Chatta subito con l'assistenza
Chat con il supporto

Active Roles 8.1.3 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Modifying settings for a password sync rule

You can modify the following settings of an existing password sync rule:

  • Specify how many times you want the Synchronization Service to retry the password synchronization operation in the case of a password synchronization failure.

  • Specify a PowerShell script to transform a source Active Directory user password into an object password in the target connected system.

  • Specify rules to modify the attributes of the target connected system objects on which Synchronization Service changes passwords.

To modify the settings of a password sync rule

  1. In the Synchronization Service Console, open the Password Sync tab.

  2. Click the Password sync settings link below the password sync rule you want to modify.

  3. In the dialog that opens, use the following tabs:

    • Password Sync Retry Options: Use this tab to specify how many times you want Synchronization Service to retry the password synchronization operation in the event of a password synchronization failure. You can select one of the following options:

      • Unlimited number of times: Causes Synchronization Service to retry the password synchronization operation until it succeeds.

      • This maximum number of times: Specify the maximum number of times you want Synchronization Service to retry the password synchronization operation.

    • Password Transformation Script: Use this tab to type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. Use this item if you want the object passwords in the source and target connected systems to be different. If you do not want to transform passwords, leave the text box blank.

    • Rules to Modify Object Attributes: Use this tab to specify rules for modifying attribute values on the target connected system objects. These rules will only apply to the objects on which Synchronization Service modifies passwords in the target connected system.

  4. When you are finished, click OK to save your changes.

Fine-tuning automated password synchronization

This section provides information about the optional tasks related to configuring the automated password synchronization from an Active Directory domain to connected data systems.

Configuring Capture Agent

Capture Agent has a number of parameters you can modify. After you install the agent, each of these parameters is assigned a default value, as described in the following table:

Table 109: Capture Agent parameters

Parameter

Description

Default value

Maximum connection point validity for Capture Agent Service

Determines the period of time (in hours) during which a connection between Capture Agent and Synchronization Service remains valid.

24 hours

Interval between connection retries

Determines the time interval (in minutes) during which Capture Agent tries to reconnect to Synchronization Service.

10 minutes

Maximum duration of a connection attempt

Determines the period of time (in days) during which Capture Agent tries to connect to Synchronization Service to send the information about changed user passwords.

During this period Capture Agent stores the user passwords to be synchronized in an encrypted file.

7 days

Certificate to encrypt Capture Agent traffic

Specifies a certificate for encrypting the password sync data transferred between Capture Agent and Synchronization Service.

For more information, see Specifying a custom certificate for encrypting password sync traffic.

By default, a built-in certificate is used.

Connection Point 1

Define the Synchronization Service instances to which Capture Agent provides information about changed user passwords.

If none of these parameters is set, Capture Agent looks for available instances of the Synchronization Service in the following container:

CN=Active Roles Sync Service,CN=One Identity,CN=System,DC=<domain name>

Connection Point 2

Connection Point 3

Connection Point 4

Connection Point 5

Connection Point 6

Connection Point 7

You can modify the default values of these parameters by using Group Policy and the Administrative Template supplied with the Synchronization Service. The next steps assume that all the domain controllers where the Capture Agent is installed are held within organizational units.

Creating and linking a Group Policy object

Create a new Group Policy object. Link the object to each organizational unit holding the domain controllers on which the Capture Agent is installed. For more information, see the documentation for your version of the Windows operating system.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione