• State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 61 subscribers
  • Views 14310 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Roles AD How is this licensed?

nytramuk
over 7 years ago

Hi

I need to know how the licensing is worked out for Active Role


Is it per user? If so, is that enable user only ALL users?  What about other objects do they need a license?

 

Thanks in advance

 

 

Parents
  • 0 over 7 years ago

    Active Roles is licensed based on Managed and Enabled User Account objects.

    An "Enabled User Account" does not include inter-domain trust accounts, contacts, disabled mailbox-enabled user accounts in an Exchange resource forest. Computer object and Group object management also does not count against the licensing count.

    By default, all User Account objects are Managed. If you wish to exclude a Domain or one or more OU's from the Managed scope, use the "Built-in Policy - Exclude from Managed Scope" Policy.

Reply
  • 0 over 7 years ago

    Active Roles is licensed based on Managed and Enabled User Account objects.

    An "Enabled User Account" does not include inter-domain trust accounts, contacts, disabled mailbox-enabled user accounts in an Exchange resource forest. Computer object and Group object management also does not count against the licensing count.

    By default, all User Account objects are Managed. If you wish to exclude a Domain or one or more OU's from the Managed scope, use the "Built-in Policy - Exclude from Managed Scope" Policy.

Children
  • +1 over 5 years ago in reply to Terrance.Crombie

    Apparently this is not true anymore and "Enabled User Account objects" means "All Objects" https://support.oneidentity.com/active-roles/kb/134201/active-roles-licensing-faq .

    It looks like licensing terms changed without notice at some point few years ago and ARS 6.9, 7.1 and 7.2.X were consistent with what Terrance wrote.

    Is there a way to exclude specific user objects from the Active Roles Server License user count, i.e. Service Accounts?

    Active Roles Server License includes all "enabled" and "disabled" user accounts within the registered domain(s). This will also include any accounts designated as Service Accounts.

    Note: ARS v6.9, ARS v7.1, ARS v7.2.X count just "enabled" users as managed objects, this is a known issue (766634) that has been fixed in ARS v7.3.1.

    If you are using the Managed Person license model then it is possible to exclude specific Users, OUs, and Containers, you may use the Policy called "Built-In Policy - Exclude from Managed Scope", which will make the objects Read-Only (Unmanaged).

    Does the “Enabled User” License model include users with disabled accounts?

    Yes, the enabled user license model is defined as follows:-

    Enabled User Accounts are all the user accounts in the domain(s) to be managed by the Software, including, but not limited to, users' logon accounts, secondary accounts tied to users, administrative accounts, service accounts, test accounts, and iNetOrgPerson objects. The license quantity for Software licensed by this License Type must be at least the total number of accounts (regardless of account type) in the domain(s) or other logical group of accounts with which the Software is to be used.