Chatta subito con l'assistenza
Chat con il supporto

Active Roles 7.6.1 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Deleting a password sync rule

To delete a password sync rule

  1. In the Synchronization Service Administration Console, open the Password Sync tab.
  2. Locate the rule you want to delete, and then click Delete this rule below the rule.

Modifying settings of a password sync rule

You can modify the following settings of an existing password sync rule:

  • Specify how many times you want the Synchronization Service to retry the password synchronization operation in the case of a password synchronization failure.
  • Specify a PowerShell script to transform a source Active Directory user password into an object password in the target connected system.
  • Specify rules to modify the attributes of the target connected system objects on which Synchronization Service changes passwords.

To modify the settings of a password sync rule

  1. In the Synchronization Service Administration Console, open the Password Sync tab.
  2. Click the Password sync settings link below the password sync rule you want to modify.
  3. In the dialog box that opens, use the following tabs:
    • Password Sync Retry Options. Use this tab to specify how many times you want Synchronization Service to retry the password synchronization operation in the event of a password synchronization failure. You can select one of the following options:
    • Unlimited number of times. Causes Synchronization Service to retry the password synchronization operation until it succeeds.
      • This maximum number of times. Specify the maximum number of times you want Synchronization Service to retry the password synchronization operation.
      • Password Transformation Script. Use this tab to type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. Use this tab if you want the object passwords in the source and target connected systems to be different. If you do not want to transform passwords, leave the text box blank.
    • Rules to Modify Object Attributes. Use this tab to specify rules for modifying attribute values on the target connected system objects. These rules will only apply to the objects on which Synchronization Service modifies passwords in the target connected system.
  4. When you are finished, click OK to save your changes.

Fine-tuning automated password synchronization

This section provides information about the optional tasks related to configuring the automated password synchronization from an Active Directory domain to connected data systems.

In this section:

Configuring Capture Agent

Capture Agent has a number of parameters you can modify. After you install the agent, each of these parameters is assigned a default value, as described in the following table:

 

Table 125: Capture Agent parameters

Parameter

Description

Default value

Maximum connection point validity for Capture Agent Service

Determines the period of time (in hours) during which a connection between Capture Agent and Synchronization Service remains valid.

24 hours

Interval between connection retries

Determines the time interval (in minutes) during which Capture Agent tries to reconnect to Synchronization Service.

10 minutes

Maximum duration of a connection attempt

Determines the period of time (in days) during which Capture Agent tries to connect to Synchronization Service to send the information about changed user passwords.

During this period Capture Agent stores the user passwords to be synchronized in an encrypted file.

7 days

Certificate to encrypt Capture Agent traffic

Specifies a certificate for encrypting the password sync data transferred between Capture Agent and Synchronization Service.

For more information, see Specifying a custom certificate for encrypting password sync traffic.

By default, a built-in certificate is used.

Connection Point 1

Define the Synchronization Service instances to which Capture Agent provides information about changed user passwords.

If none of these parameters is set, Capture Agent looks for available instances of the Synchronization Service in the following container:

CN=Active Roles Sync Service,CN=One Identity,CN=System,DC=<domain name>

Connection Point 2

Connection Point 3

Connection Point 4

Connection Point 5

Connection Point 6

Connection Point 7

You can modify the default values of these parameters by using Group Policy and the Administrative Template supplied with the Synchronization Service. The next steps assume that all the domain controllers where the Capture Agent is installed are held within organizational units.

Complete these steps to modify the default Capture Agent settings:

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione