows 10, Professional or Enterprise edition, 32-bit
(x86) or 64-bit (x64)
- Microsoft Windows Server 2016, Standard or Datacenter edition
- Microsoft .NET Framework
Active Roles console requires Microsoft .NET Framework 4.5 (see
“Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).
- Web browser
Active Roles console requires Internet Explorer 11.
Management Tools is a composite component that includes the Active
Roles Management Shell, ADSI Provider, and SDK. On a 64-bit (x64)
system, Management Tools also include the Active Roles Configuration
Center.
- Platform
Any of the following:
- Intel x86
- Intel 64 (EM64T)
Processor speed: 1.0 GHz or faster
- Memory (RAM)
At least 1 GB of RAM.
- Hard Disk Space
About 100 MB of free disk space.
- Operating System
You can install Management Tools on a computer running:
- Microsoft Windows Server 2008 R2, Standard or Enterprise
edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows 7, Ultimate, Professional or Enterprise
edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
- Microsoft Windows 8, Professional or Enterprise edition, 32-bit
(x86) or 64-bit (x64)
- Microsoft Windows 8.1, Professional or Enterprise edition,
32-bit (x86) or 64-bit (x64)
- Microsoft Windows 10, Professional or Enterprise edition, 32-bit
(x86) or 64-bit (x64)
- Microsoft Windows Server 2016, Standard or Datacenter edition
- Microsoft .NET Framework
Management Tools require Microsoft .NET Framework 4.5 (see
“Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).
- Windows Management Framework
On Windows Server 2008 R2 or Windows 7, Management Tools require
Windows Management Framework 3.0 (see “Windows Management
Framework 3.0” at http://go.microsoft.com/fwlink/?LinkId=272757).
- Remote Server Administration Tools (RSAT)
To manage Terminal Services user properties by using Active Roles
Management Shell, Management Tools require Remote Server
Administration Tools (RSAT) for Active Directory. See
Microsoft’s documentation for instructions on how to install
Remote Server Administration Tools appropriate to your operating
system.
- Platform
Any of the following:
Processor speed: 2.0 GHz or faster
For best results, a multi-core processor recommended.
- Memory
At least 2 GB of RAM. The amount required depends on the number
of objects being synchronized.
- Hard disk space
250 MB or more of free disk space. If SQL Server and
Synchronization Service are installed on the same computer, the
amount required depends on the size of the Synchronization Service
database.
- Operating System
You can install the Synchronization Service on a computer
running:
- Microsoft Windows Server 2008 R2, Standard or Enterprise
edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter
edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter
edition
- Microsoft Windows Server 2016, Standard or Datacenter
edition
- Microsoft .NET Framework
Synchronization Service requires Microsoft .NET Framework 4.5
(see “Installing the .NET Framework” at http://go.microsoft.com/fwlink/?LinkId=257868).
- SQL Server
You can host the Synchronization Service database on:
- Microsoft SQL Server 2008, any edition, 32-bit (x86) or
64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or
64-bit (x64), with or without any Service Pack ;
- Microsoft SQL Server 2012, any edition, 32-bit (x86) or
64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2014, any edition, 32-bit (x86) or
64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2016, any edition
- Windows Management Framework
On Windows Server 2008 R2, the Synchronization Service requires
Windows Management Framework 3.0 (see “Windows Management
Framework 3.0” at http://go.microsoft.com/fwlink/?LinkId=272757).
- Supported connections
The Synchronization Service can connect to:
- Microsoft Active Directory Domain Services with the domain
or forest functional level of Windows Server 2008 or higher
- Microsoft Active Directory Lightweight Directory Services
running on any Windows Server operating system supported by
Microsoft
- Microsoft Exchange Server version 2013, 2010 or 2007
- Microsoft Lync Server version 2013 or 2010
- Microsoft Windows Azure Active Directory using the Azure AD
Graph API version 2013-04-05
- Microsoft Office 365 directory
- Microsoft Exchange Online service
- Microsoft Lync Online service
- Microsoft SharePoint Online service
- Microsoft SQL Server, any version supported by Microsoft
- Active Roles version 7.1, 7.0, and 6.9
- Quest One Identity Manager version 6.1 or 6.0 (Q1IM 6.01 or
6.0)
- One Identity Manager version 7.0 (D1IM 7.0)
- Data sources accessible through an OLE DB provider
- Delimited text files
- Legacy Active Roles ADSI Provider
To connect to Active Roles version 6.9, 6.8 or 6.7, the Active
Roles ADSI Provider of the respective version must be installed on
the computer running the Synchronization Service. For installation
instructions, see the Quick Start Guide for the appropriate Active
Roles version.
- Microsoft Exchange Server Management Tools
To connect to Exchange Server 2007, the Exchange 2007 SP3
management tools must be installed on the computer running the
Synchronization Service. For installation instructions, see
“How to Install the Exchange 2007 Management Tools” at
http://go.microsoft.com/fwlink/?linkid=88090.
- Azure AD Module for Windows PowerShell
To connect to the Office 365 directory, the following software
must be installed on the computer running the Synchronization
Service:
- Microsoft Online Services Sign-In Assistant for IT
Professionals
- Azure Active Directory Module for Windows PowerShell
For installation instructions, see “Install the Azure AD
Module” at http://go.microsoft.com/fwlink/?linkid=320628.
- Windows PowerShell Module for Lync Online
To connect to the Lync Online service, Windows PowerShell Module
for Lync Online must be installed on the computer running the
Synchronization Service. For installation instructions, see
“Windows PowerShell Module for Lync Online” at http://go.microsoft.com/fwlink/?LinkId=294688.
- SharePoint Online Management Shell
To connect to the SharePoint Online service, SharePoint Online
Management Shell must be installed on the computer running the
Synchronization Service. For installation instructions, see
“SharePoint Online Management Shell” at http://go.microsoft.com/fwlink/?LinkId=255251.
- One Identity Manager API
To connect to One Identity Manager 7.0, One Identity Manger
Connector must be installed on the computer running the
Synchronization Service. This connector works with RESTful web
service and SDK installation is not required.
To connect to One Identity Manager 6.0, the Quest One Identity
Manager Connector must be installed on the computer running the
Synchronization Service. This connector works only when the Q1IM
API SDK is installed on the system. For installation instructions,
see Knowledge Article 100525 at https://support.oneidentity.com/kb/SOL100525.
- Internet Connection
To connect to cloud directories or online services, the computer
running the Synchronization Service must have a reliable
connection to the Internet.
- Microsoft .NET Framework
Microsoft .NET Framework 4.5
- Additional Requirements
To synchronize passwords from an Active Directory domain to some
other connected data system, you must install the Sync Service
Capture Agent on all domain controllers in the source Active
Directory domain.
The domain controllers on which you install Sync Service Capture
Agent must run one of the following operating systems with or
without any Service Pack (both x86 and x64 platforms are
supported):
- Microsoft Windows Server 2016
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2008 R2
For more information, see the Active Roles Synchronization
Service Administrator Guide.
For instructions on how to upgrade Active Roles, refer to the
Active Roles Quick Start Guide.
When performing the upgrade, keep in mind that the components of
the earlier version may not work in conjunction with the
components you have upgraded. To ensure smooth upgrade to the new
version, you should first upgrade the Administration Service and
then upgrade the client components (Console and Web Interface).
Custom solutions (scripts or other modifications) that rely on
the functions of Active Roles may fail to work after an upgrade
due to compatibility issues. Prior to attempting an upgrade, you
should test your existing solutions with the new version of the
product in a lab environment to verify that the solutions continue
to work.
Impact on add-ons
After an upgrade of Active Roles components to the Active Roles
7.1, the add-ons which were supported in the earlier versions of
Active Roles, cease to work. Hence, it is recommended to uninstall
the add-ons prior to the upgrade of Active Roles.
Note: Office 365 add-ons are not supported on
the Active Roles 7.1.
The following table shows the version upgrade path that you can
take from one version of the product to another. Source version
refers to the current product version that you have installed.
Destination version refers to the highest version of the product to
which you can upgrade.
Source version
Destination version
