Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Configuring data synchronization with the Office 365 Connector
Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization
ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services
Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data
Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

WebApplication object attributes

 

Table 85: WebApplication object attributes

Attribute

Type

Description

Supported operations

AlertsEnabled

Single-valued, Boolean

Gets or sets whether alerts are allowed in the Web application.

Read, write (update only)

AlertsLimited

Single-valued, Boolean

Gets or sets whether a limit is imposed on the number of lists and list items for which alerts can be created.

Read, write (update only)

AlertsMaximum

Single-valued, integer

Gets or sets the maximum number of lists and list items for which a single user can create alerts.

Read, write (update only)

AlertsMaximumQuerySet

Single-valued, integer

Gets or sets the maximum number of records in a query set that is associated with an alert object.

Read, write (update only)

AllowAccessToWebPart
Catalog

Single-valued, Boolean

Gets or sets whether sites in the Web application can use Web Parts located in the global catalog.

Read, write (update only)

AllowAnalyticsCookieForAnonymousUsers

Single-valued, Boolean

Gets or sets whether analytics cookies are allowed for anonymous users.

Read, write (update only)

AllowContributorsToEditScriptableParts

Single-valued, Boolean

Gets or sets whether the contributors are allowed to edit scriptable Web parts.

Read, write (update only)

AllowDesigner

Single-valued, Boolean

Gets or sets whether Web sites within the Web application can be edited with SharePoint Designer.

Read, write (update only)

AllowedInline
DownloadedMimeTypes

Multivalued, string

Gets the MIME content types that are not force-downloaded to the user’s computer.

Files not listed in this attribute value are considered to be script files and can interact with the Web application on user’s behalf.

Read

AllowHighCharacterList
FolderNames

Single-valued, Boolean

Gets or sets whether non-alphanumeric characters are allowed in the list folder names that are generated automatically.

Read, write (update only)

AllowMasterPageEditing

Single-valued, Boolean

Gets or sets whether the users are allowed to edit master pages.

Read, write (update only)

AllowOMCodeOverride
ThrottleSettings

Single-valued, Boolean

Gets or sets whether custom object model code is allowed to override the throttle settings.

Read, write (update only)

AllowPartToPart
Communication

Single-valued, Boolean

Gets or sets whether the Web application allows communication between different Web Parts.

Read, write (update only)

AllowRevertFrom
Template

Single-valued, Boolean

Gets or sets whether customized sites can be rolled back to their base templates.

Read, write (update only)

AllowSelfService
UpgradeEvaluation

Single-valued, Boolean

Gets or sets whether upgrade evaluation site collections can be created.

Read, write (update only)

AllowSilverlightPrompt

Single-valued, Boolean

Gets or sets whether UI elements that require Microsoft Silverlight prompt the user to download and install Silverlight.

Read, write (update only)

AlwaysProcess
Documents

Single-valued, Boolean

Gets or sets whether documents to be returned are always processed by document parsers.

Read, write (update only)

ApplicationPrincipalMaxRights

Multivalued, string

Gets or sets the maximum rights that any application principal user has in the Web application.

Read, write (update only)

AutomaticallyDelete
UnusedSiteCollections

Single-valued, Boolean

Gets or sets whether to automatically delete unused site collections.

Read, write (update only)

BlockedFileExtensions

Multivalued, string

Gets the list of file name extensions that are forbidden for download from the sites within the Web application.

Read

BrowserCEIPEnabled

Single-valued, Boolean

Gets or sets whether the Customer Experience Improvement Program is enabled in the Web browser.

Read, write (update only)

CanRenameOnRestore

Single-valued, Boolean

Gets whether the Web application can be renamed during its restore.

Read

CanSelectForBackup

Single-valued, Boolean

Gets or sets whether the Web application can be backed up.

Read, write (update only)

CanSelectForRestore

Single-valued, Boolean

Gets or sets whether the Web application can be restored.

Read, write (update only)

CascadeDeleteMaximumItemLimit

Single-valued, integer

Gets or sets the maximum number of items that can be checked in a Cascade or Restrict delete operation.

Read, write (update only)

CascadeDeleteTimeout
Multiplier

Single-valued, integer

Gets or sets the cost per item deleted in a referential integrity delete operation.

Read, write (update only)

CellStorageWebService
Enabled

Single-valued, Boolean

Gets or sets whether the Web service named WebSvcCellStorage is enabled.

Read, write (update only)

ChangeLogExpiration
Enabled

Single-valued, Boolean

Gets or sets whether change logs get deleted after the retention period set in the ChangeLogRetentionPeriod property expires.

Read, write (update only)

ChangeLogRetention
Period

Single-valued, string (TimeSpan)

Gets or sets the period (in days) during which the change logs are retained.

Read, write (update only)

CrossDomainPhotos
Enabled

Single-valued, Boolean

Gets or sets whether the cross-domain photo pare is enabled.

Read, write (update only)

CustomAppErrorLimit

Single-valued, integer

Gets or sets the maximum number of calls that the Web application can make each 24 hours to log custom errors.

Read, write (update only)

DailyStartUnthrottled
PrivilegedOperations
Hour

Single-valued, integer

Gets or sets the hour (in the local time zone) when the unthrottled daily time window starts.

Read, write (update only)

DailyStartUnthrottled
PrivilegedOperations
Minute

Single-valued, integer

Gets or sets the minute (in the local time zone) when the unthrottled daily time window starts.

Read, write (update only)

DailyUnthrottled
PrivilegedOperations
Duration

Single-valued, integer

Gets or sets the period (in hours) during which the unthrottled daily time window remains open.

Read, write (update only)

DaysToShowNew
Indicator

Single-valued, integer

Gets or sets the period (in days) during which the New icon is displayed next to new list items.

Read, write (update only)

DefaultQuotaTemplate

Single-valued, string

Gets or sets the default quota template applicable to all site collections.

Read, write (update only)

DefaultServerComment

Single-valued, string

Gets the default comment for the IIS Web site.

This default comment is used in situations where a comment is not specified by the Web application.

Read

DefaultTimeZone

Single-valued, integer

Gets or sets the default time zone for the Web application.

Read, write (update only)

DisableCoauthoring

Single-valued, Boolean

Gets or sets whether co-authoring using Microsoft Office is disabled.

Read, write (update only)

DisplayName

Single-valued, string

Gets or sets the display name used in Microsoft 365 for the object.

Read

DocumentLibraryCalloutOfficeWebApp
PreviewersDisabled

Single-valued, Boolean

Gets or sets whether the Document Library Callout’s WAC previewers are disabled.

Read, write (update only)

EmailToNoPermission
WorkflowParticipants
Enabled

Single-valued, Boolean

Gets or sets whether users that have no site permissions receive a notification email when they are assigned workflow tasks.

Read, write (update only)

EnabledClaimProviders

Multivalued, string

Reserved for internal use.

Read

EventHandlersEnabled

Single-valued, Boolean

Gets or sets whether event handlers are enabled for the Web application.

Read, write (update only)

EventLogRetention
Period

Single-valued, string (TimeSpan)

Gets or sets the period (in days) during which the event logs are retained.

Read, write (update only)

ExternalUrlZone

Single-valued, string

Gets or sets the URL zone for cross-firewall access.

Read, write (update only)

ExternalWorkflow
ParticipantsEnabled

Single-valued, Boolean

Gets or sets whether external users can participate in a workflow if they have a document copy.

Read, write (update only)

FileNotFoundPage

Single-valued, string

Gets or sets the name of the HTML file that contains the error information to be displayed in a situation where a file is not found.

Read, write (update only)

ForceseekEnabled

Single-valued, Boolean

Gets or sets whether the FORCESEEK hint is enabled.

Read, write (update only)

Id

Single-valued, string

Gets or sets the object’s ID.

Read, write

IncomingEmailServer
Address

Single-valued, string

Gets or sets the name of the email server that is used to receive incoming email messages.

Read, write (update only)

InheritDataRetrieval
Settings

Single-valued, Boolean

Gets or sets whether the Web application inherits data retrieval settings from the central administration application.

Read, write (update only)

IsAdministrationWeb
Application

Single-valued, Boolean

Gets or sets whether the Web application is the central administration application.

Read, write (update only)

MasterPageReference
Enabled

Single-valued, Boolean

Gets or sets whether site administrators can enable dynamic master page referencing for the Web application pages.

Read, write (update only)

MaximumFileSize

Single-valued, integer

Gets or sets the maximum file size limit for files to be uploaded.

Read, write (update only)

MaxItemsPerThrottled
Operation

Single-valued, integer

Gets or sets the count of items at which throttling begins for list operations.

Read, write (update only)

MaxItemsPerThrottled
OperationOverride

Single-valued, integer

Gets or sets the maximum count of items for which throttling is not enabled if the current user is an administrator or auditor.

Read, write (update only)

MaxItemsPerThrottled
OperationWarningLevel

Single-valued, integer

Gets or sets the warning level for the number of items in list operations.

Read, write (update only)

MaxQueryLookupFields

Single-valued, integer

Gets or sets the maximum number of lookup fields that may be included in a list item query.

Read, write (update only)

MaxSizeForSelfService
EvalSiteCreationMB

Single-valued, LargeInteger

Gets or sets the maximum possible size (in MB) of a site collection for which the creation of evaluation sites is permitted through self-service.

Read, write (update only)

MaxUniquePermScopes
PerList

Single-valued, integer

Gets or sets the maximum number unique scopes that can be in a list.

Read, write (update only)

MetaWeblog
AuthenticationEnabled

Single-valued, Boolean

Gets or sets whether authentication via the MetaWeblog API is enabled for the Web application.

Read, write (update only)

MetaWeblogEnabled

Single-valued, Boolean

Gets or sets whether the MetaWeblog API is enabled for the Web application.

Read, write (update only)

OfficialFileName

Single-valued, string

Gets or sets the name of the Records Repository Web Service that is used to get the official file.

Read, write (update only)

OfficialFileUrl

Multivalued, string

Gets the URL of the Recovery Repository Web Service that is used to get the official file.

Read

OutboundMailCodePage

Single-valued, integer

Gets or sets the default code page that is used for sending emails.

Read, write (update only)

OutboundMailReplyTo
Address

Single-valued, string

Gets or sets the default reply email address to be used in email messages.

Read, write (update only)

OutboundMailSender
Address

Single-valued, string

Gets or sets the default sender’s email address to be displayed in the From field of outgoing email messages.

Read, write (update only)

Parent

Single-valued, string

Gets or sets the object’s parent.

Read, write

PresenceEnabled

Single-valued, Boolean

Gets or sets whether presence information is enabled in the Web application.

Read, write (update only)

ReadOnlyMaintenance
Link

Single-valued, string

Gets or sets a link to the upgrade maintenance page.

Read, write (update only)

RecycleBinCleanup
Enabled

Single-valued, Boolean

Gets or sets whether recycle bin cleanup is enabled.

Read, write (update only)

RecycleBinEnabled

Single-valued, Boolean

Gets or sets whether the recycle bin is enabled.

Read, write (update only)

RecycleBinRetention
Period

Single-valued, integer

Gets or sets the period (in days) during which deleted items are retained in the recycle bin.

Read, write (update only)

RenderingFromMetainfoEnabled

Single-valued, Boolean

Gets or sets whether page roundtrip optimization is enabled.

Read, write (update only)

RequireContactForSelf
ServiceSiteCreation

Single-valued, Boolean

Gets or sets whether self-service site creation requires contact information of the site owner.

Read, write (update only)

ScopeExternal
ConnectionsToSite
Subscriptions

Single-valued, Boolean

No description available.

Read, write (update only)

SecondStageRecycleBinQuota

Single-valued, integer

Gets or sets the storage quota (in per cent) available to the second stage Recycle Bin.

Read, write (update only)

SelfServiceCreate
IndividualSite

Single-valued, Boolean

Gets or sets whether self-service should create an individual site or a site collection.

Read, write (update only)

SelfServiceCreation
ParentSiteUrl

Single-valued, string

Gets or sets the parent site URL under which children sites are to be created.

Read, write (update only)

SelfServiceCreation
QuotaTemplate

Single-valued, string

Gets or sets the quota template to be used when creating site collections.

Read, write (update only)

SelfServiceSiteCreation
Enabled

Single-valued, Boolean

Gets or sets whether sites can be created by using self-service in the Web application.

Read, write (update only)

SelfServiceSiteCustom
FormUrl

Single-valued, string

Gets or sets the custom form URL to be used when creating sites through self-service.

Read, write (update only)

SendLoginCredentialsByEmail

Single-valued, Boolean

Gets or sets whether logon credentials of newly-created users are sent to them via email.

Read, write (update only)

SendSiteUpgradeEmails

Single-valued, Boolean

Gets or sets whether an email notification should be sent once a site upgrade completes.

Read, write (update only)

SendUnusedSite
CollectionNotifications

Single-valued, Boolean

Gets or sets whether to sent notifications to the owners of unused sites.

Read, write (update only)

ShowStartASiteMenu
Item

Single-valued, Boolean

Gets or sets whether the Start a new site menu command is available.

Read, write (update only)

ShowURLStructure

Single-valued, Boolean

Gets or sets whether the users are allowed to see the file structure of the Web sites.

Read, write (update only)

StorageMetrics
ProcessingDuration

Single-valued, integer

Gets or sets the maximum duration (in second) for the processing of metric changes for documents.

Read, write (update only)

SuiteBarBranding
ElementHtml

Single-valued, string

Gets or sets the HTML snippet that is displayed in the SuiteBarBrandingElement control.

Read, write (update only)

SyndicationEnabled

Single-valued, Boolean

Gets or sets whether syndication is enabled.

Read, write (update only)

TypeName

Single-valued, string

Gets the type of object for the Web application.

Read

UnthrottledPrivileged
OperationWindow
Enabled

Single-valued, Boolean

Gets or sets whether to enable unthrottled daily time window. When this attribute is set to TRUE, large list operations are not throttled when they occur within the time window.

Read, write (update only)

UnusedSiteNotification
Period

Single-valued, string (TimeSpan)

Gets the time period during which the site was unused.

Read

UnusedSiteNotificationsBeforeDeletion

Single-valued, integer

Gets or sets the number of site deletion notifications that must be sent before an unused site gets deleted.

Read, write (update only)

UpgradeEvalSites
RetentionDays

Single-valued, integer

Gets or sets the period (in days) since the evaluation site creation date after which the evaluation site gets deleted.

Read, write (update only)

UpgradeMaintenance
Link

Single-valued, string

Gets or sets a link pointing to the upgrade maintenance page.

Read, write (update only)

UpgradeReminderDelay

Single-valued, integer

Gets or sets the number of days by which the site collection administrator can put off the upgrade reminder.

When this attribute value is set to 0, the status notification shows that an upgrade is required.

Read, write (update only)

UseClaims
Authentication

Single-valued, Boolean

Gets or sets whether claims authentication is enabled.

Read, write (update only)

UseExternalUrlZoneFor
Alerts

Single-valued, Boolean

Gets or sets whether to use an external URL zone in emails providing information about alerts.

If this attribute is set to TRUE and a cross-firewall URL zone is configured, then that zone is used in the emails containing alerts.

If this attribute is set to TRUE, and no cross-firewall URL zone is configured, then the emails containing alerts use the default zone URL for the Web application.

Read, write (update only)

UserDefinedWorkflow
MaximumComplexity

Single-valued, integer

Gets or sets the maximum number of activities and bindings that a user-defined workflow can have.

Read, write (update only)

UserDefinedWorkflows
Enabled

Single-valued, Boolean

Gets or sets whether the users can create workflows in the Web application.

Read, write (update only)

UserPhotoError
Expiration

Single-valued, string (Double)

Gets or sets the period (in hours) upon which the error window for photos expires.

Read, write (update only)

UserPhotoExpiration

Single-valued, string (Double)

Gets or sets the period (in hours) upon which the photo expires.

Read, write (update only)

UserPhotoImportEnabled

Single-valued, Boolean

Gets or sets whether photo import is enabled.

Read, write (update only)

UserPhotoOnlineImport
Enabled

Single-valued, Boolean

Gets or sets whether photo import is enabled for Exchange Online.

Read, write (update only)

WebFileExtensions

Multivalued, string

Gets the list of file name extensions that identify Web files.

Read

WebTemplate object attributes

 

Table 86: WebTemplate object attributes

Attribute

Type

Description

Supported operations

AllowGlobalFeature
Associations

Single-valued, Boolean

Gets whether global feature associations are allows on sites created with the Web template.

Read

CompatibilityLevel

Single-valued, integer

Gets the compatibility level of the web template. This version number is used to perform compatibility checks.

Read

Description

Single-valued, string

Gets the description of the object.

Read

DisplayCategory

Single-valued, string

Gets the name of the category to which the web template belongs.

Read

Id

Single-valued, string

Gets or sets the object’s ID.

Read, write (create only)

IDWebTemplate

Single-valued, integer

Gets the Web template ID.

Read

IsCustomTemplate

Single-valued, Boolean

Gets whether this is a custom Web template.

Read

IsFarmWideTemplate

Single-valued, Boolean

Gets whether the Web template is a farm-wide template and can be used to create sites across the entire SharePoint farm.

Read

IsHidden

Single-valued, Boolean

Gets whether the Web template is hidden from the user interface.

Read

IsRootWebOnly

Single-valued, Boolean

Gets whether the Web template can only be applied to the root site in the site collection.

Read

IsSubWebOnly

Single-valued, Boolean

Gets whether the Web template is only applicable to subsites within the site collection.

Read

IsUnique

Single-valued, Boolean

Gets whether the site created from the Web template inherits from its parent.

Read

Lcid

Single-valued, integer

Gets the locale identifier of the Web template.

Read

Name

Single-valued, string

Gets the Web template’s internal name.

Read

Parent

Single-valued, string, reference (Web object)

Gets or sets the object’s parent.

Read, write (create only)

ProvisionAssembly

Single-valued, string

Gets the name of the assembly that implements the class which contains logic for provisioning sites created through the Web template.

Read

ProvisionClass

Single-valued, string

Gets the name of the class which provides logic for provisioning sites created through the Web template.

Read

ProvisionData

Single-valued, string

Gets the data that is passed to the site provisioning handler when creating sites.

Read

SupportsMultilingualUI

Single-valued, Boolean

Gets whether it is possible to enable alternate user interface languages for the sites created from the Web template.

Read

Title

Single-valued, string

Gets the display name of the web template.

Read

UserLicensingId

Single-valued, string

Gets the per-user license.

Read

VisibilityFeature
DependencyId

Single-valued, string

Gets the GUID of the feature on which the Web template depends.

Read

Considerations for creating objects in SharePoint

When creating objects in SharePoint, please consider the following:

  • RoleAssignment object. To create this object, you must populate the value of the Member attribute for the object. Since Member is a reference attribute, you can only populate its value by configuring a value generation rule. For more information about value generation rules, see Using value generation rules.
  • Site object. To create this object, you must populate the values of attributes Url and Owner for the object.

Configuring data synchronization with the Office 365 Connector

With the Office 365 Connector, you can configure data synchronization connections for the Microsoft 365 service.

NOTE: To use the Office 365 Connector, the Azure BackSync application requires the following minimum set of permissions and roles for implementing automatic permission and role assignment in Active Roles Synchronization Service.

  • Exchange Administrator

  • Directory Writers

Configure these privileges in the Azure portal for the user account you use to configure Azure BackSync.

The Office 365 Connector supports the following features:

Table 87: Supported features

Feature

Supported

Bidirectional synchronization

Specifies whether you can both read and write data in the connected data system.

Yes

Delta processing mode

Specifies whether the connection can process only the data that has changed in the connected data system since the last synchronization operation. This reduces the overall synchronization duration.

No

Password synchronization

Specifies whether you can synchronize user passwords from an Active Directory (AD) domain to the connected data system.

No

Secure Sockets Layer (SSL) data encryption

Specifies whether the connector can use SSL to encrypt data transmitted between Active Roles Synchronization Service and the connected data system.

The Office 365 Connector uses cmdlets supplied by the Microsoft Azure Active Directory Module for Windows PowerShell to access Microsoft 365. For this reason, all traffic between Active Roles Synchronization Service and Microsoft 365 is encrypted using the SSL certificate configured on the Microsoft 365 side.

Yes

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation