Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles Sync Service 8.2 - Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Upgrade from Quick Connect and Synchronization Service

If you have sync workflows configured and run by Quick Connect (the predecessor of Synchronization Service), or earlier versions of Active Roles Synchronization Service, then you can transfer those sync workflows to the current version of Active Roles Synchronization Service.

You can transfer sync workflows from the following Quick Connect or Active Roles Synchronization Service versions:

  • Quick Connect for Active Directory 6.1

  • Quick Connect for AS400 1.4

  • Quick Connect for Base Systems 2.4

  • Quick Connect for Cloud Services 3.7

  • Quick Connect for RACF 1.3

  • Quick Connect Sync Engine 5.5 and 6.1

  • Synchronization Service 7.5 and later

For more information, see Transferring sync workflows from Quick Connect in the Active Roles Synchronization Service Administration Guide.

Transferring sync workflows from Quick Connect

To transfer sync workflows from Quick Connect to Synchronization Service

  1. Install Synchronization Service.

    You can install Synchronization Service on the computer running Quick Connect or on a different computer. For installation instructions, see Installing Synchronization Service.

  2. Configure Synchronization Service to use a new database for storing configuration settings and synchronization data.

    To perform this step, use the Configuration Wizard that appears when you start the Synchronization Service Console the first time after you install Synchronization Service. For more information, see Configuring Synchronization Service.

  3. Import configuration settings from Quick Connect or Synchronization Service.

    Before you proceed with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect or earlier versions of Synchronization Service. You can resume the scheduled workflows and mapping operations after you complete this step.

    To import configuration settings:

    1. On the computer where you have installed Synchronization Service, start the Synchronization Service Console.

    2. In the upper right corner of the Active Roles Synchronization Service window, click the gear icon, and then click Import Configuration.

    3. In the wizard that appears, select the version of Quick Connect Sync Engine used by your Quick Connect version or Active Roles Synchronization Service from which you want to import the configuration settings.

      Optionally, you can select the Import sync history check box to import the sync history along with the configuration settings.

    4. Follow the steps in the wizard to complete the import operation.

    If the synchronization data you want to import is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.

  4. Retype access passwords in the connections that were imported from Quick Connect.

    NOTE: Re-entering passwords in the imported connections is required because due to security reasons, the configuration import process does not retrieve encrypted passwords from Quick Connect. To modify the imported connections later, use the Synchronization Service Console. For more information, see External data systems supported with built-in connectors.

  5. If your sync workflows involve synchronization of passwords, then you need to install the new version of Capture Agent on your domain controllers. For installation instructions, see Managing Capture Agent.

    The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, you do not lose the password synchronization functions of Quick Connect after you upgrade Capture Agent.

Communication ports used by Synchronization Service

Active Roles Synchronization Service uses the following default communication ports. To make sure that the specific traffic type works as intended, open the following ports on the machine running Active Roles Synchronization Service.

For more information on opening ports, see the instructions of the Windows Defender Firewall with Advanced Security console of your operating system, or the documentation of your network device.

Port required for Synchronization Service traffic

  • Port 15173 (HTTPS), TCP, Inbound.

    NOTE: This port is also used by Capture Agent to communicate with Active Roles Synchronization Service. If you use Capture Agent, open this port on the domain controller (DC) where Capture Agent is installed.

Port required for DNS traffic

  • Port 53, TCP/UDP, Inbound / Outbound.

Port required for Kerberos traffic

  • Port 88, TCP/UDP, Inbound / Outbound.

Ports required for SMB / CIFS traffic

  • Port 139, TCP, Inbound / Outbound.

  • Port 445, TCP, Inbound / Outbound.

Ports required for LDAP traffic

  • Port 389, TCP / UDP, Outbound.

  • Port 3268, TCP, Outbound.

Ports required for SSL traffic

  • 636, TCP, Outbound.

  • 3269, TCP, Outbound.

NOTE: This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Ports required for Active Roles Capture Agent traffic

If Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems, open the following port on the DC where the Synchronization Service Capture Agent is installed.

  • 7148 (HTTPS), TCP, Inbound.

Port required for RPC endpoint mapper traffic

Deploying Synchronization Service for use with AWS Managed Microsoft AD

NOTE: This feature is officially supported starting from Active Roles Synchronization Service 8.1.3 SP1 (build 8.1.3.10). It is not supported on Active Roles Synchronization Service 8.1.3 (build 8.1.3.2) and earlier versions.

Active Roles Synchronization Service supports deployment and configuration in the Amazon cloud to manage AWS Managed Microsoft AD object synchronization.

This allows you to:

  • Synchronize directory data from an on-premises AD environment to AWS Managed Microsoft AD.

  • Synchronize passwords from an on-premises Active Directory to AWS Managed Microsoft AD (with certain limitations).

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation