Chat now with support
Chat mit Support

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Configuring diagnostic logging

In the Synchronization Service Console, you can configure a number of settings to write the Synchronization Service diagnostic data to a separate log file or to the Windows Event Log.

To configure diagnostic logging

  1. In the upper right corner of the Synchronization Service Console, select Settings > Diagnostic Logging.

  2. In the dialog that opens, use the following options:

    • Windows Event Log Level: Drag the slider to select one of the following options to write Synchronization Service data to the Windows Event Log:

      • Error, Warning, and Information: Records errors, warnings, and information events generated by Synchronization Service to the Windows Event Log.

      • Error and Warning: Records error and warning events generated by Synchronization Service to the Windows Event Log.

      • Error: Records error events generated by Synchronization Service to the Windows Event Log.

      • Off: Disables writing Synchronization Service data to the Windows Event Log.

    • Synchronization Service log level: Drag the slider to select one of the following logging levels for the Synchronization Service log:

      • All Possible Events: Writes detailed diagnostic data to the Synchronization Service log file.

      • Important Events: Writes only essential events to the Synchronization Service log file.

      • Off: Disables writing data to the Synchronization Service log file.

  3. When you are finished, click OK to apply your settings.

How to synchronize identity data

On a very high level, you need to complete the following steps to synchronize identity data between two external data systems:

  1. Connect the Synchronization Service to the data systems between which you want to synchronize identity data.

    For more information, see External data systems supported with built-in connectors.

  2. Configure synchronization scope for the connected data systems.

    For more information, see Modifying synchronization scope for a connection.

  3. Create a sync workflow.

    For more information, see Creating a sync workflow.

  4. Create one or more steps in the sync workflow, and, if necessary, define synchronization rules for these steps.

    For more information, see Synchronizing identity data.

  5. Run the sync workflow you have created.

    For more information, see Running a sync workflow.

You can also use the Synchronization Service to automatically synchronize passwords from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.

Management Shell

Management Shell is implemented as a Windows PowerShell module, providing an extension to the Windows PowerShell environment. The commands provided by Management Shell conform to the Windows PowerShell standards, and are fully compatible with the default command-line tools that come with Windows PowerShell.

You can open Management Shell by using either of the following procedures. Each procedure loads the Management Shell module into Windows PowerShell. If you do not load the Management Shell module before you run a command (cmdlet) provided by that module, you will receive an error.

To open Management Shell, in the Windows PowerShell command prompt, run the Import-Module [-Name] command.

In the Name parameter, specify the name of a file in the module and the file path. By default, the following path to the SyncServiceManagementShell module is used: C:\Program Files\One Identity\Active Roles\8.1.1\SyncService\SyncServiceShell\SyncServiceManagementShell.psd1.

Alternatively, to start the Active Roles Synchronization Service Management Shell, depending upon the version of your Windows operating system, click Active Roles 8.1.1 Synchronization Service Management Shell on the Apps page or select All Programs > One Identity Active Roles 8.1.1 > Active Roles 8.1.1 Synchronization Service Management Shell from the Start menu.

Upon the shell start, the Synchronization Service Console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the Synchronization Service Console requires you to enable trust for the certificate issuer before the file can be run. Press either R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).

Cmdlet naming conventions

All cmdlets are presented in verb-noun pairs. The verb-noun pair is separated by a hyphen (-) without spaces, and the cmdlet nouns are always singular. The verb refers to the action that the cmdlet performs. The noun identifies the entity on which the action is performed. For example, in the Get-QCObject cmdlet name, the verb is Get and the noun is QCObject. All the Management Shell cmdlets have the nouns prefixed with QC, to distinguish the Management Shell cmdlets from those provided byPowerShell itself or by other PowerShell modules.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen