Active Roles
Keep Active Directory secure by separating administration roles
Simplify the security of your Active Directory
Simplify the security and protection of Active Directory (AD) to solve security issues and meet compliance requirements with the help of Active Roles. It helps overcome AD’s native limitations, You can enjoy a new level of efficiency with its automated management of users and groups, as well as delegation tasks. You can easily meet your business requirements today, as well as scale to address future needs thanks to Active Roles’ modular architecture.
With Active Roles, you can:
- Eliminate unregulated access to resources, while protecting critical AD data
- Automatically create user and group accounts for secure management in AD and AD-joined systems
Features
Secure access
Enables you to control access through delegation using a least-privilege model in order to protect Active Directory (AD). You’ll can generate and strictly enforce access rules based on defined administrative policies and permissions, eliminating potential errors and inconsistencies common to native approaches to AD management. Plus, you can establish an IT process based on your business requirements with Active Roles’ robust approval procedures, which complements the automated management of directory data
Automate account creation
Automates a wide variety of tasks, including:
- Creating and managing user and group accounts
- Creating mailboxes in Exchange
- Assigning resource in Windows
Ensure an efficient and secure administrative process by automatically reassigning and removing user rights — including user and group de-provisioning — in AD and AD-joined systems, including Exchange, SharePoint, OCS, Lync and Windows, Unix, Linux and Mac OS X.
Day-to-day directory management
Simplifies management of:
- Exchange recipients, including mailbox/OCS assignment, creation, movement, deletion, permissions and distribution-list management
- Users and groups
- Computers, including shared, printers, local users and groups
- Active Directory, including AD LDS
You can also improve day-to-day administration and help desk operations with the tool’s intuitive interfaces via both an MMC snap-in and a Web interface.
Manage groups and users in a hosted environment
Synchronize AD domain clients with a host AD domain in hosted environments. Active Roles synchronizes user- and group-account attributes and passwords, from the client domain to the hosted domain. Synchronize your on-premises AD accounts to Microsoft Office 365, Lync Online and SharePoint Online.
Consolidate management points through integration
Ensures easy integration with many One Identity products — including Identity Manager, Privilege Password Manager, Desktop Virtualization, Authentication Services, Defender, Password Manager, Cloud Access Manager and Change Auditor — with Active Roles’ Extend All feature in order to simplify and consolidate management points. This powerful tool also automates and extends the capabilities of PowerShell, ADSI, SPML and customizable Web interfaces. Active Roles comes with all the synchronization technology necessary to manage and secure.
- Lync
- Exchange
- SharePoint
- AD LDS
- Office 365
- Azure AD
- Microsoft SQL Server
- OLE DB (MS Access)
- Flat file
Specifications
Active Roles includes the following components:
- Administration Service
- Console (MMC Interface)
- Web Interface
- Collector
- Report Pack
- Add-in for Outlook
The tables below outline system requirements for installing and running each of these components.
- Platform
- 1 GHz or higher Intel Pentium-compatible CPU.
- Memory (RAM)
- 1 GB or more recommended. The amount required depends on the total number of managed objects.
- Hard Disk Space
- 100 MB or more of free disk space. If SQL Server and Administration Service are installed on the same computer, the amount required depends on the size of the Active Roles database.
- Operating System
You can install the Administration Service on a server running any of these operating systems:
- Microsoft Windows Server 2008, Standard or Enterprise edition, 64-bit (x64), Service Pack 2
- Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- SQL Server
You can use any of these SQL Server versions to host the Active Roles database:
- Microsoft SQL Server 2005, any edition, 32-bit (x86) or 64-bit (x64), Service Pack 2 or later
- Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
Microsoft SQL Server 2012 Native Client is required on the computer running the Administration Service. You can install SQL Server 2012 Native Client from the Redistributables page in the Active Roles DVD Autorun window.
- Microsoft .NET Framework
Microsoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868 )
You can install .NET Framework 4.5 from the Redistributables page in the Active Roles DVD Autorun window.
- Windows Management Framework
Windows Management Framework 3.0 (see "Windows Management Framework 3.0" at http://go.microsoft.com/fwlink/p/?LinkId=272757 )
- Active Roles Management Shell for Active Directory
Administration Service requires version 1.7 of Active Roles Management Shell for Active Directory.
The Administration Service Setup program automatically installs the appropriate version of Active Roles Management Shell. Optionally, you can install Active Roles Management Shell from the Solutions page in the Active Roles DVD Autorun window.
- Microsoft Exchange Server Management Tools
- To manage Exchange 2010 recipients, Active Roles requires the Management Tools for Exchange 2010 Service Pack 3 or later to be installed on the computer running the Administration Service. Use the Exchange Server 2010 Setup program to install the Management Tools on the computer where you plan to install the Administration Service.
- To manage Exchange 2007 recipients, Active Roles requires the Management Tools for Exchange 2007 Service Pack 2 or later to be installed on the computer running the Administration Service. Use the Exchange Server 2007 Setup program to install the Management Tools on the computer where you plan to install the Administration Service.
- To perform the Move Mailbox task on Exchange 2003, Active Roles requires the Exchange Management Tools for Exchange 2007 to be installed on the computer running the Administration Service.
- Microsoft Exchange Server 2013 Remote Shell
Active Roles uses remote Shell to manage Exchange 2013 recipients. Remote Shell requires the following software on the computer running the Administration Service:
- Windows Server 2012 or Windows Server 2008 R2 SP1 operating system
- Microsoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868 )
- Windows Management Framework 3.0 (see "Windows Management Framework 3.0" at http://go.microsoft.com/fwlink/p/?LinkId=272757 ).
Remote Shell also requires the following:
- TCP port 80 must be open between the computer running the Administration Service and the remote Exchange 2013 server.
- The user account the Administration Service uses to connect to the remote Exchange server (the service account or the override account) must be enabled for remote Shell.
- Windows PowerShell script execution must be enabled on the computer running the Administration Service.
- Operating System on Domain Controllers
Active Roles retains all features and functions when managing Active Directory on domain controllers running any of these operating systems, any edition, with or without any Service Pack:
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 R2
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
Notes
- Domain controllers running Microsoft Windows 2000 Server are not supported by Quest One Active Roles. Ensure that the Active Directory domains managed by Quest One Active Roles do not have Windows 2000 Server based domain controllers.
- Active Roles deprecates managed domains with the domain functional level lower than Windows Server 2003. We recommend that you raise the functional level of the domains managed by Active Roles to Windows Server 2003 or higher.
- Exchange Server
Active Roles is capable of managing Exchange recipients on any of these Exchange Server editions, with or without any Service Pack:
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2007
- Microsoft Exchange Server 2010
- Microsoft Exchange Server 2013
Note Microsoft Exchange 2000 Server is not supported.
- Platform
- 1 GHz or higher Intel Pentium-compatible CPU.
- Memory (RAM)
- 1 GB or more recommended. The amount required depends on the number of objects being administered.
- Hard Disk Space
- About 100 MB of free disk space.
- Operating System
You can install the Active Roles console on a computer running any of these operating systems:
- Microsoft Windows Server 2008, Standard or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 2
- Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
- Microsoft Windows 7, Ultimate, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows 8, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
- Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
- Web Browser
Active Roles console requires Windows Internet Explorer 8.0 or later.
- Microsoft .NET Framework
Microsoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868 )
You can install .NET Framework 4.5 from the Redistributables page in the Active Roles DVD Autorun window.
- Platform
- 1 GHz or higher Intel Pentium-compatible CPU.
- Memory (RAM)
- 1 GB or more recommended. The amount required depends on the number of objects being administered.
- Hard Disk Space
- About 100 MB of free disk space.
- Operating System
You can install the Active Roles Web Interface on a Web server running any of these operating systems:
- Microsoft Windows Server 2008, Standard or Enterprise edition, 64-bit (x64), Service Pack 2
- Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Internet Services
Active Roles Web Interface requires Microsoft Internet Information Services (IIS) 7.0 or later.
On Windows Server 2008 or Windows Server 2008 R2, Web Interface requires the "Web Server (IIS)" server role with the following role services:
- Web Server/Common HTTP Features/
- Static Content
- Default Document
- HTTP Errors
- HTTP Redirection
- Web Server/Application Development/
- ASP.NET
- .NET Extensibility
- ASP
- ISAPI Extensions
- ISAPI Filters
- Web Server/Security/
- Basic Authentication
- Windows Authentication
- Request Filtering
- Management Tools/IIS 6 Management Compatibility/
- IIS 6 Metabase Compatibility
On Windows Server 2012 or Windows Server 2012 R2, Web Interface requires the "Web Server (IIS)" server role with the following role services:
- Web Server/Common HTTP Features/
- Default Document
- HTTP Errors
- Static Content
- HTTP Redirection
- Web Server/Security/
- Request Filtering
- Basic Authentication
- Windows Authentication
- Web Server/Application Development/
- .NET Extensibility 4.5
- ASP
- ASP.NET 4.5
- ISAPI Extensions
- ISAPI Filters
- Management Tools/IIS 6 Management Compatibility/
- IIS 6 Metabase Compatibility
You can use Server Manager to confirm that the "Web Server (IIS)" server role with the required role services is installed.
Additionally, Internet Information Services (IIS) must be configured to provide "Read/Write" delegation for the following features:
- Handler Mappings
- Modules
Use "Feature Delegation" in Internet Information Services (IIS) Manager to confirm that these features have delegation set to "Read/Write".
- Web Server/Common HTTP Features/
- Web Browser
Any of the following Web browsers can be used to access the Web Interface:
- Firefox 24 on Windows
- Google Chrome 29 on Windows
- Safari 5 on Windows
- Windows Internet Explorer 7
- Windows Internet Explorer 8
- Windows Internet Explorer 9
- Windows Internet Explorer 10
- Windows Internet Explorer 11
A higher version of Firefox, Google Chrome, Safari or Internet Explorer can be made to work as a Web Interface client; however, the Web Interface pages of version 6.9.0 have been tested only against the Web browser versions listed above.
The Web browser should be run on a system with screen resolution of 1024x768 or higher.
- Microsoft .NET Framework
Microsoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868)
You can install .NET Framework 4.5 from the Redistributables page in the Active Roles DVD Autorun window.
- Platform
- 500 MHz or higher Intel Pentium-compatible CPU.
- Memory (RAM)
- 512 MB or more recommended.
- Hard Disk Space
- About 50 MB or more of free disk space. If SQL Server and Collector are installed on the same computer, the amount required depends on the size of the Collector database.
- Operating System
You can install the Active Roles Collector on a computer running any of these operating systems:
- Microsoft Windows Server 2008, Standard or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 2
- Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
- Microsoft Windows 7, Ultimate, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows 8, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
- Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
- SQL Server
You can use any of these SQL Server versions to host the Collector database:
- Microsoft SQL Server 2005, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- SQL Server Reporting Services
Active Roles Report Pack requires one of the following versions of SQL Server Reporting Services software:
- Microsoft SQL Server 2005 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2008 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2008 R2 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Microsoft SQL Server 2012 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
- Operating System
You can install the Active Roles Report Pack on a computer running any of these operating systems:
- Microsoft Windows Server 2008, Standard or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 2
- Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
- Microsoft Windows 7, Ultimate, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
- Microsoft Windows Server 2012, Standard or Datacenter edition
- Microsoft Windows Server 2012 R2, Standard or Datacenter edition
- Microsoft Windows 8, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
- Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
- Quest Knowledge Portal
Active Roles Report Pack is compatible with:
- Quest Knowledge Portal 2.0
- Quest Knowledge Portal 2.5
- Quest Knowledge Portal 2.6
- Quest Knowledge Portal 2.7
- Microsoft Office Outlook
Add-in for Outlook requires Microsoft Office Outlook 2007 or later.
- Microsoft .NET Framework
Microsoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868)
You can install .NET Framework 4.5 from the Redistributables page in the Active Roles DVD Autorun window.
- Other Microsoft Office Features
Add-in for Outlook also requires:
- .NET Programmability Support for Microsoft Office Outlook
- Microsoft Forms 2.0 .NET Programmability Support
You can install this prerequisite software by selecting the following installation options in the Setup program for the Microsoft Office system:
- .NET Programmability Support under Microsoft Office Outlook
- Microsoft Forms 2.0 .NET Programmability Support under Office Tools
Resources
The 12 essential tasks for managing Active Directory Domain Services
The 12 essential tasks for managing Active Directory Domain Services
10 steps for cleaning up Active Directory user accounts
10 steps for cleaning up Active Directory user accounts
Use Active Directory groups to manage access control
Use Active Directory groups to manage access control
Active Directory delegation in ActiveRoles Server
Active Directory delegation in ActiveRoles Server
Workflow and permission capabilities in ActiveRoles Server
Workflow and permission capabilities in ActiveRoles Server
Active Directory user and group account creation in ActiveRoles Server
Active Directory user and group account creation in ActiveRoles Server
IAM for the Real World: Access Management
Access is usually the highest priority when taking on IAM challenges, but how do you do it most effectively?
- More Resources
- Communities
- Events & Demos
- Research Docs
- Videos
- Customer Stories
Take the next step
Related Products
Identity Manager
Streamline user identity management, privilege access and security
Authentication Services
Extend the compliance and security of Active Directory to your enterprise
Defender
Enhance security with two-factor authentication.
Password Manager
Give users the power to reset forgotten passwords securely
Cloud Access Manager
Get unified and secure access to overcome your most-pressing challenges
Support & Services
Product Support
Self-service tools will help you to install, configure and troubleshoot your product.
Support Offerings
Find the right level of support to accommodate the unique needs of your organization.
Training & Certification
Training courses delivered through online web-based, on-site or virtual instructor-led.