Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Working with Active Roles

To create a connection to Active Roles, you need to use Synchronization Service in conjunction with a special connector called Active Roles Connector included in the Synchronization Service package.

The Active Roles Connector supports the following Synchronization Service features:

Table 37: Active Roles Connector – Supported features

Feature

Supported

Bidirectional synchronization

Specifies whether you can both read and write data in the connected data system.

Yes

Delta processing mode

Specifies whether the connection can process only the data that has changed in the connected data system since the last synchronization operation. This reduces the overall synchronization duration.

Yes

Password synchronization

Specifies whether you can synchronize user passwords from an Active Directory (AD) domain to the connected data system.

Yes

The Active Roles Connector supports linked attributes in the Active Directory schema. Linked attributes allow you to associate one object with another object. Linked attributes exist in pairs:

  • Forward link attribute: This is a linked attribute that exists on a source object (for example, the member attribute on the Group object). Forward link attributes can be single-valued or multivalued.

  • Back link attribute: This is a linked attribute that can be specified on a target object (for example, the memberOf attribute on the User object). Back link attributes are multivalued and they must have a corresponding forward link attribute. Back link attributes are not stored in Active Directory. Rather, they are calculated based on the corresponding forward link attribute each time a query is issued.

Creating an Active Roles connection

You can create a connection to Active Roles right after you install Synchronization Service on your computer.

To create a new connection

  1. In the Synchronization Service Console, open the Connections tab.
  2. Click Add connection, then use the following options:
    • Connection name: Type a descriptive name for the connection.

    • Use the specified connector: Select Active Roles Connector.

  3. Click Next.

  4. On the Specify connection settings page, use the following options:

    • Connect to: Allows you to specify the Active Roles Administration Service to be used by the Synchronization Service. You can use one of the following options:

      • Administration Service on the specified computer: Type the name of the computer running the Administration Service you want the Synchronization Service to use.

      • Any Administration Service of the same configuration: Specify any Administration Service whose database holds the necessary configuration: type the DNS name of the computer running that Administration Service. If Active Roles replication is used to synchronize configuration data, this must be any Administration Service whose database server acts as the Publisher for the configuration database.

    • Active Roles version: Prompts you to specify the version of the Active Roles Administration Service to which you want to connect. You can choose to connect either to version 7.0 or later or to version 6.9 or earlier. In the latter case, you have to install the Active Roles ADSI Provider of the respective legacy Active Roles version on the computer running the Synchronization Service. For installation instructions, see the Active Roles Quick Start Guide for version 6.9 or earlier.

    • Access Active Roles Administration Service using: Allows you to specify an authentication option to access the Active Roles Administration Service. You can use one of the following options:

      • Synchronization Service account: Allows you to access the Administration Service in the security context of the user account under which the Synchronization Service is running.

      • Windows account: Allows you to access the Administration Service in the security context of the user account whose user name and password you specify below this option.

    • Test Connection: Click this button to verify the specified connection settings.

  5. Click Finish to create a connection to Active Roles.

Modifying an Active Roles connection

To modify connection settings

  1. In the Synchronization Service Console, open the Connections tab.

  2. Click Connection settings below the existing Active Roles connection you want to modify.

  3. On the Specify connection settings page, use the following options:

    • Connect to: Allows you to specify the Active Roles Administration Service to be used by the Synchronization Service. You can use one of the following options:

      • Administration Service on the specified computer: Type the name of the computer running the Administration Service you want the Synchronization Service to use.

      • Any Administration Service of the same configuration: Specify any Administration Service whose database holds the necessary configuration: type the DNS name of the computer running that Administration Service. If Active Roles replication is used to synchronize configuration data, this must be any Administration Service whose database server acts as the Publisher for the configuration database.

    • Active Roles version: Prompts you to specify the version of the Active Roles Administration Service to which you want to connect. You can choose to connect either to version 7.0 or later or to version 6.9 or earlier. In the latter case, you have to install the Active Roles ADSI Provider of the respective legacy Active Roles version on the computer running the Synchronization Service. For installation instructions, see the Active Roles Quick Start Guide for version 6.9 or earlier.

    • Access Active Roles Administration Service using: Allows you to specify an authentication option to access the Active Roles Administration Service. You can use one of the following options:

      • Synchronization Service account: Allows you to access the Administration Service in the security context of the user account under which the Synchronization Service is running.

      • Windows account: Allows you to access the Administration Service in the security context of the user account whose user name and password you specify below this option.

    • Test Connection: Click this button to verify the specified connection settings.

  4. Click Save.

Working with One Identity Manager

To create a connection to One Identity Manager, use the One Identity Manager Connector of Active Roles Synchronization Service.

The One Identity Manager Connector supports the following Synchronization Service features:

Table 38: One Identity Manager Connector – Supported features

Feature

Supported

Bidirectional synchronization

Specifies whether you can both read and write data in the connected data system.

Yes

Delta processing mode

Specifies whether the connection can process only the data that has changed in the connected data system since the last synchronization operation. This reduces the overall synchronization duration.

Yes

Password synchronization

Specifies whether you can synchronize user passwords from an Active Directory (AD) domain to the connected data system.

No

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation