ActiveRoles Server

Simplify the security of your Active Directory

ActiveRoles Server provides out-of-the-box user and group account management, strictly enforced administrator-based role security, day-to-day identity administration and built-in auditing and reporting for Windows-centric environments.

Simplify the security and protection of your Active Directory in order to solve security issues and meet compliance requirements with the help of ActiveRoles Server. With automated tools to efficiently manage users and groups, as well as Active Directory delegation, ActiveRoles Server helps you to overcome Active Directory’s native limitations, enabling you to do your job faster. You can afford to meet your business requirements today and in the future thanks to ActiveRoles Server’s modular architecture.

With ActiveRoles Server, you can:

  • Eliminate unregulated access to resources while protecting critical Active Directory data
  • Automatically create user and group accounts for secure management in AD and AD-joined systems

Features

Secure access—Enables you to control access through delegation using a least privilege model in order to  protect Active Directory. You’ll be able to generate and strictly enforce access rules based on defined administrative policies and permissions, eliminating potential errors and inconsistencies common to native approaches to AD management. Not to mention you can establish an IT process based on your business requirements thanks to the tool’s robust approval procedures, to complement the automated management of directory data

Automate account creation—Automates a wide variety of tasks, including:

  • Creating user and group accounts in AD
  • Creating mailboxes in Exchange
  • Managing groups
  • Assigning resource in Windows

Ensure an efficient and secure administrative process by automatically reassigning and removing user rights in AD and AD-joined systems (including user and group de-provisioning) with ActiveRoles Server. Update a user’s access rights when they need to be changed or removed automatically in AD, Exchange, SharePoint, OCS, Lync and Windows, as well as any AD-joined systems, such as Unix, Linux and Mac OS X.

Day-to-day directory management—Simplifies management of:

  • Exchange recipients, including mailbox/OCS assignment, creation, movement, deletion, permissions and distribution list management
  • Groups
  • Computers, including shares, printers, local users and groups
  • Active Directory, including AD LDS

You can also improve day-to-day administration and help desk operations with the tool’s intuitive interfaces via both an MMC snap-in and a Web interface.

Manage groups and users in a hosted environment—Combines with Quick Connect to synchronize AD domain clients with a host AD domain in hosted environments. ActiveRoles Server enables user and group account management, while also synchronizing attributes and passwords, from the client domain to the hosted domain. Synchronize your on-premises AD accounts to cloud-based services, such as Salesforce.com, Google Apps, Microsoft Office 365, Lync Online and SharePoint Online, using the tool’s out-of-the-box connectors.

Consolidate management points through integration—Ensures easy integration with many Dell products, including Quick Connect, Identity Manager, Privilege Password Manager, Desktop Virtualization, Authentication Services, Defender, Password Manager, Webthority and ChangeAuditor, with the tool’s Extend All feature in order to simplify and consolidate management points. ActiveRoles Server also automates and extends the capabilities of PowerShell, ADSI, SPML and customizable Web interfaces.

Specifications

Quest One ActiveRoles includes the following components:

  • Administration Service
  • Console (MMC Interface)
  • Web Interface
  • Collector
  • Report Pack
  • Add-in for Outlook

The tables below outline system requirements for installing and running each of these components.

Administration Service hardware and software requirements

Platform1 GHz or higher Intel Pentium-compatible CPU.
Memory (RAM)1 GB or more recommended. The amount required depends on the total number of managed objects.
Hard Disk Space100 MB or more of free disk space. If SQL Server and Administration Service are installed on the same computer, the amount required depends on the size of the ActiveRoles database.
Operating System

You can install the Administration Service on a server running any of these operating systems:

  • Microsoft Windows Server 2008, Standard or Enterprise edition, 64-bit (x64), Service Pack 2
  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition
SQL Server

You can use any of these SQL Server versions to host the ActiveRoles database:

  • Microsoft SQL Server 2005, any edition, 32-bit (x86) or 64-bit (x64), Service Pack 2 or later
  • Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack

Microsoft SQL Server 2012 Native Client is required on the computer running the Administration Service. You can install SQL Server 2012 Native Client from the Redistributables page in the ActiveRoles DVD Autorun window.

Microsoft .NET FrameworkMicrosoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868)

You can install .NET Framework 4.5 from the Redistributables page in the ActiveRoles DVD Autorun window.

Windows Management FrameworkWindows Management Framework 3.0 (see "Windows Management Framework 3.0" at http://go.microsoft.com/fwlink/p/?LinkId=272757)
ActiveRoles Management Shell for Active DirectoryAdministration Service requires version 1.7 of Quest One ActiveRoles Management Shell for Active Directory.

The Administration Service Setup program automatically installs the appropriate version of ActiveRoles Management Shell. Optionally, you can install ActiveRoles Management Shell from the Solutions page in the ActiveRoles DVD Autorun window.

Microsoft Exchange Server Management Tools
  • To manage Exchange 2010 recipients, ActiveRoles requires the Management Tools for Exchange 2010 Service Pack 3 or later to be installed on the computer running the Administration Service. Use the Exchange Server 2010 Setup program to install the Management Tools on the computer where you plan to install the Administration Service.
  • To manage Exchange 2007 recipients, ActiveRoles requires the Management Tools for Exchange 2007 Service Pack 2 or later to be installed on the computer running the Administration Service. Use the Exchange Server 2007 Setup program to install the Management Tools on the computer where you plan to install the Administration Service.
  • To perform the Move Mailbox task on Exchange 2003, ActiveRoles requires the Exchange Management Tools for Exchange 2007 to be installed on the computer running the Administration Service.
Microsoft Exchange Server 2013 Remote ShellActiveRoles uses remote Shell to manage Exchange 2013 recipients. Remote Shell requires the following software on the computer running the Administration Service:

Remote Shell also requires the following:

  • TCP port 80 must be open between the computer running the Administration Service and the remote Exchange 2013 server.
  • The user account the Administration Service uses to connect to the remote Exchange server (the service account or the override account) must be enabled for remote Shell.
  • Windows PowerShell script execution must be enabled on the computer running the Administration Service.
Operating System on Domain Controllers

ActiveRoles retains all features and functions when managing Active Directory on domain controllers running any of these operating systems, any edition, with or without any Service Pack:

  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2

Notes

  • Domain controllers running Microsoft Windows 2000 Server are not supported by Quest One ActiveRoles. Ensure that the Active Directory domains managed by Quest One ActiveRoles do not have Windows 2000 Server based domain controllers.
  • Quest One ActiveRoles deprecates managed domains with the domain functional level lower than Windows Server 2003. We recommend that you raise the functional level of the domains managed by Quest One ActiveRoles to Windows Server 2003 or higher.
Exchange Server

ActiveRoles is capable of managing Exchange recipients on any of these Exchange Server editions, with or without any Service Pack:

  • Microsoft Exchange Server 2003
  • Microsoft Exchange Server 2007
  • Microsoft Exchange Server 2010
  • Microsoft Exchange Server 2013

Note Microsoft Exchange 2000 Server is not supported.

Quest One ActiveRoles Console (MMC Interface) hardware and software requirements

Platform1 GHz or higher Intel Pentium-compatible CPU.
Memory (RAM)1 GB or more recommended. The amount required depends on the number of objects being administered.
Hard Disk SpaceAbout 100 MB of free disk space.
Operating System

You can install the ActiveRoles console on a computer running any of these operating systems:

  • Microsoft Windows Server 2008, Standard or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 2
  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows 7, Ultimate, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition
  • Microsoft Windows 8, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
  • Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
Web BrowserActiveRoles console requires Windows Internet Explorer 8.0 or later.
Microsoft .NET FrameworkMicrosoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868)

You can install .NET Framework 4.5 from the Redistributables page in the ActiveRoles DVD Autorun window.

Quest One ActiveRoles Web Interface hardware and software requirements

Platform1 GHz or higher Intel Pentium-compatible CPU.
Memory (RAM)1 GB or more recommended. The amount required depends on the number of objects being administered.
Hard Disk SpaceAbout 100 MB of free disk space.
Operating System

You can install the ActiveRoles Web Interface on a Web server running any of these operating systems:

  • Microsoft Windows Server 2008, Standard or Enterprise edition, 64-bit (x64), Service Pack 2
  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition

Internet Services

ActiveRoles Web Interface requires Microsoft Internet Information Services (IIS) 7.0 or later.

On Windows Server 2008 or Windows Server 2008 R2, Web Interface requires the "Web Server (IIS)" server role with the following role services:

  • Web Server/Common HTTP Features/
    • Static Content
    • Default Document
    • HTTP Errors
    • HTTP Redirection
  • Web Server/Application Development/
    • ASP.NET
    • .NET Extensibility
    • ASP
    • ISAPI Extensions
    • ISAPI Filters
  • Web Server/Security/
    • Basic Authentication
    • Windows Authentication
    • Request Filtering
  • Management Tools/IIS 6 Management Compatibility/
    • IIS 6 Metabase Compatibility

On Windows Server 2012 or Windows Server 2012 R2, Web Interface requires the "Web Server (IIS)" server role with the following role services:

  • Web Server/Common HTTP Features/
    • Default Document
    • HTTP Errors
    • Static Content
    • HTTP Redirection
  • Web Server/Security/
    • Request Filtering
    • Basic Authentication
    • Windows Authentication
  • Web Server/Application Development/
    • .NET Extensibility 4.5
    • ASP
    • ASP.NET 4.5
    • ISAPI Extensions
    • ISAPI Filters
  • Management Tools/IIS 6 Management Compatibility/
    • IIS 6 Metabase Compatibility

You can use Server Manager to confirm that the "Web Server (IIS)" server role with the required role services is installed.

Additionally, Internet Information Services (IIS) must be configured to provide "Read/Write" delegation for the following features:

  • Handler Mappings
  • Modules

Use "Feature Delegation" in Internet Information Services (IIS) Manager to confirm that these features have delegation set to "Read/Write".

Web Browser

Any of the following Web browsers can be used to access the Web Interface:

  • Firefox 24 on Windows
  • Google Chrome 29 on Windows
  • Safari 5 on Windows
  • Windows Internet Explorer 7
  • Windows Internet Explorer 8
  • Windows Internet Explorer 9
  • Windows Internet Explorer 10
  • Windows Internet Explorer 11

A higher version of Firefox, Google Chrome, Safari or Internet Explorer can be made to work as a Web Interface client; however, the Web Interface pages of version 6.9.0 have been tested only against the Web browser versions listed above.

The Web browser should be run on a system with screen resolution of 1024x768 or higher.

Microsoft .NET FrameworkMicrosoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868)

You can install .NET Framework 4.5 from the Redistributables page in the ActiveRoles DVD Autorun window.

Quest One ActiveRoles Collector hardware and software requirements

Platform500 MHz or higher Intel Pentium-compatible CPU.
Memory (RAM)512 MB or more recommended.
Hard Disk SpaceAbout 50 MB or more of free disk space. If SQL Server and Collector are installed on the same computer, the amount required depends on the size of the Collector database.
Operating System

You can install the ActiveRoles Collector on a computer running any of these operating systems:

  • Microsoft Windows Server 2008, Standard or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 2
  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows 7, Ultimate, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition
  • Microsoft Windows 8, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
  • Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
SQL Server

You can use any of these SQL Server versions to host the Collector database:

  • Microsoft SQL Server 2005, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008 R2, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2012, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack

Quest One ActiveRoles Report Pack software requirements

SQL Server Reporting Services

ActiveRoles Report Pack requires one of the following versions of SQL Server Reporting Services software:

  • Microsoft SQL Server 2005 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2008 R2 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
  • Microsoft SQL Server 2012 Reporting Services, 32-bit (x86) or 64-bit (x64), with or without any Service Pack
Operating System

You can install the ActiveRoles Report Pack on a computer running any of these operating systems:

  • Microsoft Windows Server 2008, Standard or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 2
  • Microsoft Windows Server 2008 R2, Standard or Enterprise edition, Service Pack 1
  • Microsoft Windows 7, Ultimate, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64), Service Pack 1
  • Microsoft Windows Server 2012, Standard or Datacenter edition
  • Microsoft Windows Server 2012 R2, Standard or Datacenter edition
  • Microsoft Windows 8, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
  • Microsoft Windows 8.1, Professional or Enterprise edition, 32-bit (x86) or 64-bit (x64)
Quest Knowledge Portal

ActiveRoles Report Pack is compatible with:

  • Quest Knowledge Portal 2.0
  • Quest Knowledge Portal 2.5
  • Quest Knowledge Portal 2.6
  • Quest Knowledge Portal 2.7

Quest One ActiveRoles Add-in for Outlook software requirements

Microsoft Office OutlookAdd-in for Outlook requires Microsoft Office Outlook 2007 or later.
Microsoft .NET FrameworkMicrosoft .NET Framework 4.5 (see "Installing the .NET Framework 4.5" at http://go.microsoft.com/fwlink/p/?LinkId=257868)

You can install .NET Framework 4.5 from the Redistributables page in the ActiveRoles DVD Autorun window.

Other Microsoft Office Features

Add-in for Outlook also requires:

  • .NET Programmability Support for Microsoft Office Outlook
  • Microsoft Forms 2.0 .NET Programmability Support

You can install this prerequisite software by selecting the following installation options in the Setup program for the Microsoft Office system:

  • .NET Programmability Support under Microsoft Office Outlook
  • Microsoft Forms 2.0 .NET Programmability Support under Office Tools

Resources

Screenshots

loading

ActiveRoles Server

Take a tour of key functionality in ActiveRoles Server interface to experience its capabilities and ease of use.

Take a Screenshot Tour

Manage AD objects

Manage your Active Directory objects with a customizable web Interface.

Customizable web interface

Manage your Active Directory objects with a customizable web Interface.

Policies for AD objects

Keep your Active Directory tidy by applying corporate policies to Active Directory objects

Audit access

Audit in real time what users did with the access they were granted.

Automate workflow

Automate your work with workflows. Use point-and-click workflow designer for that.

Configure and manage

Configure ActiveRoles Server and manage your Active Directory objects with a desktop application.

PowerShell

Use the PowerShell module to securely manage user accounts, groups, computer accounts, etc., as well as ActiveRoles Server configuration.