Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Installing EXO PowerShell module

To use modern authentication in Active Roles cmdlet execution, use the Exchange Online (EXO) PowerShell V2 module. Exchange Online PowerShell V2 module allows you to connect Exchange Online PowerShell with Modern Authentication. The EXO V2 cmdlets are REST API-based cmdlets that are much faster and reliable.

NOTE: You can install the EXO PowerShell x64 module only. For more information, see About the Exchange Online PowerShell module.

Installing EXO V2 PowerShell module

  1. Start Windows PowerShell with administrator privileges.

  2. Install PowerShellGet Module. To install the ExchangeOnlineManagement module, you need PowerShellGet 2.0 or later version. To install PowerShellGet Module, run the following cmdlet:

    Install-Module PowerShellGet -Force

  3. After installing PowerShellGet Module, close the Console and reopen it with administrator privilege.

  4. Run the following cmdlet to install Exchange Online PowerShell V2 Module:

    Install-Module –Name ExchangeOnlineManagement

    By default, the module is installed in C:\Program Files\WindowsPowerShell\Modules.

    The module can also be installed in a custom location and add module path to value of the PSModulePath environment variable value. For more information, see about_PSModulePath.

Example
Find-Module -Name 'ExchangeOnlineManagement' -Repository 'PSGallery' | Save-Module -Path <custompath>
$envarname = "PSModulePath"
$envar = (get-item env:$envarname).Value
[Environment]::SetEnvironmentVariable($envarname, $envar + ";<customPath>", "Machine")

Upgrade from 7.3.x or 7.4.x to the latest version

Even if Modern Authentication has been previously disabled in Active Roles Synchronization Service 7.4.3 by setting ModernAuthentication to false in the Office365ConnectorConfig.xml configuration file, upgrading to the latest version of Active Roles Synchronization Service will result in Modern Authentication being enabled by default.

Working with Modern Authentication

Before enabling or disabling Modern Authentication in Active Roles Synchronization Service, enable Modern Authentication for the Azure tenant on the Exchange Online Management module. For more information on connecting to the EXO PowerShell module, see Enable or disable modern authentication for Outlook in Exchange Online and Disable Basic authentication in Exchange Online in the Microsoft Documentation.

Even if Modern Authentication has been previously disabled in Active Roles Synchronization Service 7.4.3 by setting ModernAuthentication to false in the Office365ConnectorConfig.xml configuration file, upgrading to the latest version of Active Roles Synchronization Service will result in Modern Authentication being enabled by default.

NOTE: Exchange Online Management module version 2.0.4 enforces Modern Authentication, causing the Office 365 connector connections to fail, if Modern Authentication is not enabled for the Azure tenant. Perform one of the following actions to prevent the issue:

  • In the Office365ConnectorConfig.xml configuration file, disable Modern Authentication and add /organizations. Example:

    <Tenants>
							<Tenant Name="mytenant.OnMicrosoft.com" ModernAuthentication="false"/>
							/organizations
			</Tenants>

  • Roll back to Exchange Online Management module version 2.0.3.

To enable or disable Modern Authentication in the Office 365 Connector configuration file

  1. Navigate to the folder where Active Directory Synchronization Service is installed.

  2. Locate the Office365ConnectorConfig.xml configuration file.

  3. To enable or disable Modern Authentication, set the value in the ModernAuthentication tag.

    • To enable Modern Authentication, set the value to true.

      <Tenant Name="mytenant.OnMicrosoft.com" ModernAuthentication="true"/>

    • To disable Modern Authentication, set the value to false.

      <Tenant Name="mytenant.OnMicrosoft.com" ModernAuthentication="false"/>
Example of enabling Modern Authentication
<ModernAuthenticationConfig>
				<Tenants>
				<!-- Example : <Tenant Name="mytenant.OnMicrosoft.com" ModernAuthentication="true"/>-->
				</Tenants>
			</ModernAuthenticationConfig>

NOTE: For multiple tenants, use mytenant1.OnMicrosoft.com, mytenant2.OnMicrosoft.com, and so on. For multiple tenants, each tenant should have a separate tenant child node under the Tenants node.

<ModernAuthenticationConfig>
					<Tenants>
					<Tenant Name="mytenant1.OnMicrosoft.com" ModernAuthentication="true"/>
					<Tenant Name="mytenant2.OnMicrosoft.com" ModernAuthentication="true"/>
					.
					.
					</Tenants>
				</ModernAuthenticationConfig>
Example of disabling Modern Authentication
<ModernAuthenticationConfig>
				<Tenants>
				<!-- Example : <Tenant Name="mytenant.OnMicrosoft.com" ModernAuthentication="false"/>-->
				</Tenants>
			</ModernAuthenticationConfig>

Working with Microsoft Azure Active Directory

To create a connection to Microsoft Azure Active Directory, use the Microsoft Azure AD Connector of the Active Roles Synchronization Service.

The Microsoft Azure AD Connector supports the following features:

Table 98: Microsoft Azure AD Connector – Supported features

Feature

Supported

Bidirectional synchronization

Specifies whether you can both read and write data in the connected data system.

Yes

Delta processing mode

Specifies whether the connection can process only the data that has changed in the connected data system since the last synchronization operation. This reduces the overall synchronization duration.

No

Password synchronization

Specifies whether you can synchronize user passwords from an Active Directory (AD) domain to the connected data system.

Yes

Secure Sockets Layer (SSL) data encryption

Specifies whether the connector can use SSL to encrypt data transmitted between Active Roles Synchronization Service and the connected data system.

Yes

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation