Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles Sync Service 8.2 - Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Creating the AWS Managed Microsoft AD instance

To deploy and configure Active Roles Synchronization Service in Amazon Web Services (AWS) for managing AWS Managed Microsoft AD, first you must create an AWS Directory Service instance hosting your AWS Managed Microsoft AD instance in the AWS console. For more information on configuring the service in the AWS console, see Setting up AWS Directory Service in the AWS Directory Service documentation.

NOTE: Consider the following when creating the AWS Managed Microsoft AD instance:

  • Make sure that the connectivity requirements listed in Deployment requirements for AWS Managed Microsoft AD support are met.

  • During the procedure, take note of the following values, as they will be required in later procedures:

    • Directory DNS name: The fully qualified domain name (FQDN) of your AD service (for example, activeroles.demo).

    • Directory NetBIOS name: The NetBIOS name (or shortname) of your AD service (for example, ARDEMO).

    • Admin password: The password of the default admin account (named admin).

  • After specifying all required settings, it takes approximately 30-40 minutes to create the AWS Managed Microsoft AD instance. If you run into any issues when creating the environment, see Troubleshooting AWS Managed Microsoft AD in the AWS Managed Microsoft AD documentation.

Creating the EC2 instance for Active Roles Synchronization Service

To deploy and configure Active Roles Synchronization Service in Amazon Web Services (AWS) for managing AWS Managed Microsoft AD, you must create an Amazon Elastic Compute Cloud (EC2) instance hosting your Active Roles Synchronization Service installation.

Complete the procedure in AWS as described in Set up to use Amazon EC2 in the Amazon EC2 documentation. If you run into any problems when configuring or connecting to the EC2 instance, see Troubleshoot EC2 Windows instances in the Amazon EC2 documentation.

NOTE: Consider the following when creating the EC2 instance:

  • Make sure that the connectivity requirements listed in Deployment requirements for AWS Managed Microsoft AD support are met.

  • For the operating system on the EC2 instance, select a Microsoft Windows Server AMI supported by Active Roles Synchronization Service. For the list of supported Windows Server operating systems, see System requirements in the Active Roles Synchronization Service Release Notes.

  • Select an EC2 instance type that has, at minimum:

    • 2 vCPUs running at 2.0 GHz.

    • 4 GB of RAM.

  • One Identity recommends setting the storage to a minimum of 60 GiB of gp2 root volume.

TIP: For consistency, after you logged in to the EC2 instance, rename the virtual machine to the same name that you originally defined for the EC2 instance in the AWS console.

Joining the EC2 instance to AWS Managed Microsoft AD

After you created your AWS Managed Microsoft AD service and your EC2 instance(s), you must join the configured Amazon Elastic Compute Cloud (EC2) instance(s) to AWS Managed Microsoft AD.

Complete the procedure in Amazon Web Services (AWS) as described in Join an EC2 instance to your AWS Managed Microsoft AD directory in the AWS Directory Service documentation.

NOTE: Consider the following when joining the EC2 instance(s) to AWS Managed Microsoft AD:

TIP: If the domain join process ends with an error, check the specified DNS addresses and Domain Admin credentials in the AWS console.

Creating the RDS instance for the Active Roles Synchronization Service SQL Server

If you manage AWS Managed Microsoft AD with Active Roles Synchronization Service in Amazon Web Services (AWS), you must store the Synchronization Service database in an Amazon Relational Database Service (RDS) instance.

Configure the RDS instance in AWS as described in Setting up for Amazon RDS in the Amazon RDS documentation.

NOTE: Consider the following when creating the EC2 instance:

  • Make sure that the connectivity requirements listed in Deployment requirements for AWS Managed Microsoft AD support are met.

  • Select the SQL Server edition that suits your needs the most. For most Active Roles Synchronization Service use cases, SQL Server Standard Edition is an optimal choice.

  • Take note of the Master username and Master password, as these credentials will be required later.

  • For Storage type, select General Purpose SSD (gp2), and allocate a minimum storage of 60 GiB.

  • Consider selecting Enable storage autoscaling. Selecting this setting is useful if the SQL Server is utilized with a heavy load most of the time, but it might incur additional operational costs.

  • For Certificate authority, select the rds-ca-2019 certificate, as it is required for Microsoft OLE DB Driver 19 for SQL Server to function properly.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation