Chat now with support
Chat mit Support

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Configuring data synchronization with the Office 365 Connector
Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization
ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services
Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data
Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Password Sync tab

Allows you to manage password sync rules to automate password synchronization from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.

On the Password Sync tab, you can use the following elements (some of these elements become available only after you create at least one password sync rule):

  • Add password sync rule. Allows you to create a rule for synchronizing passwords from an Active Directory domain to another connected system.
  • Password sync settings. Allows you to specify how many times you want to retry the password synchronization operation in the event of a failure. Also allows you to type a Windows PowerShell script to generate passwords for the target connected system. For more information, see Appendix B: Using a PowerShell script to transform passwords.
  • Delete rule. Deletes the password sync rule on which you click this link.

Configuring diagnostic logging

In the Synchronization Service Administration Console, you can configure a number of settings to write the Synchronization Service diagnostic data to a separate log file or to the Windows Event Log.

To configure diagnostic logging

  1. In the upper right corner of the Synchronization Service Administration Console, select
    Settings | Diagnostic Logging.
  2. In the dialog box that opens, use the following options:

 

Table 3:  Diagnostic logging options

Option

Description

Windows Event Log level

Drag the slider to select one of the following options to write Synchronization Service data to the Windows Event Log:

  • Error, Warning, and Information. Records errors, warnings, and information events generated by Synchronization Service to the Windows Event Log.
  • Error and Warning. Records error and warning events generated by Synchronization Service to the Windows Event Log.
  • Error. Records error events generated by Synchronization Service to the Windows Event Log.
  • Off. Disables writing Synchronization Service data to the Windows Event Log.

Synchronization Service log level

Drag the slider to select one of the following logging levels for the Synchronization Service log:

  • All Possible Events. Writes detailed diagnostic data to the Synchronization Service log file.
  • Important Events. Writes only essential events to the Synchronization Service log file.
  • Off. Disables writing data to the Synchronization Service log file.
  1. When you are finished, click OK to apply your settings.

Steps to synchronize identity data

On a very high level, you need to complete the following steps to synchronize identity data between two external data systems:

  1. Connect the Synchronization Service to the data systems between which you want to synchronize identity data.

    For more information, see Connections to external data systems.

  1. Configure synchronization scope for the connected data systems.

    For more information, see Modifying synchronization scope for a connection.

  1. Create a sync workflow.

    For more information, see Creating a sync workflow.

  1. Create one or more steps in the sync workflow, and, if necessary, define synchronization rules for these steps.

    For more information, see Managing sync workflow steps.

  1. Run the sync workflow you have created.

    For more information, see Running a sync workflow.

You can also use the Synchronization Service to automatically synchronize passwords from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.

Management Shell

Management Shell is implemented as a Windows PowerShell module, providing an extension to the Windows PowerShell environment. The commands provided by Management Shell conform to the Windows PowerShell standards, and are fully compatible with the default command-line tools that come with Windows PowerShell.

You can open Management Shell by using either of the following procedures. Each procedure loads the Management Shell module into Windows PowerShell. If you do not load the Management Shell module before you run a command (cmdlet) provided by that module, you will receive an error.

To open Management Shell

  • At the Windows PowerShell command prompt, run the following command:

    Import-Module [-Name]

    In the Name parameter specify the name of a file in the module and the file path. By default, the following path to the SyncServiceManagementShell module is used: C:\Program Files\One Identity\Active Roles\8.0 LTS\SyncService\SyncServiceShell\SyncServiceManagementShell.psd1.

Alternatively to start the Active Roles Synchronization Management Shell, depending upon the version of your Windows operating system, click Active Roles 8.0 LTS Synchronization Service Management Shell on the Apps page or select All Programs | One Identity Active Roles 8.0 LTS | Active Roles 8.0 LTS Synchronization Service Management Shell from the Start menu.

Upon the shell start, the console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the console requires you to enable trust for the certificate issuer before the file can be run. Press either R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen