Quest® Active Administrator® 8.

1
Release Notes
February 2017

These release notes provide information about this Quest® Active Administrator® release.
Topics:
• About this release
• New features
• Enhancements
• Resolved issues
• Known issues
• System requirements
• Product licensing
• Upgrade and installation instructions
• More resources
• Globalization
• About us

About this release

Active Administrator® is a complete, integrated, and proactive Microsoft® Active Directory® administration solution
that fills the management gaps native tools leave behind. From a single console, the solution addresses the most
important areas of Active Directory including security and delegation, auditing and alerting, backup and recovery,
Group Policy, health and replication, and accounts and configurations. Active Administrator makes it easier and
faster than native tools to meet auditing requirements, tighten security, maintain business continuity, and increase
IT efficiency.
Active Administrator 8.1 is a minor release, with new features and functionality. See New features and
Enhancements.

Quest Active Administrator 8.1

1
Release Notes
New features
New features in Active Administrator® 8.1:

• Active Administrator Web Console - Active Administrator® Web Console extends the functionality of the
built-in Windows® management tools for Active Directory® by allowing administrators to view and manage
security in a much more extensible interface. You can open Active Administrator Web Console on a variety
of devices in the following browsers:

▪ Microsoft® Internet Explorer 11

▪ Google Chrome™ 47

▪ Mozilla® Firefox® 44
The Active Directory Health dashboard is where you can monitor the overall health of your organization.
From the dashboard, you can view Alerts, set up Notifications, run Health Checks, and generate Reports.
The Active Directory Topology viewer lets you monitor alerts while viewing a customizable topology
diagram of your organization.
▪ Directory Health dashboard - The Active Directory Health dashboard displays read-only real-time
data about forests, sites, domains and domain controllers so you can monitor the health of your
organization. For forests, you can see forest alerts and information about the monitored domain
controllers in the forest. For sites, you can see site alerts, information about the servers, and site
links. For domains, you can see domain alerts, information about the monitored domain controllers,
replication latency, and GC replication latency. For domain controllers, you can see domain
controller alerts, an overview of performance, status of services, information about the servers and
Active Directory, and installed applications and updates.
▪ Alerts - Alerts have two levels of severity: warning and critical. As a situation escalates, a warning
alert is generated, indicating that a lower priority threshold has been violated. As the severity of the
error increases, a critical alert is generated, indicating that the higher priority threshold has been
exceeded.
▪ Notifications - You can create notifications to send to specified email recipients when alerts are
generated. A wizard helps you create multiple types of notifications to address varied audiences
and their specific needs.
▪ Health checks - A Health Check is a customizable report on forests, domains, sites, and domain
controllers. You can choose to take a snapshot of a moment in time or capture a trend over a
specified period of time. There are many different tests from which you can choose. There are also
settings to help you customize the Health Check tests.
▪ Reports - There are over seventy out-of-the-box reports to help you manage your organization.
There are four categories of reports: Active Directory Health, Active Directory Infrastructure, DNS,
and Security. Once you run a new report, the report remains open until you run another report. You
can refresh the parameters and run the report again. You also can rerun an existing report from the
History tab.
▪ Active Directory Topology - For a selected forest, you can view and customize a topology
diagram, and quickly see a list of domain controllers with their roles. Every 300 seconds, the
topology diagram is updated to get server alert status from the Active Administrator foundation
server (AFS). The node for each domain controller displays in a color to indicate its status. When
replication latency alerts are detected, the color of the link between domain controller nodes
indicates the status.
• Edit DNS zone permissions - You can edit the permissions of only DNS zones that are integrated with
Active Directory Domain Services. You can choose to edit multiple zones at one time or a single zone. If
you edit multiple zones, you can add or remove permission. If you edit a single zone, you can add, remove,
or view/edit the permissions and disable inheritance.
• Purge stale accounts - By default, inactive accounts are purged after 30 days of inactivity. You can set up
a schedule, send a notice when the account is about to deleted and/or when the account is deleted, and
prevent specific users from being deleted.

Quest Active Administrator 8.1

2
Release Notes
 • Attach remediation actions to critical Active Directory Health alerts - Remediations are actions that
execute when an Active Directory Health alert reaches its critical threshold. Several built-in remediation
actions are included with Active Administrator, but you also can create custom remediations, which can be
a PowerShell script, VBS script, batch file, or .cmd file. Once you have populated the library with the
remediations you need, you attach the remediations to alerts.
• Specify preferred domain controllers - Preferred domain controllers are used when requesting
resources from Active Directory. Normally, Active Directory assigns you the closest domain controller. You
can use this feature to specify a domain controller when a domain controller has not already been
specified.
• Support for Personal Information Exchange (PFX) (PKCS12) files - In the Certificates module, you
can now add, install, and manage Personal Information Exchange (PFX) (PKCS12) files. In the certificate
repository, certificates (.CER files) and PFX (PKCS12) files (.PFX) are separated on different tabs.
• New user role to view alerts only - The new Directory Analyzer Alert Viewer role provides read-only
access to Directory Analyzer alerts. To manage Directory Analyzer alerts, the user must have the
Directory Analyzer and the Directory Analyzer Alert Management roles. If you want a user to only view
the alerts, the user needs the Directory Analyzer and the new Directory Analyzer Alert Viewer roles.
• Schedule weekly backups - When configuring Active Directory backups, you can now schedule the
backup to run on a weekly basis on a day and at a time of your choosing. You also have an opportunity to
schedule the backup when running the Configuration Wizard.
• Customize view of security objects - When viewing all users, groups, organization units, or computers in
the Security & Delegation module, you can now select which columns of information you want to display.
All columns display by default. The Employee ID column is new to the All Users display.

• Additional supported platforms - Microsoft® SQL Server® 2016 and Windows Server® 2016.
NOTE: Active Administrator does not support Microsoft Nano Server 2016.

See also:
• Enhancements
• Resolved issues

Enhancements
The following is a list of enhancements implemented in Active Administrator® 8.1.

Table 1. General enhancements

Enhancement Issue ID
Create more descriptive error message when restore fails with We are unable to undelete 492838
objects from Windows® 2000 Domain Controllers.
Add option to run Active Directory® object backup once a week on a specific day. 496813
Add Total count to Security & Delegation | Security | View All Users, Groups, OUs, and 496815
Computers.
Add Total count to Security | View All Users, Groups, OUs, and Computers. 496815
Add Employee Number and Info columns to Security | View All Users report. 510290
Support Fine Grained Password Policies in Password Reminder. 595272

Quest Active Administrator 8.1

3
Release Notes
Table 2. Active Directory Health enhancements

Enhancement Issue ID
Add ability to edit an alert when viewing alert details. 491624
Add the Application Partition to the Active Directory Troubleshooter Forest Configuration report. 638047

Table 3. Certificate Management enhancements

Enhancement Issue ID
Add ability to specify the account that is used to pull certificates from each managed computer. 663351

Resolved issues
The following is a list of issues addressed in this release.

Table 4. General resolved issues

Resolved issue Issue ID

When applying the Update package with foreign regional and keyboard settings, the Input string 511628
was not in a correct format error occurred.
Could not manually add other domains in Configuration GPO History and Inactive Accounts. 587009
®
When upgrading the Active Administrator database from 7.0 to 7.5 to 8.0, the 594236
FK_tblCertificate_tblComputer ExecuteNonQuery failed for Database
ActiveAdministrator70 error occurred.
The Computers - Full Control Active Template delegation was not propagating fully through 597344
nested OU structures.
Accessing and modifying Fine Grained Password Policies that use the Protect from accidental 598657
deletion setting no longer throws an Object Reference error.
Added notification option to Service Monitoring Policy for when the Active Administrator Data 600297
Service has stopped.
Workstation agent audit information for accounts are not written consistently to the Active 607668
Administrator database.
Active Templates: Unable to change domain locations. 608163
Remove Alert Observed Values from the list of Active Alerts. Observed values will display when 612978
Details are requested.
Customers who do not have an Active Administrator base license, but have one or more licenses 613051
for Active Administrator modules, receive an email notification that they do not have a license.
One or more errors occur while attempting to load the forest summary. 615673
Access denied message displays when a user modifies a user account attribute. 624035
Active Template was created, applied, and enforced, but the actual Active Directory permissions 624574
were not granted.
Site information was not found because the msDS-SiteName attribute was not found. 625141
Restoring only security attributes on the domain root removes/deletes all GPOs linked at this level. 626181
Custom Active Administrator reports that include the UserAccountControl multivalue attribute 639704
with any before/after values do not display events.
Assessment reports are running without being licensed. 654142

Quest Active Administrator 8.1

4
Release Notes
Table 4. General resolved issues

Resolved issue Issue ID

If a user was explicitly added as a trustee in Active Administrator version 7.5 and that user is no 669582
®
longer in Active Directory , when upgrading to version 8.0, the configuration wizard fails on
updating/adding trustees. The missing users are seen as Domain\ on the Active Administrator User
page of the wizard.
New GPOs are not shown in the GPO Objects tab. 694162

Table 5. Active Directory Health resolved issues

Resolved issue Issue ID

The Directory Analyzer agent installed on a domain controller is not alerting when the domain 597747
controller is unavailable. Added the domain controller data collector: Domain controller
unresponsive.
Restarting the Active Administrator Data Service (ADS) issues the This domain controller is not 598500
being monitored warning. The message should now clear once the ADS completes the restart
process.
On the Active Directory Health Domain Controller Properties tab, the NETLOGON/SYSVOL 598652
share status was not updating in the display.
Active Directory Health: Sites were not listed in alphabetical order in the tree. 599801
Active Directory Health: Active Administrator Data Service (ADS) issued a Named Pipe Server 600821
Error: Cannot read pass the end of the stream.
Active Directory Health: When Directory Analyzer agents enter a warning state, an alert should 601073
appear in the active alerts list and the all alerts list. The alert view now has an option to
automatically refresh. Alert history can now be hidden.

Table 6. Azure Active Directory resolved issues

Resolved issue Issue ID

An error occurred while attempting to load Azure® Active Directory users within an Azure Active 667520
Directory domain configured for a German language operating system.

Known issues
The following is a list of issues, including those issues attributed to third-party products, known to exist at the time
of release.

Table 7. Active Directory Health known issues

Known issue Issue ID

When launching the on Active Directory Diagnostic Console from the Active Directory 668416
Spotlight® ®

Health | Analyze tab, a No default printer error occurs.

Workaround: To use the Spotlight on Active Directory Diagnostic Console, you must set a default
printer. Windows Server® 2016 sets the default printer automatically, but you should verify that it is
set.

Quest Active Administrator 8.1

5
Release Notes
System requirements
Before installing or upgrading Active Administrator® 8.1, ensure that your system meets the following minimum
hardware and software requirements.

IMPORTANT: You must be an administrator for the computer on which you are installing Active
Administrator Server. You must have the credentials of an account that can be used to create a database on
the server running SQL Server®.

• Server hardware requirements

• Server software requirements
• SQL Server requirements
• Console hardware requirements
• Console software requirements
• Audit Agent requirements
• Workstation logon audit agent requirements
• Port requirements
• User privilege requirements

Server hardware requirements

Table 8. Server hardware requirements

Requirement Details
Processor 1 GHz or higher
Memory • For Windows Server® 2008: 512 MB minimum, 2 GB recommended
• For Windows Server 2008 R2: 512 MB minimum, 2 GB recommended
• For Windows Server 2012: 1 GB minimum, 2 GB recommended
• For Windows Server 2012 R2: 1 GB minimum, 2 GB recommended
• For Windows Server 2016: 1 GB minimum, 2 GB recommended
Hard disk space 100 MB
Operating system NOTE: Only 64-bit operating systems are supported.
• Windows Server® 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
NOTE: Active Administrator® does not support Microsoft® Nano Server 2016.

Quest Active Administrator 8.1

6
Release Notes
Server software requirements
Table 9. Server software requirements

Requirement Details
.NET Framework v. 4.5.2 and 4.6 Install either the Full or Standalone version. Do not install just
the Client Profile.
Group Policy Management Console (GPMC) GPMC is included with Windows Server® 2008 and later, but is
not installed with the operating system. Use Server Manager to
install GPMC. After installation, enable GPMC through the
Server Manager Add Features Wizard.
You can launch the Add Features Wizard through Control Panel
| Programs and Features | Turn Windows features on or off.
Alternatively, from the command line, use ServerManagerCmd
-install GPMC.

SQL Server requirements

The following versions of Microsoft® SQL Server® are supported. See the Microsoft web site for the hardware and
software requirements for your version of SQL Server.
IMPORTANT: You must have the credentials of an account that can be used to create a database on the
server running SQL Server®.

• SQL Server 2005

• SQL Server 2005 Express Edition
• SQL Server 2008
• SQL Server 2008 Express
• SQL Server 2008 R2
• SQL Server 2008 R2 Express
• SQL Server 2012
• SQL Server 2012 Express
• SQL Server 2014
• SQL Server 2014 Express
• SQL Server 2016
IMPORTANT: On the server running SQL Server, you must enable Named Pipes communication, which is
off by default.
Active Administrator® requires the default collation for the audit database. In SQL Server, collation refers to a
set of rules that determine how data is sorted and compared. Active Administrator supports only the default
collation and sort order configurations for the audit database.
With SQL Server 2005, the default configuration is SQL_Latin1_General_CI_AS (SQL Server; Latin1
General; Case Insensitive; Accent Sensitive). In addition, Active Administrator also supports
SQL_Latin1_General_CS_AS (SQL Server; Latin1 General; Case Sensitive; Accent Sensitive).
If you are unsure of the collation assigned to the audit database, use the Microsoft ISQL_w or Query
Analyzer tools, connect to the database, enter sp_helpsort, and execute the statement. The results list all
sort and collation information for the database.

Quest Active Administrator 8.1

7
Release Notes
Console hardware requirements
Table 10. Console hardware requirements

Requirement Details
Processor 1 GHz
Memory 256 MB
Hard disk space 100 MB
Operating system NOTE: Only 64-bit operating systems are supported.
• Windows® 7
• Windows 8.1
• Windows 10
• Windows Server® 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
NOTE: Active Administrator® does not support Microsoft® Nano Server
2016.
NOTE: When using Windows 7 64-bit operating systems, you may
experience problems when trying to perform some operations on Active
Directory® objects, such as creating objects or viewing object properties.
When the Microsoft® RSAT tools are installed on Windows 7 64 bit, the
adprop.dll.mui and dsadmin.dll.mui files are not installed and these files are
needed by Active Administrator. Please see the Quest® Knowledge Base
and Solution Center for instructions on how to locate and copy these files to
the correct location.
NOTE: If you are using the Certificate module, see Table 11 for information
on support for SHA-2 certificates.

Table 11. Support for SHA-2 certificates

Support SHA-2 Verify SHA-2 certificates Verify SHA-2 certificates

Operating system
certificates (user mode) (kernel mode)
Windows Server 2008 supported KB2763674 Not supported
Windows Server 2008 R2 supported KB3033929 KB3033929
Windows Server 2012 supported supported supported
Windows Server 2012 R2 supported supported supported
Windows Server 2016 supported supported supported
Windows 7 supported KB3033929 KB3033929
Windows 8 supported supported supported
Windows 10 supported supported supported

NOTE: For Windows Server 2008, see KB2763674. Quest® provides the SHA-2 certificate with the
understanding that even with this update, there may be situations where the certificate cannot be verified.

Quest Active Administrator 8.1

8
Release Notes
Console software requirements
• .NET Framework v.4.5.2 or 4.6
• Group Policy Management Console (GPMC)
• DNS Server Tools

Table 12. GPMC and DNS Server Tools install information

Operating system Download links and install information

Windows® 7 GPMC and DNS Server Tools are included in Remote Server Administration
Tools (RSAT).
Windows 8
• Remote Server Administration Tools for Windows 7:
Windows 8.1
http://www.microsoft.com/en-us/download/details.aspx?id=7887
Windows 10
• Remote Server Administration Tools for Windows 8.1:
http://www.microsoft.com/en-us/download/details.aspx?id=39296
• Remote Server Administration Tools for Windows 8:
http://www.microsoft.com/en-us/download/details.aspx?id=28972
• Remote Server Administration Tools for Windows 10
https://www.microsoft.com/en-us/download/details.aspx?id=45520
To activate GPMC and DNS Server Tools
1 Open the Control Panel, click Programs and Features, and click
Turn Windows features on or off.
2 Expand Remote Server Administration Tools.
3 Expand Feature Administration Tools, and select Group Policy
Management Tools.
4 Expand Role Administration Tools, and select DNS Server Tools.
Windows Server® 2008 To active GMPC
Windows Server 2008 R2 The Group Policy Management Console, once installed, must be enabled
through the Add Features Wizard in Server Manager.
Windows Server 2012
Alternatively, from the command line, use ServerManagerCmd –install
Windows Server 2012 R2
GPMC.
Windows Server 2016
To install DNS Server Tools
1 Open the Server Manager.
2 Select Manage | Add Features.
3 Expand Remote Server Administration Tools.
4 Expand Role Administration Tools.
5 Select DNS Server Tools.
6 Advance through the wizard to Confirmation.
7 Click Install.

Quest Active Administrator 8.1

9
Release Notes
Audit Agent requirements
Table 13. Audit agents hardware requirements

Requirement Details
Processor 1 GHz or higher
Hard disk 100 MB
Memory 256 MB
Operating systems NOTE: Only 64-bit operating systems are supported.
• Windows Server® 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016

Workstation logon audit agent

requirements
Table 14. Workstation logon audit agent hardware requirements

Requirement Details
Processor 1 GHz or higher
Hard disk 100 MB
Memory 256 MB
Operating systems NOTE: Only 64-bit operating systems are supported.
• Windows® 7
• Windows 8.1
• Windows 10
• Windows Server® 2008
• Windows Server 2008 R2
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016

Port requirements
NOTE: The AFS Server is the computer on which the Active Administrator® Server is installed and running
the Active Administrator Foundation Service (AFS). The Console is the computer on which the Active
Administrator Console is installed. The AFS Database Server is the computer on which the audit database
resides.

• TCP Port 15600 must be open between Console and the AFS Server.

Quest Active Administrator 8.1

10
Release Notes
 • TCP Port 15601 must be open between the computer running the workstation logon audit agent and the
AFS Server.
• TCP Port 389 must be open between domain controllers and the AFS Server and Console.
• TCP Port 1433 must be open between the AFS Server and the AFS Database Server.
• Remote Procedure Call (RPC) must be open between the AFS Server and the target.
• When installing the audit agent on a member server instead of a domain controller, the following inbound
firewall exceptions for Windows® Management Instrumentation must be enabled:
▪ ASync-In
▪ DCOM-In
▪ WMI-In
• If you are using the Certificate Management feature, Remote Registry Service must be enabled on all
Windows computers on which certificates are managed.

• If you are using the Azure® Active Directory® feature, TCP Ports 80 and 443 must be open on the Internet-
facing firewall.
• If you are using the Active Directory Health feature:
• TCP Port 15602 must be open on the Active Administrator server for the Active Administrator Data Service
(ADS).
• TCP Port 15603 must be open on the computer running the Directory Analyzer agent.
• If you want to access the DNS event logs in Active Administrator, the following inbound firewall exceptions
are required on each DNS server:
▪ COM+ Network Access (DCOM-In)
▪ Remote Event Log Management (NP-In)
▪ Remote Event Log Management (RPC)
▪ Remote Event Log Management (RPC-EPMAP)
• HTTP Port 8080 must be open on the computer running the Web Server.

IMPORTANT: It is recommended that you only use the Web Console internal to the network. If you
want to use the Web Console externally, use HyperText Transfer Protocol Secure (HTTPS) by
enabling Secure Sockets Layer (SSL). You need to select a certificate, which must be installed in the
Personal or My store on the local computer. The default port is 9443. See the Web Console User
Guide for more instructions on configuring the Web Server.

User privilege requirements

• To install Active Administrator®, a user must hold administrative rights on the local system and the SQL
instance that will host the Active Administrator database.
• To use Active Administrator, a user must hold administrative rights on both the local system and the
domain, and be a member of the AA_Admin database access group, which is created during the
installation process.

Password recovery
Active Administrator® can restore passwords when you restore accounts that were deleted. To enable password
recovery, a minor modification is made to the Schema. To be able to modify the Schema, you must use an account
that is a member of the Schema Admins group.

Quest Active Administrator 8.1

11
Release Notes
Services
The Domain Administrator account provides the necessary permissions for the various Active Administrator®
services to operate properly.
When choosing an account, keep these requirements in mind:
• Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins
group. For more detailed permission requirements, see See the Quest® Active Administrator® 8.1 Install
Guide for the specific permissions required for operation of each module and submodule.
• Active Administrator Data Services (ADS) requires an account that is a member of the AA_Users group,
has read access to the enterprise, and has full access on the server where the Directory Analyzer agent is
installed. For more detailed permission requirements, see the Quest® Active Administrator® 8.1 Install
Guide for the specific permissions required for ADS and data collectors.
• Active Administrator Advanced Auditing runs as the Local System account, regardless of the user account
configured for the Active Administrator Agent service.
• Active Administrator Agent also can run under a domain user account provided it is either a local
administrator account, which gives it the rights to log on as a service, log on locally and manage auditing
and security log, or these privileges can be granted individually. This user or service account should also
be a member of the AA_Admin group, which by default is located in the Local groups of the server where
the ActiveAdministrator database is located. If the group is not found in this location, the settings during the
initial database creation were modified and it can be found under the Users container object of Active
Directory®.
• Active Administrator Notification service needs to have access to the database.

Audit database
On the database server, the database installation creates two local groups that control access to the audit
database.
• AA_Admin group = users that need to be able to update the database
• AA_User group = users that only need to run reports from the database

Active Administrator module

requirements
For all Active Administrator® modules to operate properly, the Active Administrator Foundation service (AFS)
requires an account that is a member of the Domain Admins group. However, you may want to customize access
to each module for console users or the AFS account. See the Quest® Active Administrator® 8.1 Install Guide for
the specific permissions required for operation of each module and submodule.

Upgrade and compatibility

• Active Administrator® 8.1 only supports in-place upgrades from Active Administrator versions 7.0, 7.5, or
8.0. Upgrades from previous editions are not supported. To perform an in-place upgrade to Active
Administrator 8.1 from a version of Active Administrator that is earlier that v7.5, the user must first upgrade
to Active Administrator 7.0.

Quest Active Administrator 8.1

12
Release Notes
 • Installing Active Administrator 8.1 onto an existing Active Administrator 7.0, 7.5, or 8.0 installation will result
in the removal of the earlier version. Active Administrator 7.0 , 7.5, or 8.0 databases, both live and archive
databases, will be automatically upgraded to version 8.1.
• A database upgraded by Active Administrator 8.1 cannot be used by previous version and the database
upgrade cannot be rolled back.
• Data within the Active Administrator share can be used by Active Administrator 8.1.
• Active Administrator 8.1 Auditing Agents cannot be installed on Windows 2000 hosts.
• If you use group policy to deploy the Workstation Logon Auditing Agents (WLAA), the v8.1 installation
process will update the agent on the user workstations. If the Workstation Logon Auditing Agents are
installed manually, you must replace the install package at the software distribution share with the 8.1
version. Computers will upgrade to the Active Administrator 8.1 WLAA the next time they are started.

• The Azure® Active Directory®, Certificate Management, DNS Management, and Active Directory Health
features available in Active Administrator 8.1 each require a separate license. If you do not have a license
file to apply, the module does not appear in Active Administrator. You will see the Azure Active Directory
and Certificate Management features listed under the Configuration module, but when you select the
feature, a warning displays that a license is required.

Product licensing
You need either a trial or full license to use Active Administrator®. If you have questions about your license, contact
your sales representative.
NOTE: The full and evaluation versions of Active Administrator are identical. The license file is the sole
determinant of program functionality. Limitations during the free 30-day trial period include:
• Unlimited auditing of domain controllers.
• Azure® Active Directory®, Certificate Management, DNS Management, and Active Directory Health
are not included.
The Azure Active Directory, Certificate Management, DNS Management, and Active Directory Health
features each require a separate license. If you do not have a license file to apply, the module does not
appear in Active Administrator. You will see the Azure Active Directory and Certificate Management features
listed under the Configuration module, but when you select the feature, a warning displays that a license is
required.

You apply the license the first time you launch the AA Configuration Wizard following the installation of the server
component. You must have your license available prior to beginning the install process.

To apply the license file when you first start the configuration wizard
1 If you are installing Active Administrator, the configuration wizard opens automatically. Otherwise, open the
AA Configuration Wizard from the Start menu.
The first time you start the configuration wizard, you must apply a valid license file.
2 Select Active Administrator, and click Update License.
3 Locate the license file(s). A license file is approximately 1 KB in size and has a .dlv file extension. Once
applied, the License Status should indicate Installed or Trial depending on the type of license.
4 Click OK to continue with the configuration wizard.

To update your license

1 From the Start menu, open AA Server Manager.
2 To view details about the current license, click Details.
3 To update the license, click Updated License.

Quest Active Administrator 8.1

13
Release Notes
 4 Locate the license file (*.dlv), and click Open.

Upgrade and installation

instructions
• Installing Active Administrator server
• Configuring the server
• Installing Active Administrator console
• Updating audit agents
• Switching to Active Directory Health

For detailed instructions, see the Quest® Active Administrator® Install Guide and the Quest® Active
Administrator® User Guide.

Installing Active Administrator server

NOTE: The server needs to be installed on only one computer.

To install Active Administrator® server

1 Launch the autorun.
2 On the Home page, click Install.
3 Click Install next to Active Administrator Server.
4 On the Welcome screen of the Install Wizard, click Next.
5 Click View License Agreement.
6 Scroll to the end of the license agreement.
7 Click I accept these terms, and click OK.
8 Click Next.
9 To change the location of the program files, click Change, or click Next to accept the default installation
directory.
10 Click Install.
▪ If you receive a message that some files are currently in use, click OK to close the applications
automatically.
▪ If you receive a message that setup was unable to close the applications, close the applications
manually, and then click OK.
11 Click Finish.
Launch Configuration Wizard is selected by default. When you click Finish, you continue to the
configuration wizard. See Configuring the server.

Quest Active Administrator 8.1

14
Release Notes
Configuring the server
If you are upgrading Active Administrator®, your previous settings appear on each page. You can quickly page
through the wizard accepting the current settings or take the opportunity to make changes to your setup. For
detailed instructions on the configuration wizard, see the Quest® Active Administrator® Install Guide.

To run the AA Configuration Wizard

1 If you are installing Active Administrator, the configuration wizard opens automatically. Otherwise, open the
AA Configuration Wizard from the Start menu.
2 Select Active Administrator, and click Update License.
3 Locate the license file, and click OK.
4 On the Welcome page, click Next.
5 Select Use an existing Active Administrator database.
6 Accept the displayed server and database or select a different server and database.
7 Click Next.
8 Select Use an existing Active Administrator Archive database.
9 Accept the displayed server and database or select a different server and database.
10 Click Next.
11 Select the purge and archive options to enable or disable.
12 Click Next.
13 Select the path to the Active Administrator share.
14 Click Next.
15 Accept the SMTP server setup or make any necessary changes.
16 Click Next.
17 Type a valid email address or accept the default.
18 Click Next.
19 Accept the active template settings or name any necessary changes.
20 Click Next.
21 Accept the group policy history settings or make any necessary changes.
22 Click Next.
23 Accept the Active Directory backup settings or make any necessary changes.
24 Click Next.
25 To add additional users, click Add, find and select users, click OK.
26 Click Next.
27 Type the account password for the Active Administrator Foundation Service account.
28 The default service port number is 15600. To change the port number, type a value.
29 To use the same account for the notification service, select the check box. Otherwise, type or browse for an
account with Domain Admin rights, and type the password.
30 Click Next.
31 Click Finish.
32 Click Finish.

Quest Active Administrator 8.1

15
Release Notes
Installing Active Administrator console
Install the Active Administrator® Console on any workstation that requires the use of Active Administrator.
IMPORTANT: Active Administrator includes the Diagnostic Console, which is also a feature in Spotlight® for
Active Directory®. If you are currently using Spotlight for Active Directory, you must install the Active
Administrator Console on a computer that does not have the Spotlight for Active Directory Console installed.

To install Active Administrator console

1 Launch the autorun.
2 On the Home page, click Install.
3 Click Install next to Active Administrator Console.
4 On the Welcome screen of the Setup Wizard, click Next.
5 Click View License Agreement.
6 Scroll to the end of the license agreement.
7 Click I accept these terms, and click OK.
8 Click Next.
9 To change the location of the program files, click Change, or click Next to accept the default installation
directory
10 Click Install.
11 By default, the option to start the Active Administrator Console is selected. If you do not want to start the
console, clear the check box.
12 Click Finish.
The first time the Active Administrator console opens, you are asked to set the Active Administrator Server.
13 Type the name of the server where Active Administrator Server is installed, or browse to locate a server.
14 Click OK.

NOTE: If you want to change the server, select Settings | Set Active Administrator Server.

Updating audit agents

To collect data on a computer, you must install and activate the audit agent. A wizard guides you through installing
the audit agent.

To update audit agents

1 Select Auditing & Alerting | Agents.
2 To update selected domain controller(s), select More | Update.
–OR-
To update all listed domain controllers, select More | Update All.
NOTE: You may need to refresh the audit agents to correct the display. Click Refresh or select domain
controllers, and click Refresh Selected.

Quest Active Administrator 8.1

16
Release Notes
Switching to Active Directory Health
The Active Directory® Health module incorporates key features from Quest® Directory Analyzer and Directory
Troubleshooter. If you are a current user of Directory Analyzer and Directory Troubleshooter, you can switch over
to Active Directory Health gradually, or right away. See the Quest® Active Administrator® User Guide for detailed
instructions.

To switch gradually
1 Deploy at least two agents into the Active Directory Health agent pool and add a few domain controllers to
monitor.
2 Stop, but do not uninstall yet, the old Directory Analyzer agent running on the domain controllers you just
added.
3 Test these domain controllers in Active Directory Health.
4 If everything looks good, uninstall the old Directory Analyzer agents on the monitored domain controllers.
5 Add a few more domain controllers to the list of monitored domain controllers.
6 Test these domain controllers in Active Directory Health.
7 If everything looks good, uninstall the old Directory Analyzer agents on the monitored domain controllers.
8 Repeat steps 5 through 7 until all of your domain controllers are monitored by the Active Directory Health
Agent pool.

To switch right away

1 Deploy the number of required agents and add the domain controllers.
2 Shut down the old Directory Analyzer agents.
3 Test Active Directory Health for a period of time.
4 Remove the old Directory Analyzer agents.

More resources
Additional information is available from the following:
• Online product documentation (https://support.quest.com/active-administrator/8.1/release-notes-guides)
• The Active Administrator Community (https://www.quest.com/community/products/active-administrator)

Globalization
This section contains information about installing and operating this product in non-English configurations, such
as those needed by customers outside of North America. This section does not replace the materials about
supported platforms and configurations found elsewhere in the product documentation.
This release is Unicode-enabled and supports any character set. In this release, all product components should be
configured to use the same or compatible character encodings and should be installed to use the same locale and
regional options. This release is targeted to support operations in the following regions: North America, Western
Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan.

Quest Active Administrator 8.1

17
Release Notes
About us

We are more than just a name

We are on a quest to make your information technology work harder for you. That is why we build community-
driven software solutions that help you spend less time on IT administration and more time on business innovation.
We help you modernize your data center, get you to the cloud quicker and provide the expertise, security and
accessibility you need to grow your data-driven business. Combined with Quest’s invitation to the global
community to be a part of its innovation, and our firm commitment to ensuring customer satisfaction, we continue
to deliver solutions that have a real impact on our customers today and leave a legacy we are proud of. We are
challenging the status quo by transforming into a new software company. And as your partner, we work tirelessly to
make sure your information technology is designed for you and by you. This is our mission, and we are in this
together. Welcome to a new Quest. You are invited to Join the Innovation.

Our brand, our vision. Together.

Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter
Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q
itself symbolizes our need to add the missing piece — you — to the community, to the new Quest.

Contacting Quest
For sales or other inquiries, visit https://www.quest.com/company/contact-us.aspx or call +1-949-754-8000.

Technical support resources

Technical support is available to Quest customers with a valid maintenance contract and customers who have trial
versions. You can access the Quest Support Portal at https://support.quest.com.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. The Support Portal enables you to:
• Submit and manage a Service Request.
• View Knowledge Base articles.
• Sign up for product notifications.
• Download software and technical documentation.
• View how-to-videos.
• Engage in community discussions.
• Chat with support engineers online.
• View services to assist you with your product.

Quest Active Administrator 8.1

18
Release Notes
Third-party contributions
This product contains the following third-party components. For third-party license information, go to
https://www.quest.com/legal/license-agreements.aspx. Source code for components marked with an asterisk (*) is
available at https://opensource.quest.com.

Table 15. Third-party contributions

Component License or acknowledgment

Angular.js 1.4.8 Copyright (c) 2010-2016 Google, Inc. http://angularjs.org
AngularJS Route 1.4.9 Copyright (c) 2010-2016 Google, Inc. http://angularjs.org
Blowfish 2 Copyright (c) 1999-2002 David Barton
Bootstrap 3.3.6 Copyright (c) 2011-2016 Twitter, Inc.
JQuery 1.9.1 Copyright 2016 The jQuery Foundation.
Json.NET 6.0.3 Copyright (c) 2007 James Newton-King
Owin 1.0.0 Copyright 2012 OWIN contributors
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND
DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.

Quest Active Administrator 8.1

19
Release Notes
Table 15. Third-party contributions

Component License or acknowledgment

Owin 1.0.0 "Contribution" shall mean any work of authorship, including
(continued) the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and

Quest Active Administrator 8.1

20
Release Notes
Table 15. Third-party contributions

Component License or acknowledgment

Owin 1.0.0 (d) If the Work includes a "NOTICE" text file as part of its
(continued) distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.

Quest Active Administrator 8.1

21
Release Notes
Table 15. Third-party contributions

Component License or acknowledgment

Owin 1.0.0 9. Accepting Warranty or Additional Liability. While redistributing
(continued) the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
Toastr 2.1.2 Copyright © 2012-2015
Windows Installer XML toolset Windows Installer XML Toolset version 3.10.2.2516.
(aka WIX) 3.10 Copyright(c) Outercurve Foundation. All rights reserved.
Microsoft Reciprocal License (MS-RL)
ZLib 1.1.4 Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly [email protected]
Mark Adler [email protected]

Quest Active Administrator 8.1

22
Release Notes
© 2017 Quest Software Inc.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a
software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the
applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written
permission of Quest Software Inc.
The information in this document is provided in connection with Quest Software products. No license, express or implied, by
estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest Software
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR
THIS PRODUCT, QUEST SOFTWARE ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED
OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT
SHALL QUEST SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR
INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN
IF QUEST SOFTWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest Software makes no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the
right to make changes to specifications and product descriptions at any time without notice. Quest Software does not make any
commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Quest Software Inc.
Attn: LEGAL Dept.
4 Polaris Way
Aliso Viejo, CA 92656
Refer to our website (https://www.quest.com) for regional and international office information.
Patents
Quest Software is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current
information about applicable patents for this product, please visit our website at https://www.quest.com/legal.
Trademarks
Quest, Active Administrator, SpotLight, and the Quest logo are trademarks and registered trademarks of Quest Software Inc. For
a complete list of Quest marks, visit https://www.quest.com/legal/trademark-information.aspx. All other trademarks and registered
trademarks are property of their respective owners.

Legend

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

Quest Active Administrator 8.1

23
Release Notes