ActiveRoles Server 6.x
How-To Guide
© 2014 Dell Inc.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a
software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the
applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written
permission of Dell Inc.
The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or
otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT
AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO
LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR
INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS
OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of
the contents of this document and reserves the right to make changes to specifications and product descriptions at any time
without notice. Dell does not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Dell Inc.
Attn: LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656
Refer to our web site (software.dell.com) for regional and international office information.
Trademarks
Dell and the Dell logo are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to
either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and
names of others.
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
ActiveRoles How-To Guide
Updated - December 2014
Software Version - 6.x
Contents
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Minimum Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
In-place upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Side-by-side upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
How do I configure Reports? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Can you use a Report database of an earlier version? . . . . . . . . . . . . . . . . . . . . . .13
Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Using a License from an earlier ActiveRoles version . . . . . . . . . . . . . . . . . . . . . . .13
Customizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Error and Log resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
How to configure Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Backup suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
How to back up the ActiveRoles Server database . . . . . . . . . . . . . . . . . . . . . . . . .22
How to move the ActiveRoles Server database . . . . . . . . . . . . . . . . . . . . . . . . . .25
Management History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Known issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Changing the ActiveRoles service account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
How to change the service account’s password . . . . . . . . . . . . . . . . . . . . . . . . . .28
How to change the service account or update the database connection credentials . .28
ActiveRoles Server Add-ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
About Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Contacting Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Technical support resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
ActiveRoles Server 6.x
How-To Guide
3
System requirements
Microsoft Windows Server operating systems supported for ActiveRoles Server install:
ActiveRoles version
6.7
6.8
6.9
Microsoft Windows version
•
2003 – any edition with Service Pack 2 or later
•
2008 – Standard or Enterprise edition with or without Service Pack
•
2008 R2 – Standard or Enterprise edition with or without Service Pack
•
2003 – any edition with Service Pack 2 or later
•
2008 – Standard or Enterprise edition with or without Service Pack
•
2008 R2 – Standard or Enterprise edition with or without Service Pack
•
2012 – Standard or Datacenter edition
•
2008 – Standard or Enterprise edition with Service Pack 2
•
2008 R2 – Standard or Enterprise edition with Service Pack 1
•
2012 – Standard or Datacenter edition
•
2012 R2 – Standard or Datacenter edition
ActiveRoles client components, such as the ActiveRoles console, can be installed and run on Windows client
operating systems as well.
SQL Server requirements
ActiveRoles version
6.7
6.8
6.9
Microsoft SQL Server version
•
2005 – any edition with Service Pack 2 or later
•
2008 – any edition with or without Service Pack
•
2008 R2 – any edition with or without Service Pack
•
2005 – any edition with Service Pack 2 or later
•
2008 – any edition with or without Service Pack
•
2008 R2 – any edition with or without Service Pack
•
2012 – any edition with or without Service Pack
•
2005 – any edition with Service Pack 2 or later
•
2008 – any edition with or without Service Pack
•
2008 R2 – any edition with or without Service Pack
•
2012 – any edition with or without Service Pack
Microsoft .NET Framework
ActiveRoles version
Microsoft .NET Framework version
6.7
.NET Framework 3.5 Service Pack 1
6.8
.NET Framework 4.0
6.9
.NET Framework 4.5
IMPORTANT: Do not use .NET Framework 4.5.1
ActiveRoles Server 6.x
How-To Guide
4
Microsoft Windows PowerShell
ActiveRoles version
Microsoft .Windows PowerShell version
6.7 or 6.8
Windows PowerShell 2.0
6.9
Windows PowerShell 3.0
Other software required for ActiveRoles Server can be installed by installing from the Redistributables folder
on the installation media.
Memory
Memory recommendation for ActiveRoles Server is to start out with 4 GB and depending on the environment
change from there.
The sizing of disk space and the SQL Server database capacities are best planned out by using the Resource
Usage Calculator which you can find in the Documentation folder on the installation disk/image and on the
next page of this document.
ActiveRoles version
Path to the Resource Usage Calculator on the installation media
6.7
Documentation\Quest One ActiveRoles 6.9\English\
QuestOneActiveRoles_6.9_ResourceUsageCalc.xls
6.8
Documentation\Quest One ActiveRoles 6.8\English\
QuestOneActiveRoles_6.8_ResourceUsageCalc.xls
6.9
Documentation\ActiveRoles Server 6.7\English\
ActiveRolesServer_6.7_ResourceUsageCalc.xls
ActiveRoles Server 6.x
How-To Guide
5
Quest One ActiveRoles 6.9
Resource Usage Calculator for Administration Service
This spreadsheet helps you calculate computer resource usage by the Administration Service. You can estimate
memory usage, size of the EDM Server event log, and database size. Memory usage depends upon the number
of objects in the managed domains, log size depends upon the number of operations performed by using the
Administration Service, and database size depends upon the number of configuration objects, links, stored virtual
attributes, and operations performed by using the Administration Service.
Memory Usage*
Object Type
Number of Objects
25000
Total:
User, Computer, Group
Memory Used, KB
50,000
130,000
Event Log Size
To calculate the size of the EDM Server event log for a given period of time (e.g. week or month), enter an
average number of elementary** operations performed during this period.
Operation Type
Number of Operations
Create users in Active Directory (AD)
Create computers, groups and other AD objects
Add or remobe objects from groups
Modify object attributes (number of changed attibutes)
Delete any object
Create Access Templates, Policy Objects, Managed Units
EDM Server Log Size, KB
100
120
500
500
100
5
Total
477
228
350
350
70
9
1,475
Database Size
Object Type
Access Template (AT)
Managed Unit (MU)
Policy Object (PO)
Link Type
Access Template link
Policy Object link
Virtual Attributes
Number of objects with stored virtual attributes
Virtual Attribute Type
String or other type, at most 10 bytes per value
String or other type, at most 100 bytes per value
String or other type, at most 1000 bytes per value
Operation Type
Modify object attributes (number of changed attibutes),
provided that the operation is subject to approval
Modify object attributes (number of changed attibutes),
provided that the operation is not subject to approval
Number of Objects
50
200
100
Links per MU or OU
4
10
Number of Objects
5000
Attributes per Object
1
1
1
Operations per Object
Database Size***
(Approximate Value), KB
12,500
2,000
450
3,200
10,000
1,125
2,250
4,375
2000
160,000
1000
Total:
30,000
275,900
ActiveRoles Server 6.x
How-To Guide
6
Ports used by ActiveRoles Server
If the environment managed by ActiveRoles is located behind a firewall, then the following ports must be open
between the ActiveRoles Administration Service and the managed environment.
Access to DNS Servers
•
Port 53 TCP/UDP Inbound/Outbound
Access to domain controllers
•
Port 88 (Kerberos) TCP/UDP Inbound/Outbound
•
Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
•
Port 139 (SMB/CIFS) TCP Inbound/Outbound
•
Port 445 (SMB/CIFS) TCP Inbound/Outbound
•
Port 389 (LDAP) TCP/UDP Outbound
•
Port 3268 (Global Catalog LDAP) TCP Outbound
•
Port 636 (LDAP SSL) TCP Outbound
This port is required if ActiveRoles is configured to access the domain by using SSL.
•
Port 3269 (Global Catalog LDAP SSL) TCP Outbound
This port is required if ActiveRoles is configured to access the domain by using SSL.
•
The TCP port allocated by RPC endpoint mapper for communication with the domain controller
You can configure Active Directory domain controllers to use specific port numbers for RPC
communication. For instructions, see http://support.microsoft.com/kb/224196.
Access to Exchange servers
•
Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
•
The TCP port allocated by RPC endpoint mapper for communication with the Exchange server
You can configure Exchange servers to use specific port numbers for RPC communication. For
instructions, see http://support.microsoft.com/kb/270836.
Computer resource management
•
Port 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
•
Port 445 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
Computer restart
•
Port 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
•
Port 137 (WINS) UDP Outbound
•
Port 138 (NetBIOS datagrams) UDP Outbound
Home folder provisioning and deprovisioning
•
Port 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
•
Port 445 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
ActiveRoles Server 6.x
How-To Guide
7
Access to SMTP server for e-mail integration
•
Port 25 (Default SMTP port) TCP Outbound
ActiveRoles uses SMTP port 25 by default. The default port number can be changed in the properties of
the Mail Configuration object in the ActiveRoles console. If Mail Configuration specifies a different port,
open that port rather than port 25.
Access to AD LDS instances
•
The TCP port specified when registering the AD LDS instance with ActiveRoles
Access to SQL Server
If SQL Server that hosts the ActiveRoles database is located behind the firewall, then you need to open the
following ports between the ActiveRoles Administration Service and SQL Server:
•
Port 1433 (Default SQL Server instance) TCP Inbound/Outbound
Open this port if your ActiveRoles database is on the default instance of SQL Server. If a different port is
assigned to the default instance, open that port rather than port 1433.
•
Port 1434 (SQL Server Browser service) UDP Inbound/Outbound
Open this port if your ActiveRoles database is on a named instance of SQL Server. In this case ActiveRoles
uses UDP port 1434 to determine the port assigned to the named instance, so you must open port 1434
along with the TCP port assigned to the named instance.
Access to ActiveRoles Administration Service
If you want to put a firewall between ActiveRoles clients, such as MMC Interface, Web Interface, ADSI Provider
or Management Shell, and the ActiveRoles Administration Service, then you need to open the following ports in
the firewall:
•
Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
•
The TCP port allocated by RPC endpoint mapper for communication with Administration Service
ActiveRoles uses Distributed COM (DCOM) over two separate TCP ports to accept client connections and
requests. ActiveRoles clients use port 135 to locate the Administration Service. Then, all requests from
ActiveRoles clients are sent over the port that is dynamically allocated by RPC endpoint mapper. For RPC
dynamic port allocation configuration instructions, see http://support.microsoft.com/kb/154596.
Access to ActiveRoles Web Interface
If you want to access the ActiveRoles Web Interface through a firewall, then you need to open the following
ports:
•
Port 80 (Default HTTP) TCP Inbound/Outbound
•
Port 443 (Default HTTPS) TCP Inbound/Outbound
The Web Interface normally runs over port 80, or over port 443 if SSL is enabled (off by default).
ActiveRoles Server 6.x
How-To Guide
8
Minimum Permissions
As ActiveRoles Server performs operations on objects on behalf of delegated users, the ActiveRoles service
account requires adequate permissions. Dell recommends that the best method to grant the ActiveRoles service
account sufficient permissions is to make it a member of Domains Admins.
However, should your company have restrictions for Domain Admins group membership and you require the
minimum amount of permissions, you must grant the ActiveRoles service account the following permissions.
Access to the Administration Service computer
The ActiveRoles service account must be a member of the local Administrators group on the computer running
the ActiveRoles Administration service. If installed on a Domain Controller, this will effectively grant the service
account administrator rights in the entire domain.
Service publication in Active Directory
It must be able to publish itself in Active Directory. On the Aelita sub-container under the System container in
the domain grant these rights:
•
Create Container Objects
•
Create ServiceConnectionPoint Objects
Access to Managed Domains
The ActiveRoles service account must have at least Read Permissions in any Managed Domain. In addition the
service account must have Modify Permissions rights on the Active Directory objects and containers where you
are planning to use the ActiveRoles security synchronization feature.
Access to Exchange Organizations
Exchange 2003
•
Moving mailboxes requires the Exchange 2007 Management Tools installed
•
All other tasks do not require the Exchange 2007 Management Tools tools installed
•
The service account (or the override account) must have at least the Exchange View-only Administrator
role assigned in Exchange 2003
•
Move Mailbox task requires the Exchange Administrator role
•
Add the service account (or the override account) to the Account Operators domain security group.
Exchange 2007
•
The Administration Service must run in the Active Directory forest in which the Exchange organization is
deployed. Install the Administration Service on a server belonging to any domain in that forest.
•
On the computer running the Administration Service, the Exchange 2007 Management Tools must be
installed and updated with Exchange Server 2007 Service Pack 2 (or later).
•
The service account (or the override account) must be configured so that it has the appropriate rights in
the Exchange Organization. It must be at least a member of the Exchange Recipient Administrator role.
•
Add the service account or the override account to the Account Operators domain security group.
ActiveRoles Server 6.x
How-To Guide
9
Exchange 2010
•
The Administration Service must run in the Active Directory forest in which the Exchange organization is
deployed. Install the Administration Service on a server belonging to any domain in that forest.
•
On the computer running the Administration Service, the Exchange 2010 Management Tools must be
installed.
•
The service account (or the override account) must be configured so that it has the appropriate rights in
the Exchange Organization. It must be at least a member of the Recipient Management role group.
•
Add the service account (or the override account) to the Account Operators domain security group.
Exchange 2013
•
Make the service account (or the override account) a member of the Recipient Management role group.
•
Add the account to the Account Operators domain security group.
Support for Exchange 2013 remote Shell
When performing management tasks on Exchange 2013 servers, ActiveRoles uses Windows PowerShell remoting
to establish a connection between the computer running the ActiveRoles Administration Service and the server
running Exchange 2013. This removes the requirement to install the Exchange 2013 management tools on the
computer running the Administration Service.
NOTE: The remote Shell also requires the following:
•
TCP port 80 must be open between the computer running the Administration Service and the remote
Exchange 2013 server.
•
The user account the Administration Service uses to connect to the remote Exchange server (the service
account or the override account) must be enabled for remote Shell. To enable a user account for remote
Shell, update that user account by using the Set-User cmdlet with the RemotePowerShellEnabled
parameter set to $True.
•
Windows PowerShell script execution must be enabled on the computer running the Administration
Service. To enable script execution for signed scripts, run the Set-ExecutionPolicy RemoteSigned
command in an elevated Windows PowerShell window.
Permission to read Exchange configuration data
To perform Exchange recipient management tasks, ActiveRoles also requires read access to Exchange
configuration data in Active Directory. This requirement is met if the service account (or the override account,
if specified) has administrator rights (for example, is a member of the Domain Admins or Organization
Management group). Otherwise, you should give the account the Read permission in the Microsoft Exchange
container. You can do this by using the ADSI Edit console as follows:
1
Open the ADSI Edit console and connect to the Configuration naming context.
2
In the ADSI Edit console, navigate to the Configuration/Services container, right-click Microsoft
Exchange in that container, and then click Properties.
3
On the Security tab in the Properties dialog box that appears, click Advanced.
4
On the Permissions tab in the Advanced Security Settings dialog box, click Add.
5
On the Permission Entry page, configure the permission entry:
a
Click the Select a principal link, and select the desired account.
b
Verify that the Type box indicates Allow.
c
Verify that the Applies onto box indicates This object and all descendant objects.
d
In the Permissions area, select the List contents and Read all properties check boxes.
e
Click OK.
ActiveRoles Server 6.x
How-To Guide
10
6
Click OK to close the Advanced Security Settings dialog box, and then click OK to close
the Properties dialog box.
For more information, see the ActiveRoles Quick Start Guide, sections “Configuring the Administration Service
Account” and “SQL Server Permissions.”
Upgrading
Before any upgrade is performed, you should first consider the following:
•
The upgrade process does not reserve any Replication settings. An upgrade can only be performed if the
Administration Service is not configured for Replication.
•
An upgrade of the ActiveRoles components may affect customer solutions. Custom solutions (such as
scripts and other modifications) that work fine with an earlier version of ActiveRoles may cease to work
after the upgrade. Prior to attempting an upgrade you should test the existing solutions with the new
version of ActiveRoles in a lab environment to verify that the solutions continue to work.
•
For ActiveRoles 6.9, the upgrade converts unmanaged domains to regular managed domains. After the
upgrade you will need to make them unmanaged by applying the built-in Policy object called Exclude
from Managed Scope. For further information see “Configuring an Unmanaged Domain” in the
ActiveRoles Administration Guide for 6.9.
For further information, review Solution 111679 at https://support.software.dell.com/activerolesserver/kb/111679.
In-place upgrade
The following example is from Solution 63506 (see https://support.software.dell.com/activerolesserver/kb/63506).
This example is for a simple upgrade scenario from either 6.7 or 6.8 to 6.9 with no Replication configured
(single ActiveRoles instance).
NOTE: Upgrades should be planned carefully and a back-out plan must be considered in case you have a failure
when upgrading. Before upgrading ensure you fully back up the ActiveRoles databases.
Example steps
1
Install the ActiveRoles Administration Service first. Choose the option to create a new database, and
select to import data from the old database.
You cannot use a 6.7 or 6.8 database for the 6.9 Administration Service as databases of different versions
are not compatible.
Ensure you have the database encryption key handy. The encryption key is used to encrypt only
passwords for AD domain and AD LDS instance override accounts. By default, an encryption key backup is
created in the following location: C:\Documents and Settings\All Users\Application Data\Quest
Software\ActiveRoles Server\ARS_encryption_keys.bin
2
Install the ActiveRoles console (MMC Interface) on the computer on which you’ve installed the
Administration Service, and ensure you can successfully connect.
It may take some time for your managed domains to build. Watch the EDM Server event log for event
1006 which will tell you that the Administration Service is ready to accept incoming connections.
3
Proceed to update the ActiveRoles Web Interface. Patches should always be installed last and verified
installed by navigating to Programs and Features in Control Panel and selecting View installed updates.
ActiveRoles Server 6.x
How-To Guide
11
4
This step is optional. Since you created a new database and imported data from your old database, only
the configuration data was migrated over. The management history data (change history) was not. From
the Start menu of your ActiveRoles computer, you can launch the Management History Migration Wizard
application that helps you import management history data.
Before importing management history data, ensure that you’ve confirmed your new
ActiveRoles instance has the correct change history setting. The change history setting is found in the
ActiveRoles console under Configuration | Server Configuration | Change Tracking Log Configuration,
on the right-hand pane.
Side-by-side upgrade
The purpose of a side-by-side upgrade is to allow you to install the new version of ActiveRoles Server while
keeping the existing installation live. Due to both versions existing and running at the same time there is a
potential for conflicts.
Take the following into consideration:
•
Both the old and new instances advertise and publish their service instance in Active Directory so there is
the potential that a client will attempt to connect to the incorrect server. The MMC Interface will not
allow them to connect and an error will be displayed.
•
Scheduled Tasks will run on both servers, thus the potential for both servers attempting to update,
provision or deprovision users can result in conflicts and data corruption (such as partially deprovisioned
accounts).
Due to the aforementioned potential issues, it is recommended to only have both servers up long enough to test
and confirm that the new server is functioning as expected. You can safely stop and disable the ActiveRoles
Administration Service along with any ActiveRoles Websites and then uninstall the old ActiveRoles components
at a later date. You may also need to update DNS to point to the new ActiveRoles Website.
To configure a side-by-side upgrade, perform the following:
1
Install the ActiveRoles Administration Service first. Choose the option to create a new database along
with the option to import data from the existing (old) server.
Note that you cannot use a 6.7 or 6.8 database for 6.9 services as they are not compatible. As such you
will require a new database and in order to import from the existing instance, you will either have to
create the new database on the existing SQL server or export the old database and import it to the new
SQL Server.
In order to import the data from the old server you will require the encryption key. The encryption key is
used to encrypt only passwords for override accounts for AD domains and AD LDS instances. By default,
an encryption key backup is created in the following location: C:\Documents and Settings\All
Users\Application Data\Quest Software\ActiveRoles Server\ARS_encryption_keys.bin
2
After the Administration Service is installed, install the ActiveRoles console (MMC Interface) and ensure
you can successfully connect to the new server.
It may take some time for your managed domains to build. Watch the EDM Server event log for event
1006 which will tell you that the service is ready to accept incoming connections.
3
If applicable, install the ActiveRoles Web Interface.
4
This step is optional. Since you created a new database and imported data from your old database, only
the configuration data was migrated over. The management history data (change history) was not. From
the Start menu of your ActiveRoles computer, you can launch the Management History Migration Wizard
application that helps you import management history data.
Before importing management history data, ensure that you’ve confirmed your new ActiveRoles instance
has the correct change history setting. The change history setting is found in the ActiveRoles console
under Configuration | Server Configuration | Change Tracking Log Configuration, on the right-hand
pane. The default setting is 30 days and this value does not get retained during the upgrade.
ActiveRoles Server 6.x
How-To Guide
12
Additional information
If your site has been customized by Dell Professional Services, please contact your account representative. They
will be able to coordinate resources within Dell to assist you and provide a new statement of work (SOW).
If you have any custom add-ons in previous versions, ensure that they are compatible with the new ActiveRoles
version and install them on the new ActiveRoles Server after the Administration Service has been installed.
If any of these add-ons or customizations are not compatible, then a side-by-side upgrade my not be viable.
Proceeding with the new server may cause subsequent issues if the remnants of the add-ons are still in the
ActiveRoles database. In this scenario an in-place upgrade is recommended. Another option would be to clone
the existing server to a new temporary server and uninstall any non-compatible add-ons and then use this new
database as the upgrade source (Import from existing database option in the Installation Wizard).
Reports
Reporting is an optional component. If you choose to take advantage of the ActiveRoles Server reports, the
following is required:
•
Microsoft SQL Server Reporting Services (SSRS) must be installed and configured.
Note that if the SQL Server service and SSRS are on different hosts, you may encounter a “double-hop”
authentication issue. Review this article for more information:
https://support.software.dell.com/password-manager/kb/69693
•
The ActiveRoles Server Collector account must have sufficient rights to create and write to a SQL Server
database that stores report data. You cannot create the database using a different account. Collector
must be used to create the database on SQL Server.
•
The account under which you run the ActiveRoles Server Report Pack installer must have sufficient rights
to publish reports on SSRS.
How do I configure Reports?
Please refer to Video Solution 134445 that demonstrates how to configure Reports in ActiveRoles Server:
https://support.software.dell.com/kb/134445
Can you use a Report database of an earlier version?
It is not recommended to re-use databases as newer versions may use different tables within the database and
the Reports may not return accurate results.
Licenses
Using a License from an earlier ActiveRoles version
Will my License from ActiveRoles Server 6.5 or 6.7 work in 6.8 or 6.9?
Typically, the license keys are set for major versions such as 6.x, and as such when the product changes to a
major version number, a new key must be used.
However, due to a minor product change introduced in version 6.8, a new license key is required after you
upgrade from 6.7 to any version thereafter. Please contact your Account Manager or our Licensing department
to obtain a new license key.
ActiveRoles Server 6.x
How-To Guide
13
Customizations
Custom solutions (scripts or other modifications) that rely on the functions of ActiveRoles Server may fail to
work after an upgrade due to compatibility issues. Prior to attempting an upgrade, you should test your existing
solutions with the new version of the product in a lab environment to verify that the solutions continue to work.
Should any compatibility issues arise during the test process, you can contact Dell Professional Services for paid
assistance with those solutions.
Troubleshooting
To troubleshoot ActiveRoles, there are a few items to check in regards to general overall performance:
•
CPU usage and availability
The ActiveRoles Administration Service can consume anywhere from 0 to 100% (peak) depending on the
number of users and tasks it is performing at any given time. Consistently high CPU usage may indicate
an issue (scheduled task running, bad script, etc.).
•
RAM usage and availability
The ActiveRoles Administration Service can consume anywhere from 200 MB to 1.5 GB on average,
depending on the number of managed objects and the environment. Each environment is unique. Take
note of your typical usage and if ActiveRoles is above your typical, then this may indicate an issue.
•
Hard drive speed and available free space
•
Network connection to Active Directory
Choose a Domain Controller that is as close to the ActiveRoles server as possible.
•
Connection to SQL server
Choose a SQL Server instance that is as close to the ActiveRoles server as possible.
Error and Log resources
ActiveRoles writes most events to its own Event log in Windows Event Viewer, under Applications and Services,
called EDM Server. This event log can be used to help determine root causes for issues and typically provides
more detailed error information should you encounter any issues within the console or Web Interface.
In addition to the Event log, there is a debug option as well that is disabled by default. While this can be
sometimes helpful for customers, it may be difficult to read and find the root cause during troubleshooting. The
debug log is generally used by Support and the Product team for troubleshooting. It should only be enabled
when requested by Support as the file can grow quite large in a very short time.
Debug options
For the ActiveRoles Administration Service, the debug log is called ds.log and the default location is here:
•
C:\Program Files\Quest Software\Quest One ActiveRoles\ (version 6.8 or 6.9)
•
C:\Program Files\Quest Software\ActiveRoles Server\ (version 6.7)
You can use the following instructions to enable or disable the debug log.
To enable logging in version 6.7 or 6.8
1
On the computer running the ActiveRoles Administration Service, launch the registry editor.
2
Locate the following registry key:
HKEY_LOCAL_MACHINE | SOFTWARE | Aelita | Enterprise Directory Manager
ActiveRoles Server 6.x
How-To Guide
14
3
Within that key, create the following value:
Value name: Debug
Type: DWORD (32-bit) Value
Value data: 1
The change has immediate effect. No service restart is required.
To disable logging in version 6.7 or 6.8
1
On the computer running the ActiveRoles Administration Service, launch the registry editor.
2
Locate the following registry value:
HKEY_LOCAL_MACHINE | SOFTWARE | Aelita | Enterprise Directory Manager | Debug
3
Set the value data to zero:
Value data: 0
The change has immediate effect. No service restart is required.
To enable or disable logging in version 6.9
1
Click the upper leftmost node in the ActiveRoles console (MMC):
2
Then, in the bottom-right corner, under Diagnostics, click View or change diagnostics settings:
Log file size
The log file grows in size quickly. Therefore, it is recommended to enable logging right before and disable
logging immediately after the issue has been reproduced.
The log captures any activity being performed by the service, including the tasks performed by connected users
while debug logging is enabled.
See also:
•
How to prevent the ActiveRoles Server (ARS) Debug Log from Overgrowing (VB script) at
https://support.software.dell.com/kb/SOL8617
•
Moving ds.log to an alternate drive and adding timestamps (PowerShell script) at
https://support.software.dell.com/kb/SOL94318
ActiveRoles Server 6.x
How-To Guide
15
Web Interface log
For the Web Interface, there is a separate log. The name of the file is <name of site>.log.
The default location of the Web Interface log for version 6.9 is here:
C:\Program Files\Quest Software\Quest One ActiveRoles\Web Interface 6.9\6.9.0\Public\Log
For example, the log for the site “Default Web Site/ARServerAdmin” will be located here:
C:\Program Files\Quest Software\Quest One ActiveRoles\Web Interface 6.9\6.9.0\Public\Log\Default Web
Site\ARServerAdmin\ARServerAdmin.log
As with the ds.log file, the Web Interface log can grow quickly as well. It is recommended to only turn it on
while reproducing an issue.
How to configure Replication
1
Open the ActiveRoles console (MMC), and connect to the ActiveRoles Administration Service that will
become the Publisher. Expand Configuration | Server Configuration | Administration Services. In the
right pane, right-click the Administration Service, and then click Configure Replication.
2
In the right pane, right-click the Administration Service’s configuration database, and then click
Promote.
ActiveRoles Server 6.x
How-To Guide
16
3
In the confirmation dialog box that appears, click Yes to start the Promote operation.
4
The progress window appears. Wait for the Promote operation to complete.
5
Once the operation is complete, you should see the Replication Status as Success.
6
Right-click the Publisher, and then click Add Replication Partner.
ActiveRoles Server 6.x
How-To Guide
17
7
The wizard to add a Subscriber appears. Click Next.
8
On the Database Selection page in the wizard, click Browse.
ActiveRoles Server 6.x
How-To Guide
18
9
In the Connect to Administration Service dialog box that appears, type the fully qualified domain name
of the computer running the Administration Service that will become the Subscriber. Alternatively, you
can browse for the Administration Service by clicking the ellipsis button next to the Service field. When
finished, click Connect.
10 Click Next on the Database Selection page.
ActiveRoles Server 6.x
How-To Guide
19
11 On the Configuration Database page, select the appropriate Publisher-to-Subscriber connection option,
and then click Next. For option descriptions, see the ActiveRoles Administrator Guide, section “Adding
Members to a Replication Group.”
12 Click Next on the Management History Database page, if prompted.
If you did not separate the Management History database and the Configuration database, the
Management History Database page will not appear.
ActiveRoles Server 6.x
How-To Guide
20
13 Click Finish on the Completion page to proceed with adding the Subscriber.
14 In the confirmation dialog box that appears, click Yes to start the Add Subscriber operation.
15 The progress window appears. Wait for the Add Subscriber operation to complete.
16 Once the operation is complete, you should see the Subscriber added.
ActiveRoles Server 6.x
How-To Guide
21
Backup suggestions
How to back up the ActiveRoles Server database
1
Open SQL Server Management Studio, and connect to the SQL Server instance that hosts the ActiveRoles
Server database you want to back up. In Object Explorer, right-click the database, point to Tasks, and
then click Back Up.
2
In the Back Up Database dialog box that appears, click the Add button in the Destination area to specify
the backup destination file.
ActiveRoles Server 6.x
How-To Guide
22
3
In the Select Backup Destination dialog box that appears, click the ellipsis button next to the File name
field to browse to the backup file location.
4
In the Locate Database Files dialog box that appears, select the backup file location, specify the backup
file name, and then click OK.
5
Click OK to close the Select Backup Destination dialog box.
ActiveRoles Server 6.x
How-To Guide
23
6
In the Back Up Database dialog box, make sure the destination is correct. Click OK to start the backup
process.
7
Click OK to close the information message box once the backup process is completed.
8
Check the destination folder to make sure the backup file is there.
ActiveRoles Server 6.x
How-To Guide
24
How to move the ActiveRoles Server database
For a video tutorial on how to move the database of an existing ActiveRoles Server instance to a new SQL Server
instance, review Solution 62455 at https://support.software.dell.com/kb/62445.
Management History
The Management History feature provides information on who did what and when it was done with regard to the
Active Directory management tasks performed using ActiveRoles.
This feature gives you a clear log documenting the changes that have been made to a given object, such as a
user or group object. The log includes entries detailing actions performed, success or failure of the actions, as
well as which attributes were changed.
By using the Management History feature, you can examine:
•
Change History Information on changes that were made to directory data via ActiveRoles.
•
User Activity Information on management actions that were performed by a given user.
Both Change History and User Activity use the same source of information—the Management History log, also
referred to as the Change Tracking log.
The Management History feature is designed to help promptly investigate what changes were recently made to
directory data, as well as when it was done and by whom. As such, this feature is not intended for data change
auditing nor is it intended to explore large volumes of data changes that occurred during a long period of time.
For this reason, in addition to the Management History feature, ActiveRoles Server provides a suite of reports
for change tracking and auditing, which is part of the ActiveRoles Server Report Pack. Each of these options:
Management History and Report Pack, has its own advantages and limitations. Follow the recommendations in
this article to choose the one that best suits your needs.
Advantages
The Management History feature can be used to examine changes that were made to directory data via
ActiveRoles Server. The feature is designed to help answer the following typical questions:
•
Who made the most recent changes to a given user or group object?
•
Who modified a given user or group object during the last X days?
•
What changes were made to a given user object last night (yesterday, the day before)?
•
Have any planned modifications of a given user or group object actually been performed?
•
What objects did a given delegated administrator modify during the last X days?
Management History can be instantly accessed whenever there is a need to quickly investigate or troubleshoot a
problem that results from inappropriate modifications of directory data. The Management History feature
includes a dedicated repository to store information about data changes, referred to as the Management History
log or Change Tracking log, and GUI to retrieve and display information from that repository. No additional
actions such as collecting or consolidating information are required to build Management History results.
ActiveRoles Server 6.x
How-To Guide
25
Limitations
The advantages of the Management History feature also entail some limitations. Before using the Management
History feature, consider the following limitations of using this feature.
Management History in ActiveRoles Server 6.7 is somewhat incomplete in that it does not reflect data changes
made by certain policies, such as Group Membership AutoProvisioning. When such a policy adds or removes users
from groups, information on those policy actions is missing from the Management History report. To keep track
of all changes, including those that occur due to policy actions, you can use change tracking reports discussed
later in this article.
Management History log size
The main factor to consider is the size of the Management History log. To ensure real-time update of the log on
all Administration Services, the log is stored in the ActiveRoles Server configuration database. This imposes
some limitations on the log size.
By default, the Management History log is configured to store information about changes that occurred within
last 30 days. If this setting is increased, the following problems may occur:
•
Excessive increase in the log size significantly increases the time required to build and display
Management History results.
•
As the log size grows, so does the size of the configuration database. This considerably increases the
time required to back up and restore the database, and causes high network traffic replicating the
database when you join an additional Administration Service to ActiveRoles Server replication.
•
The GUI is not suitable to represent large volumes of Management History results in a manageable
fashion. Since there is no filtering or paging capabilities, it may be difficult to sort through the results.
To address these limitations
ActiveRoles Server provides a different means for change auditing, change-tracking reports, included in the
ActiveRoles Server Report Pack. These reports are designed to help answer the following questions:
•
What management tasks were performed on a given object within a certain period of time?
•
What management tasks were performed on a given object during the object's entire life time?
•
When was a certain attribute of a given object modified?
To work with reports, you can use Report Manager provided by SQL Server Reporting Services (SSRS Report
Manager). Another option is to use the Reporting Console included with ActiveRoles Server. The Reporting
Console eases the management of reports containing large volumes of data as it contains the following features:
configure and apply filters, browse by page, and export reports to a wide variety of formats.
Change-tracking reports are based on data collected from event logs. A separate log is stored on each computer
running the Administration Service, and each log only contains events generated by one Administration Service.
Therefore, to use reports, the events from all event logs need to be consolidated to form a complete audit trail.
The process of consolidating events, referred to as the data collection process, is performed by a separate
ActiveRoles Server component—Collector. With the Collector wizard, you can configure and execute data
collection jobs, and schedule them to run on a regular basis.
The main limitation of change-tracking reports is the fact that the information needs to be collected and
consolidated in a separate database before you can build the reports. The data collection process exhibits the
following disadvantages:
•
Collecting data may be a very lengthy operation and the database size may grow unacceptable when
collecting all events that occurred within a long period of time in a large environment.
•
Collecting data is impossible over slow WAN links. This limitation is inherent to the ActiveRoles Server
component intended to collect data for reporting.
ActiveRoles Server 6.x
How-To Guide
26
Reference
How to recreate the Management History database without having to re-install
You can recreate the Management History database without having to re-install the entire product.
1
From the ActiveRoles Server installation media, navigate to the following directory:
Misc\Create MH Database\
2
Use the Create_MHOnly.bat file to recreate the Management History database.
Usage: Create_MHOnly.bat SERVER DATABASE LOGIN PASSWORD
Source: Solution 110724 at https://support.software.dell.com/activeroles-server/kb/110724
When the Management History is being synchronized, why is the ARS service unavailable?
When Management History data is being synchronized from the Publisher to a Subscriber, the ActiveRoles
Administration Service on the Subscriber is unavailable. Currently, this behavior is by design as the SQL Server
replication model does not offer the option to merge results during initial snapshot replication. If any changes
occur during this sync, they will be lost. To avoid data loss, the Administration Service is unavailable during this
synchronization period.
Source: Solution 103363 at https://support.software.dell.com/activeroles-server/kb/103363
Is it possible to use the Management History Migration Wizard to import data from several
ActiveRoles Server instances to one database?
The Management History Migration Wizard is designed for a “one-to-one” database migration for an ActiveRoles
Server upgrade. It is intended to expedite the upgrade process as migration of Management History data can be
quite lengthy—sometimes in excess of 25 hours (depending on history and environment).
The Management History Migration Wizard has never been tested in migrating several Management History
databases to one. This type of scenario is not supported.
Source: Solution 90375 at https://support.software.dell.com/activeroles-server/kb/90375
Back up Configuration and Management History databases prior to an ActiveRoles Server upgrade
ActiveRoles Server stores its Configuration data and Management History data in a database on SQL Server. It is
recommended to back up Configuration and Management History databases prior to the upgrade. For
instructions, see How to back up the ActiveRoles Server database earlier in this document.
Source: Solution 111679 at https://support.software.dell.com/activeroles-server/kb/111679
Known issues
No change history, change-tracking policy is empty or missing
This is caused by corruption during the upgrade or installation of the policy file because the policy file is either
missing or empty.
See workaround in Solution 112095 at https://support.software.dell.com/activeroles-server/kb/112095.
Change history does not display in chronological order
When viewing the Change History on an object in ActiveRoles Server, the history is ordered by Completed time.
Currently the only sort order available is by Completed time. Enhancement Request TF00357797 has been
submitted to consider the option of sorting by Requested time in a future release of ActiveRoles Server.
Source: Solution 124843 at https://support.software.dell.com/activeroles-server/kb/124843
ActiveRoles Server 6.x
How-To Guide
27
Changing the ActiveRoles service account
How to change the service account’s password
In order to change the password of the ActiveRoles Administration Service account, do the following:
1
Use the Active Directory Users and Computers console to change the password of the service account in
Active Directory. You can also perform this task by using the ActiveRoles console or Web Interface.
2
In the Services console (services.msc), edit the service Quest One ActiveRoles Administration Service.
On the Log On tab, change the password to match the new password from Step 1.
3
Restart the service Quest One ActiveRoles Administration Service.
4
Change any scheduled tasks that you may have set up with this account (for example the Collector task).
5
If using Quick Connect, change the password in the Services console for the service Quest Quick
Connect Service. Set the password on the Log On tab.
6
Restart the service Quest Quick Connect Service.
7
If using Quick Connect, change the password for each Connection if the credentials within each
Connection are specified.
How to change the service account or update the
database connection credentials
In order to change the account that is used to run the ActiveRoles Administration Service, follow the steps as
outlined below.
IMPORTANT: Before you modify the connection settings:
1
If you are changing the connection from Publisher to Subscriber or vice-versa, both databases should be
switched to standalone mode. The Subscriber should be removed from replication and the Publisher
should be demoted.
2
If you have multiple Subscribers, remove all Subscribers from replication before demoting the Publisher.
3
Make sure you back up both databases before changing the connection settings.
4
If multiple servers are sharing the same database, Workarounds 2 and Workaround 3 are not applicable
due to defect ID TF00329743. Use Workaround 1 instead
WORKAROUND 1 (Recommended)
Reinstall the ActiveRoles Administration Service
To use the existing database when installing the Administration Service:
1
Uninstall ActiveRoles Administration Service.
Before uninstalling the Administration Service, take a note of the current patch level. Patch level is
defined by the last four digits of the product version.
2
Install ActiveRoles Administration Service.
a
In the Quest One ActiveRoles DVD Autorun window, click Quest One ActiveRoles, and then click
Administration Service in the list of the product components.
b
In the Setup Wizard, on the Service Deployment Options page, select Perform custom
installation.
c
On the Configuration Storage Options page, click Database of an earlier installed Service.
ActiveRoles Server 6.x
How-To Guide
28
3
d
On the Database and Connection Settings page, specify the connection settings for the existing
ActiveRoles Configuration and Management History databases.
e
Follow the instructions in the Setup Wizard to complete the installation.
Install the required patches to bring the service to the same patch level it was at initially (see Step 1).
WORKAROUND 2
Update the connection string in the Windows registry
NOTE: You cannot update the login and password with this method.
The Configuration database connection settings are stored under the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Aelita\Enterprise Directory Manager\DatabaseConnectionString
The Management History database connection settings are stored under the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Aelita\Enterprise Directory Manager\CHDatabaseConnectionString
Modify the connection settings by updating the following values:
•
Data Source Specify the NetBIOS name of the SQL server hosting the database.
•
Initial Catalog Specify the name of the existing SQL database.
When finished, restart the ActiveRoles Administration Service for the changes to be applied.
WORKAROUND 3 (Advanced)
Modify the connection settings by running the Administration Service executable file from a
command prompt
Use this workaround if the SQL login of the Administration Service for SQL Server authentication is no longer
valid, or you need to update the credentials (login name and/or password).
The the Administration Service executable file named arssvc.exe is located in the ActiveRoles installation
folder which defaults to %ProgramFiles%\Quest Software\Quest One ActiveRoles.
1
Stop the ActiveRoles Administration Service from the Services console, or by entering the following
command at a command prompt:
net stop arssvc
2
Once the Administration Service has been stopped, open a command prompt and navigate to the
ActiveRoles installation folder.
3
At the command prompt, run arssvc.exe using the following syntax to modify connection settings. All
the parameters are mandatory.
arssvc.exe /DBServerName Instance /DBName Name /DBAuthenticationMode 0 | 1 /DBLogin Login
/DBPassword Password /dbMHServerName Instance /dbMHName Name /dbMHAuthenticationMode 0 | 1
/dbMHLogin Login /dbMHPassword Password
For parameter descriptions, see the “Modifying Connection Settings” section in the document named
ActiveRoles Replication: Best Practices and Troubleshooting which is included with the product.
4
Start the ActiveRoles Administration Service from the Services console, or by entering the following
command at a command prompt:
net start arssvc
ActiveRoles Server 6.x
How-To Guide
29
ActiveRoles Server Add-ons
Add-on for Office Communications Server
The Add-on for Office Communications Server provides the ability to enable and disable users for Microsoft
Office Communications Server version 2007 and 2007 R2.
The Add-on will work with either ActiveRoles 6.7 or 6.8 only.
Full requirements and installation instructions can be found in the Release Notes document included with the
Add-on.
Add-on for Lync Server
The Add-on for Lync Server provides the ability to enable and disable users for Microsoft Lync Server 2010 and
2013 via the Web Interface only.
The Add-on requires Quick Connect, including:
•
Quick Connect Sync Engine 5.2.0 or 5.3.0
•
Quick Connect Express for Active Directory 5.3.0 or 5.4.1
If you are going to use Quick Connect Sync Engine 5.3.0, install the Quick Connect Sync Engine 5.3 - Merge
Module 5.2 Update described in Solution 118152 at https://support.software.dell.com/kb/SOL118152.
Add-on for Exchange Resource Forests (ERFM)
The Add-on for Exchange Resource Forest Management (also known as Quick Connect for Exchange Resource
Forests or Exchange Resource Forest Manager) provides the ability to create linked mailboxes for users from
Active Directory forests where Exchange is not deployed. The Add-on creates linked mailboxes along with
shadow accounts in the Active Directory forest where Exchange Server is deployed, and synchronizes shadow
accounts with use accounts held in non-Exchange forests.
For configuration details, the following video explains how to install and configure this Add-on:
https://support.software.dell.com/activeroles-server/kb/94865
Add-on for Office 365
The Add-on for Office 365 can be used to create and administer users and groups in Microsoft Office 365.
The Add-on is able to perform all tasks required for synchronization between on-premises Active Directory and
the Office 365 directory, so it can be used in place of Microsoft’s Directory Synchronization tool.
However, it is important to note that you can use either the Add-on for Office 365 or Microsoft’s Directory
Synchronization tool to synchronize objects, but not both.
Most importantly:
1
2
The Add-on can be configured for directory synchronization if:
•
Microsoft Online Services Directory Synchronization tool is not activated
•
The Add-on configuration option is selected indicating that native sync between Active Directory
and Office 365 is not activated
If Active Directory synchronization using the Microsoft Online Services Directory Synchronization tool is
activated:
•
The Add-on can only master licensing of Office 365 users
•
All changes to Office 365 objects, with the exception of licensing, are mastered from the
properties of the corresponding objects in your on-premises Active Directory
ActiveRoles Server 6.x
How-To Guide
30
About Dell
Dell listens to customers and delivers worldwide innovative technology, business solutions and services they
trust and value. For more information, visit www.software.dell.com.
Contacting Dell
Technical Support:
Online Support
Product Questions and Sales:
(800) 306-9329
Email:
info@software.dell.com
Technical support resources
Technical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions. To access the Support Portal, go to
http://software.dell.com/support/.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. In addition, the portal provides direct access to product support engineers through an
online Service Request system.
The site enables you to:
•
Create, update, and manage Service Requests (cases)
•
View Knowledge Base articles
•
Obtain product notifications
•
Download software. For trial software, go to Trial Downloads.
•
View how-to videos
•
Engage in community discussions
•
Chat with a support engineer
ActiveRoles Server 6.x
How-To Guide
31
