• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 61 subscribers
  • Views 3657 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quest One Active Roles - 6.9.0.5424 - Configuration

mobieus
over 8 years ago

We have a rather large implementation. Staff has changed much since the original deployment to what is in operations now. Is there any way to "see exactly what Active Roles is controlling / hooked into" in our environment? Can the configuration be "dumped" Basically the original implementers are no longer engaged and we want to see under the hood. Any thoughts or suggestions?

  • 0 over 8 years ago

    You probably could script it but unless everything is using built in configuration with no script policies I doubt it would make much sense and you would need to go back and .reverse engineer it anyway.

    You could use the ADToplogy generator provided free by MS ( which drives VISIO ) which is great but in complex environments the output won't be of much use to you. 

    At the end of the day you will just need to look at each policy and work out the scope and what each policy is supposed to do and then document it. 

    It's resource intensive and shoul dhave been done when you put it in but nows as good a time as ever to do it and it will give whoever soes it a great understanding of how it's all strung together.

  • 0 over 8 years ago

    You have a couple of options:

    1) The Collector & SSRS-based Knowledge portal can give you report-style information about what policies are in use and what access templates are linked to what OU's.  You need to run the Collector to obtain the raw data in order to run the reports.

    2) You can also use PoSh to interrogate the configuration to see the linked access templates in raw form:

    Get-QARSAccessTemplate

    Get-QARSAccessTemplateLink

    For policy objects, it's a bit more complicated.

    You would need to use Get-QADObject with the -proxy switch (binding to the container(s) in ARS holding your polices) to get a list of the policies and then obtain these properties of them:

    PolicyObjectAdsPath
    SecurableObjectAdsPath

    'Hope this helps.

  • 0 over 8 years ago

    The trouble is all you will get out are a list of the settings and not the intent of the settings which is really what you want. 

    The real usefulness of a script to enumerate all of that would be to use as a comparison to check what changed in your environment.  It wouild take some time to write I'm sure, probably longer than eyeballing the environment and  making notes. 

    This is a script I use in my environment to document OU delegation and also to use to report on changes although I also use CAAD to capture these.

    gallery.technet.microsoft.com/Active-Directory-OU-1d09f989

  • 0 over 8 years ago

    Lee

    While I take your point, the OP was fairly clear in asking about how to obtain information about the current state of the environment:

    Is there any way to "see exactly what Active Roles is controlling / hooked into" in our environment? Can the configuration be "dumped"

    And no, the information obtained using the scripting methods I suggested is not going to be the friendliest to look at but it will start them down the road of figuring out what they have.  [:)]