Release Notes
Previous Releases
7.5
41 min
major new features new privileged accounts management module (pam) manage service accounts / administrator / vendor / non ad / active directory group managed service accounts (gsma) and other sensitive accounts track where these accounts are used periodic review and attestation processes by owners and other the individual users password expiration and management processes on demand access to servers and other resources pam dashboard connectors web ui allows users to manage connectors from the activate web portal search connector space run connector workflows change connector row status/actions user favourites manager allows users to reorder and manage favourites favourites are now available from the main search bar multiple user delegations users can how have multiple future or current delegations history of delegations is now kept for reporting and audit purposes a defaultuserdelegate user reference/user can be added to any role when a user is added to the role the system will automatically delegate their approvals to the defaultuserdelegate microsoft teams ability to set/update team photo create team based on template new rate limiting and throttling for web apis and remote powershell remote powershell calls to azure are now limited to 25/5sec new integration outbound queuing across multiple requests ability to document custom web api's using swagger breaking changes the format for the activate proxy settings has changed this only affects customers that have set custom proxies in 7 0 or later net and windows use different formats to specify proxy addresses this causes problems when identifying issues activate previously used the internal net regex format (which requires an extra dot ( ) at the beginning of the path formats activate now uses a windows file mask format which is easier to use and consistent with windows netsh winhttp settings therefore any current proxy settings should be changed from net regex to standard file path mask format with leading of trailing " " wildcards for example, " proxy local" should be " proxy local" remove the leading " " general workflow added workflow finally action notifications fixed up some cases where notifications were sent to delegates rather than the original users group/user notification options are moved from extensionattribute1 into the activate database genericdirectoryprovider enabled groups allow enable and isenabled and isavailable connectors added the ability to limit total run time of a processchanges step added connector view right allow add/remove member for roles ad cache history added ability to track major changes of properties in adcache the following properties are tracked dn, displayname, domainname, mail, managerguid, employeenumber,status, objectsid, upn, azureid, azureupn decide parameters can now be numbers decide clauses can then be <, <=, >=, >, !=, r0 r1, n exchange export pst allow customisation of export name enhanced genericdirectoryprovider allow groups allow enable/disable and isavailable jobs allow job properties to access task commonproperties table change status description to disable delay information jobaction added lastdelay property serviceinstance added isactionpending property searching added secondary name to index this is used to store the users email address and allows better matching fixed security checking check permissions on the baseobject not the object where the parameter is defined if it is inherited change jobquery to varchar(max) to allow longer queries provisioning directory searcher fixed up issue where top level and queries did not work correctly fixed up optimisation issue with multiple ldap queries where the scopes where not merged correctly for example assuming available = ou available = ou2 available = (ou + (objectclass=contact)) previously this was optimised to ldap\<ou, ou2, ou; (objectclass=contact)) meaning only contacts will be shown the correct result is ldap\<ou> ldap\<ou2> ldap\<ou; (objectclass=contact)> misc changes connector userchangehandler pass user as default context added =//system/isimpersonating added job currentapprovers fixed issue with name generator with trailing spaces fixed issue with copynewelements fixes issue with templates not working to override values sometimes web browse instances enhancements load via ajax added clear query option added bindingtemplate control for web instance search added search tracing and output for the activate developers system role improved error handling allow web instance list to be a web form the web form must contain a single list control of the appropriate type this allow greater and easier customisation of the list this works for assetinstancelist, joblist, connectordatalist, serviceinstancelist, folderaccesslist, mailboxaccesslist, wssaccesslist file attachment view added tooltip to show size / last modified etc in a similar manner to explorer approval re organised approval buttons to improve flow job list faster loading job views added job preview added ability to customise job details footer user properties / services tab highlight services with pending actions ability to show these services at the top of the tab new daterangepicker control activate web grid ability to provide custom css for rows and cells new editform ability consolidate and standardise template columns workflow summary fixed display issue with jobs that have multiple tickets changed default click to editing item rather than showing properties show tooltips for more items fixed issue with editing current jobs evaluator added topath() function that will ensure that the "=" is added if required for a path like // binding changes textbox/datetime etc controls will now clear the controls if bound to an empty item in the arguments render modes moved render mode from a global to a container based item, this allows sub panels to be rendered differently from the entire page misc fixes fixed select issue for disabled users browseobjects control added nosort option fixed time picker issue when browser localisation set 12hr format to a m or p m enhance expressionvalidator fixed case where confirm dialog on cancel was being shown when it wasn't required service canorder changed so that only the current user needs add (was checking target user as well) item card hide unpublished children updated msgraph, newtonsoft json and jquery versions fixed min/max datetime issues with datetimepicker fixed issue with pending install message on service instances fixed issue with service images not showing in the shopping cart don't show old notifications for users that have never logged in fixed order service when editing an existing service instance and clicking cancel leaves the item in the job job owners are now all current approvers fixed issue with gototaskstartpage not working if the first two items are forms with no page id's and the when clause on the first one is false service instance owners are now the service owners allow activategridcolumn navigateurl to be an activate path defaults to showing properties for object allow badgetext on tabs fixed issue when page size is changed reset index to 0 fixed sort order issue for listpanel fixed job attachment issue when in shopping cart fixed issues with users using back button and able to duplicate service instances and child service instances fixed when issue on complete job administrator new faster script editor support for c# 8 new find dialog ability to filter autocomplete lists fixed issue where // as a comment showed the autocomplete window workflow editor enhancements added editable xml tab enhanced approval node properties split existing dialogs into separate properties added validation checking ui web form editor added ability to edit the xml in the editor rather than needing to change the text mode enhanced activatewebgrid editing added activateusagedatasource, query accessor and binding template editing allow height/width for dialogs to be set new job properties window ability to view a jobs properties in a separate window view multiple jobs at the same time added ability to view owners on all activate objects history view enhanced security descriptor changes to show the object being modified parameter view colour code and highlight parameters that have security set copy behaviour copying an object or parameter will now copy the security assigned to that object in the past the security was removed fixed an issue when copying parameters based on xml where the value was duplicated sometimes promote to master enhancements new clearer dialog ability to overwrite security fixed issue with notes not being logged with parameters new links to online help for enum and binding styles misc fixes fixed issue with duplicating bindings in web form editor for recreated controls fixed issue where workflow strings where being used when they shouldn't user account control moved log file to logfiles and to users temp if users is not running as admin computer types added \<match type='all'> fixed issue showing properties for a deleted computer activate anywhere enhanced oauth integration allow logout improved logon flow allow tracing of user login for debugging activate 7 5 0a 9/2/21 added user ownerof privliegedaccounts fixed issue in form aspx if panel1 was used as a control improved error message if ordering a duplicated item added selectmailboxes and selectprivliegedaccounts pages fixed missing click handlers in activate admin > approval rights added missing job status icon created32a png icon browse services disable quick add if there are any expiry options other than 'all' this stops cased where the options may be set to 'date' or something other than none and the user can add a service without selecting a date auto is still a better option provisioningdirectorysearcher fix recursion issue if an expression is used as the available objects apply template protected="1" in a template will not override the values in the job service references options are stored with guid not internal page now this only affects new values new processflags supressscripts is available on processchanges serviceprocessflags has also been added when applying role defaults serviceinstancedetails fixed broken link userdirectory fixed lastlogin issue when value has never been set connectors job context changes the current job is used if set otherwise the jobid from the connector a new connector task (defaults to //tasks/system tasks/background/connector logs) is created each 24hrs if required this is similar to the previous version the major difference is that the current job will be used if present always submit subjoins under the connector job not the current job added background clean up of connector logs over a year old added imageslider control fixed administrator html editor changed flag issue webform intellisense issue after editing allow browseobjecttree to work for services added option properties and option properties toobar for options on services fixed issue with setting web proxies by wizard proxy settings are now stored using file wildcard formatting and converted the regex returned by ,net when set store setparameter being called on invalid objects ie user setparameter() activate admin fixed connector ui issue where maxupdate and maxcreate where not set correctly reopen toolbox when a form is brought to the foreground fix assetinstancequery where id==0 set job when forwarding emails fixed evaluator optionalinvoke issue fixed an issue with editing options on confirm pages activate 7 5 0b 12/3/21 fix workflow summary issue with draft jobs selectxxx controls changed to displaynames activate admin fix html/webform editor binding issue fix activateusage query binding fix issue where computers where sometimes included with users in previous user selections increase adcache column sizes for very large azure team names fix azure group sync issue where a failure with a single group could stop the import teams enhancements added channel create/update/delete support added channel tab and settings tab to team properties added ability to update team settings added ability to set sensitivity label for teams activate 7 5 0c 29/3/21 team enhancements changes for azure group/role members/owners async functions to fix a race conditions that occurs on certain hardware fix issue with mailbox resource sync where mailbox was not present added missing team disabled image activate administrator fix issue with web form editor incorrectly creating new task arguments as xml type not task arguments activate 7 5 1 18/6/21 general smtp send throttling azure has introduced a low smtp send limit that some customers have hit if using azure as their smtp server activate will now limit the number of messages send to 30/minute (2/second) which is the new limit there is also a new limit of the number of threads/connections that can be opened activate will now single thread all messages to azure smtp all other servers are throttled to 60/minute (1/second) which is the default for most other cloud services this limit applies to internal exchange smtp server's as well if the limit is exceeded then the smtp messages will be queued locally and the queue will be processed using the normal activate queue processing until cleared changed the status of queued jobs to waitaction to make more consistent with other tasks connectors allow connector scripts to return objects adlinkhandler cache links so that they are only obtained once per row this speeds up custom lookup values fix an issue with multi domain environments where if an object is deleted and created with the same dn then the sync and cache could create duplicate entries with the old guid and new guid for the same dn added ability in multi domain environments to look up objects in other domains for gc style searches fix an issue where deleted groups group be returned from getgroupextendedproperties fix an issue with ad compliance where deleted groups left the members data in the database activate portal fix is issue where a bad expression could crash the application fix an issue where the default computer was not set when ordering services for a computer fix an issue where allowdeleted for selectuser did not work fixed missing icon for disabled teams activate administrator added a start up warning if the license is going to expire in the next 30 days fix precreate,predelete workflow handler editing fix approval validation onload on being saved added owners to pam accounts html editor fix double paste issue added missing topath to expression dialog added ability to send a reminder to other users fix xml editor where attributes where not copied on a paste sometimes fix an issue when clearing binding in the form editor fix display of times in ad properties where time zone was not converted correctly fix issue where editing powershell scripts was broken activate azure connector fix sync issue where deleted cloud groups where not deleted from the cache fix sync issue where invalid data could cause the sync to stop fix sync issue where importing external users and the local user could be marked as deleted incorrectly fixed a memory leak in sql when importing users activate anywhere changed the error message when the ad azure token expires to a more user friendly message asking them to login again fix ssl only web config issue activate 7 5 1a 20/7/21 fixed issue with active delegations calculation fixed spelling typo in delegations email fixed delegation email message where the incorrect user was sometimes listed activate 7 5 1b 23/7/21 fixed issue with expressionvalidator not validation correctly when activatebind is set activate 7 5 2 4/10/21 breaking change updated microsoft owin/oauth and graph libraries to the latest versions this fixes a number of bugs that were present in the previous libraries however, these libraries are incompatible with the msol v1 powershell library that some customers are still using the msol v1 powershell commands are no longer supported by microsoft and microsoft recommend moving to the newer v2 libraries which are compatible https //docs microsoft com/en us/powershell/azure/active directory/overview?view=azureadps 2 0\&preserve view=true however, this new powershell library just calls the ms graph webservice from powershell and activate recommends using the native activate ms graph connectivity rather than powershell fixed issue with replication delays sometimes causing a user to be marked as deleted in the cache as soon as it is created fixed an issue where gmsa could not be searched for as users fixed a pam account issue where the cache could not resolve the account fixed issue with converttodirectorylist adding contacts for hardcoded email addresses without a guid in dummy contact this meant that duplicates were detected when they shouldn't have been fixed issue where disabled datetimepicker controls where still validated fixed an issue with selectprivilegedaccounts not being able to select a searched account updated stats to include licensed users enabled azure device syncing fixed issue with azure ad auth and exchangeonline where the token would timeout after an hour fixed an issue with provisioning searcher not finding custom resource items if a subtree was searched activate admin fixed issue with saving html editor when dialog is closed browsercodenavigate was very slow changed to read and save html because closing dialog renamed job query complete to finished to make it easier to distinguish between states fixed a connector issue where the log file was not loaded if there was an error generating the schema fixed an issue where package export to master did not save the reason activate anywhere updated own libraries fixed issue with the token expiring and not being refreshed activate 7 5 3 8/2/22 role change enhancements added ability to batch multiple role changes into a single 'transaction' see move user for examples this means that if two role have the same defaults it will only be applied once added ability to apply or remove service defaults via a task rather than applied directly entitlementaddprocess/entitlementupdateprocess/entitlementremoveprocess parameters can be specified on services to control this process in a similar way to orderprocess these tasks are responsible for obtaining any approvals and creating, updating or removing the entitlement as required added loadrolemembersservices and getuserchanges to role to enhance order default services added update default services task azure enhancements allow enable(true/false) to work for cloud only users changed office365administration from msonline to azuread because msonline clashes with the new jwt libraries allow mailboxsettings to be set by graph rather than powershell this is now the default for exchange online general fixed issue where an internal search could return an incorrect ref type fix performance issue with getpendinggroups for large sites added privileged account support for getobjectpath fix a caching issue when attempting to update a current attachment fix rate limiter configuration issue enable sqlresource to be searchable by selectresource control enhance sqlresource to make it easier to enable search and set parameters for a specific depth approvals fix issue with requiredapprovals="all" where waitinfo was counted and meant the approval could not be completed also fix issue where override approval did not work if this was set fix wait issue where timeout was reset to 7 days if the child job changed selectmultipleprovisioningobjects changed default binding from name to displayname fix issue with orderservice aspx if the service is set into the job to be updated this can cause a duplicate to be shown fix getanddeletedcacheinfo rowcount allow ldap >sql conversion to handle quoted (') values and changed default number check from just first digit to evaluator isnumber fix issue were activate admin would cache owners refresh cached owners on refresh activate 7 5 3a 28/2/2022 allow expressionvalidator scripts to set the errormessage into the job fix issue with parameterlist binding when bound in a formpanel with a subbinding fix issue with selectmultipleobjects binding when bound in a formpanel with a subbinding fixed a bug introduced in 7 5 2 where group members of cloud only groups were not syncing members because the new microsoft graph library has moved from newtonsoft json to system text json added ability to filter by errors in connector search add an option to orderservices to bind all child options even if not changed bindonlychangedoptions activate 7 5 3b 24/3/2022 fix an issue with reoccurring costs not being calculated based on instance information getuserchanges not turnings on track changes for updated xml values exchangesendrecievepermissions allow custom bind root fix an issue with orderprocess if there was no entitlement process fix an issue where a synchronous workflow ran the first script in the web and job engine fix issue where compound properties like azure mailboxsettings did not work sometimes for hybrid users activate 7 5 3c 15/5/2022 fix an issue from 7 5 3 where searching for assets in a selectasset control did not work sometimes changed the definition of 'this year' in the date range control from 'year to date' to the entire year fix an issue where deleted computers in ad compliance would cause an exception if the computer was never in adcache activate 7 5 3d 31/7/2022 fix an issue with exchange online oauth where the token was not refreshed sometimes when sync processes took over an hour this caused random access denied as the token expired the token is now automatically refreshed 5 minutes before it expires and the powershell session is automatically reconnected with the new token fix an issue on some sites where active directory dc's are returning nosuchobject for valid users activate took this to mean that the object had been deleted and marked the object as 'x' in adcache this error is now ignored and the process will fail because active directory does not have the object, however, the object will not be marked as deleted there is a new background process that should be added to the overnight process for non ad complicate sites that queries the active directory 'deleted' folder and marks those objects as deleted fix in issue with dl rights control where loading existing permissions marked the permissions as changed sometimes and therefore forced an update when it wasn't required fix issue with mailboxresource sync where the log message did not show the email address for some errors activate 7 5 3e 1/11/2022 allow multiple exchange online resources and allow different configuration for different tenants pscredentials can now be specified on an exchangeonlineresource and these credentials will be used to connect to the correct tenant and perform any powershell commands fix an issue with filesyncconnector where the filepath was not set correctly fix azure invite guest so that the azureid is set immediately this allows the guest user to be added to a group immediately and not need to wait for a sync allow exazureid and exazureupn to be set via user properties in the past this created a property in the extended table and not in adcache activate 7 5 3f 17/11/2022 fix and issue where a service that was both computer and user based and changing from computer to user did not clear the computer from the service activate 7 5 3g 24/11/2022 fix an issue with cloud only users and guests where adding them to a service worked, but the user was not resolved correctly when viewing the service instance activate 7 5 3h 14/12/2022 fix an issue with cloud only groups and users where not having a photo caused a timeout trying to select the user/group from a selectuser/selectgroup control fix in issue from 7 5 3e where having a office 365 user with a different email address from the default tenant meant that the default azure connection was not found fix an issue where a remoteusermailbox was not correct detected as a user account fixed isowner for pam and mailbox resource to allow toolbar buttons to be secured to owners fix exchange online oauth mailbox polling to detect expiration of the oauth token and re authenticate, also get new token on disconnect updated getusagestats activate 7 5 3i 28/2/2023 added 'availableimpersonateusers' parameter on the "allow impersonate role" to limit the users that can be impersonated the allow impersonate role previous allowed any user to be impersonated if you are in this role this change increases security by allowing this set to be limited to a set of users for example, in qa it may only allow you to impersonate qa users and not production users if the parameter is not set you will get an error as there are no users that you can impersonate limit the roles returned from getuserfolders etc to prevent performance issues on sites with a large number of broken inherited aces fix an issue with updatecachewithdeleted in a multiple forest/domain situation where the remote domains did not work correctly allow trusted domains to be scanned as well activate 7 5 4 17/3/2023 in december 2022, microsoft announced that they are deprecating the remote powershell protocol for exchange online in june 2023 activate 7 5 4 adds support for the new microsoft v3 module connection method further information is available here microsoft rps deprecation june 2023 customers using exchange online must upgrade to this version before june 2023 the powershell exchange online management module must be installed for all communication to exchange online this affects any powershell commands and functions dealing with distribution lists, shared mailboxes or user mailboxes the above link contains information on how to install this module please note, that while microsoft have said that this is completely compatible with the previous remote powershell connection this is not 100% true simple command lets that just set data are ok, however, if you have custom scripts that read data from exchange online, these should be tested as the return types are sometimes slightly different warning there is a bug in the exchange online exo3 module which means that calling disconnect exchangeonline commandlet will disconnect all sessions for the user this is across any device and any connection therefore do not call disconnect exchangeonline in any custom scripts or any powershell command for the activate office 365 user this can be also could be done via an activate script in c# or powershell or from any powershell session on any computer on the customer network if this happens you will see the following errors starting to occur exception calling "getcurrentconnectioncontext" with "1" argument(s) "you must call connect exchangeonline before calling any other cmdlet " other changes fix an issue with exchange online where setting permissions on a mailbox while forwarding is active can clear or change the forwarding address when it shouldn't however, this change means that the forwarding address cannot be cleared without using powershell directly there appears to have been a recent powershell or net update that has affected the behavior of powershell scripts that are run within activate they now run on a separate thread and this means the activate instance will be stay allocated causing a memory leak for every powershell script that is run this can cause your server to run out of memory this versions adds an enhancement to ensure the activate instance is released by wrapping the script in a try/finally statement automatically this can be added manually to existing scripts on previous versions to fix this issue try{ \#your script goes here } finally { \[innovation activate provisioningsystem] release() } activate 7 5 4a 2/5/2023 fix an issue where labelwidth on listpanel and optionalpanel not honoring an inherited value set on a parent panel automatically disable any newly discovered domains fix issue with displaymore when referencing a temp job and the displayname is blank activate 7 5 4b 22/5/2023 fix an issue introduced in 7 5 4 with the powershell release() when a powershell script is called from another script this causes the job to be cleared incorrectly and can cause subsequent scripts that are called to fail because the job is no longer set activate 7 5 4c 3/10/2023 this release primarily to workaround a bug in the microsoft exchange exo3 powershell rest commands important the required version of the exchange online module is now 3 3 0 this must be installed for this version to work newer versions are not guaranteed to work implement a workaround for a bug in microsoft exchangeonline powershell module on net framework ( net core for v8 is not affected) the bug appears randomly and results in zero results being returned from exo rest commands this affects mailbox syncing and potentially other exo3 rest commands this is caused by the powershell module calling an systemevents api when using the rest api, which will fail in any context that has asp net loaded in a specific order activate loads parts of asp net to render web forms in the activate job service, therefore any call after the asp net part of loaded will fail this work around preloads the systemevents methods which means it is permanently loaded and by passes this error allow increased logging of powershell commands used by the exchange online module automatically call disconnect exchangeonline when the number of sessions reaches zero should help clean up temp files left by the exo3 module more error checking in execasync function fixed issue with exists when using guid for cloud only objects activate 7 5 4d 17/11/2023 fix an issue with listpanel radiobutton mode not working in horizontal mode reverted default layout to vertical activate 7 5 4e 4/12/2023 fix an issue exo module change where sendas rights did not sync correctly from azure if updated manually in azure activate 7 5 4f 21/08/2024 fixed an issue where userlog entries are added when owners collection is loaded fixed an issue where optionalpanel didn't bind correctly when the panel had no child controls fixed an issue with fetching required services when there was another parameter named required