Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Synchronization Editor Module for Windows PowerShell

Once you have created a configuration file and have customizedClosed it accordingly, you can generate new synchronization projectsClosed or update existing synchronization projects with the Synchronization Editor Module for Windows PowerShellClosed. You can also opt to use the Synchronization Editor Command Line InterfaceClosed to do this. For more information, see Synchronization Editor Command Line Interface.

To create synchronization projects with the Synchronization Editor ModuleClosed for Windows PowerShell

  1. Start Windows PowerShell.

  2. Switch to the One Identity Manager installation directory.

  3. Load the Synchronization Editor Module for Windows PowerShell.

    Import-Module .\VI.Projector.Editor.PowerShell.dll

  4. Run the New-ProjectorShell CmdLet and set the value for the parameter.

    New-ProjectorShell -Workspace <configuration file> {option} {parameter}

    Example: New-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="Synchronization Project for Active Directory Domain XYZ"}

    NOTE: Mandatory parameter are queried one at a time if you run the CmdLet without additional input.

  5. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.
  6. (Optional) Run the New-ProjectorShell CmdLet with the -Remote option.

    This establishes a remote connection.

    Example: New-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -Remote

  7. If no error occur, run steps 3 and 4 with the -SaveToDatabase option.

    If the synchronization project was created with a project templateClosed, the schemas are shrunk when saved.

To update synchronization projects with the Synchronization Editor Module for Windows PowerShell

  1. Start Windows PowerShell.

  2. Switch to the One Identity Manager installation directory.

  3. Load the Synchronization Editor Module for Windows PowerShell.

    Import-Module .\VI.Projector.Editor.PowerShell.dll

  4. Run the Update-ProjectorShell CmdLet and set the value for the parameter.

    Update-ProjectorShell -Workspace <configuration_file> {option} {parameters}

    Example: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9";Patches="AllFixes,Milestone_OneIM_8.0.2017.1104,VPR#12345,VPR#23456,VPR#34567"}

    NOTE: Mandatory parameter are queried one at a time if you run the CmdLet without additional input.

    • If the target system is accessed when the patch is applied and the connection parameters in the default variable set contain encrypted values, you will be prompted to enter the decrypted values. The names of the required parameters are displayed.

      TIP: Use these parameter names to add a parameter in the configuration file for each encrypted connection parameter. This allows values for the encrypted connection parameters to be passed to the CmdLet when it is called.

      The parameter names must conform to the following naming convention: Decryption_DefaultVariableSet_<variable name>.

      Example of a parameter definition: <Parameter Name="Decryption_DefaultVariableSet_Password" Display="Password of target system user" IsQueryParameter="False"</Parameter>

      Example of a command line call: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9";Patches="AllFixes";Decryption_DefaultVariableSet_Password="A123-z987"}

  5. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.
  6. (Optional) Run the Update-ProjectorShell CmdLet with the -Remote option.

    This establishes a remote connection.

    Example: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -Remote

  7. If no error occur, run steps 3 and 4 with the -SaveToDatabase option.

    If the synchronization project was created with a project template, the schemas are shrunk when saved.

Table 92: Synchronization Editor Module for Windows PowerShell CmdLets

CmdLet

Description

New-ProjectorShell

Creates a new synchronization project using the data from the defined workspace.

Update-ProjectorShell

Applies patches to an existing synchronization project.

Table 93: Options

Option

Description

-?

Displays help.

-Workspace

Full or relative path of the configuration file.

-SaveToDatabase

Saves the new synchronization project in the database. If this option is not given, creating the synchronization project is simulated.

-WorkspaceParameter

Sets the value of the parameter defined in the configuration file. Overwrites default values.

Format: @{Parameter name="value"}

Multiple parameters are separated with semicolons: -WorkspaceParameter @{ParamName1="Value1";ParamName2="Value2"}

-Remote

Establishes the connection to the target system over a remote service connection.

Use a remote connection if it is not possible to directly access the target system from the workstation where the Synchronization Editor is installed.

Maintaining the data store

You set the maintenanceClosed mode in the start up configuration. Depending on the mode, maintenance of the data store is done after each synchronizationClosed whereby One Identity Manager attempts to clean up unresolved references. The contents of the data store can also be displayed in the Synchronization EditorClosed and you can start maintenance manually. In this case, you decide if you want to run maintenance directly on the workstation that the Synchronization Editor was started on, or if it should be run by the One Identity Manager ServiceClosed.

If the One Identity Manager connection is in expert mode, you also see the Data store view.

To display the contents of the data store

  1. Select the Configuration > One Identity Manager connection category.

  2. Open the Data store view.

    In the overview pane you can see the data store contents.

To start maintenance manually

  1. In the Data store view, click Perform maintenance.

  2. To allow maintenance to be run by the One Identity Manager Service, click Yes.

    - OR -

    To run maintenance on the current workstation, click No.

Related topics

Disabling the data store

In synchronization projectsClosed created using a standard project templateClosed, the data store is enabled by default. The data store can be disabled for schema properties in the One Identity Manager schema that map members of many-to-many schema types or key resolutions.

The data store can become very large if thousands of unresolvable references are read in by partial synchronizations. This can affect the synchronization performance. In such cases, it can be helpful to disable the data store.

Disable the data store if the following is true:

  • The number of objects in the data store is very large and causes problems

  • Merge mode is enabled for the members of M:N schema types during provisioning

  • These memberships are never transferred to the target system by full synchronization

IMPORTANT: If the data store is disabled, references that are missing in One Identity Manager will be deleted in the target system when synchronizing into the target system or during provisioning. Therefore, check carefully whether the data store can be disabled.

To disable the data store

  1. In the Synchronization EditorClosed, open the synchronization project.

  2. Select the Mappings.

  3. In the navigation view, select a mapping.

  4. In the One Identity Manager schema view, double-click on the schema property that maps an object reference.

  5. Disable the Save unresolvable keys option.
  6. Click OK.
  7. Save the changes.
Related topics

Troubleshooting

One Identity Manager offers different options for logging errors. These logs help you to analyze synchronizationClosed errors. These include:

For detailed information and help on troubleshooting in One Identity Manager and configuring log files, see the One Identity Manager Process Monitoring and Troubleshooting Guide.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation