Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Synchronization Editor Command Line Interface

Once you have created a configuration file and have customizedClosed it accordingly, you can generate new synchronization projectsClosed or update existing synchronization projects with the Synchronization Editor Command Line InterfaceClosed. You can also opt to use the Synchronization Editor Module for Windows PowerShellClosed to do this. For more information, see Synchronization Editor Module for Windows PowerShell.

To create synchronization projects with the Synchronization Editor Command Line Interface

  1. Start a command line editor.

  2. Switch to the One Identity Manager installation directory.

  3. Run the Synchronization Editor Command Line Interface with the -V option and set the parameter values.

    SynchronizationEditor.CLI.exe --CreateShell {<Options>} <configuration file> {<Parameter>}

    NOTE: If the value of a parameter contains a space or special character, it must be enclosed in quotes.

    Example: SynchronizationEditor.CLI.exe --CreateShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="Synchronization project for Active Directory domain XYZ"

  4. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

    • To transfer the default value defined in the configuration file, click Esc.

  5. (Optional) Run the Synchronization Editor Command Line Interface with the option -R.

    This establishes a remote connection.

    Example: SynchronizationEditor.CLI.exe --CreateShell -R /Workspace=D:\ActiveDirectoryProject.sews

  6. If no error occur, run steps 3 and 4 with the -S option.

    If the synchronization project was created with a project templateClosed, the schemas are shrunk when saved.

To update synchronization projects with the Synchronization Editor Command Line Interface

  1. Start a command line editor.

  2. Switch to the One Identity Manager installation directory.

  3. Run the Synchronization Editor Command Line Interface with the -V option and set the parameter values.

    SynchronizationEditor.CLI.exe --PatchShell {<options>} <configuration file> {<parameter>}

    NOTE: If the value of a parameter contains a space or special character, it must be enclosed in quotes.

    Example: SynchronizationEditor.CLI.exe --PatchShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9" /SetParam Patches=AllFixes,Milestone_OneIM_8.0.2017.1104,VPR#12345,VPR#23456,VPR#34567

    • If the target system is accessed when the patch is applied and the connection parameters in the default variable set contain encrypted values, you will be prompted to enter the decrypted values. The names of the required parameters are displayed.

      TIP: Use these parameter names to add a parameter in the configuration file for each encrypted connection parameter. This allows values for the encrypted connection parameters to be passed to the Synchronization Editor Command Line Interface when it is called.

      The parameter names must conform to the following naming convention: Decryption_DefaultVariableSet_<variable name>.

      Example of a parameter definition: <Parameter Name="Decryption_DefaultVariableSet_Password" Display="Password of target system user" IsQueryParameter="False"</Parameter>

      Example of a command line call: SynchronizationEditor.CLI.exe --PatchShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9" /SetParam Patches=AllFixes /SetParam Decryption_DefaultVariableSet_Password="A123-z987"

  4. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

    • To transfer the default value defined in the configuration file, click Esc.

  5. (Optional) Run the Synchronization Editor Command Line Interface with the option -R.

    This establishes a remote connection.

    Example: SynchronizationEditor.CLI.exe --PatchShell -R /Workspace=D:\ActiveDirectoryProject.sews

  6. If no error occur, run steps 3 and 4 with the -S option.

    If the synchronization project was created with a project template, the schemas are shrunk when saved.

TIP: Run the SynchronizationEditor.CLI.exe without additional input to view help for the Synchronization Editor Command Line Interface.

Table 89: Synchronization Editor Command Line Interface commands

Command

Description

--CreateShell

Creates a new synchronization project using the data from the defined workspace.

Short form: --CS

--PatchShell

Applies patches to an existing synchronization project.

Short form: --PS

Table 90: Synchronization Editor Command Line Interface options

Option

Description

-?|H

Displays help.

-Q

No alert before running irreversible actions.

-V

The Synchronization Editor Command Line Interface is run in verbose mode. Use this option for debugging.

-S

Saves the new synchronization project in the database. If this option is not given, creating the synchronization project is simulated.

-N

Defines whether the Synchronization Editor Command Line Interface opens in non-interactive mode. This may cause requests for parameter input to fail.

Missing encrypted values are also queried in non-interactive mode.

-R

Establishes the connection to the target system over a remote service connection.

Use a remote connection if it is not possible to directly access the target system from the workstation where the Synchronization Editor is installed.

Table 91: Parameter declaration

Parameters

Description

/Workspace

Full or relative path of the configuration file.

/SetParam

Sets the value of the parameter defined in the configuration file. Overwrites default values.

Format: Parameter name=value

Pay attention to the upper and lower case characters in the parameter name.

If a value contains a space or special character, it must be enclosed in quotes. Multiple parameters are declared individually: /SetParam ParamName1=Value1 /SetParam ParamName2=Value2

Synchronization Editor Module for Windows PowerShell

Once you have created a configuration file and have customizedClosed it accordingly, you can generate new synchronization projectsClosed or update existing synchronization projects with the Synchronization Editor Module for Windows PowerShellClosed. You can also opt to use the Synchronization Editor Command Line InterfaceClosed to do this. For more information, see Synchronization Editor Command Line Interface.

To create synchronization projects with the Synchronization Editor ModuleClosed for Windows PowerShell

  1. Start Windows PowerShell.

  2. Switch to the One Identity Manager installation directory.

  3. Load the Synchronization Editor Module for Windows PowerShell.

    Import-Module .\VI.Projector.Editor.PowerShell.dll

  4. Run the New-ProjectorShell CmdLet and set the value for the parameter.

    New-ProjectorShell -Workspace <configuration file> {option} {parameter}

    Example: New-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="Synchronization Project for Active Directory Domain XYZ"}

    NOTE: Mandatory parameter are queried one at a time if you run the CmdLet without additional input.

  5. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

  6. (Optional) Run the New-ProjectorShell CmdLet with the -Remote option.

    This establishes a remote connection.

    Example: New-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -Remote

  7. If no error occur, run steps 3 and 4 with the -SaveToDatabase option.

    If the synchronization project was created with a project templateClosed, the schemas are shrunk when saved.

To update synchronization projects with the Synchronization Editor Module for Windows PowerShell

  1. Start Windows PowerShell.

  2. Switch to the One Identity Manager installation directory.

  3. Load the Synchronization Editor Module for Windows PowerShell.

    Import-Module .\VI.Projector.Editor.PowerShell.dll

  4. Run the Update-ProjectorShell CmdLet and set the value for the parameter.

    Update-ProjectorShell -Workspace <configuration_file> {option} {parameters}

    Example: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9";Patches="AllFixes,Milestone_OneIM_8.0.2017.1104,VPR#12345,VPR#23456,VPR#34567"}

    NOTE: Mandatory parameter are queried one at a time if you run the CmdLet without additional input.

    • If the target system is accessed when the patch is applied and the connection parameters in the default variable set contain encrypted values, you will be prompted to enter the decrypted values. The names of the required parameters are displayed.

      TIP: Use these parameter names to add a parameter in the configuration file for each encrypted connection parameter. This allows values for the encrypted connection parameters to be passed to the CmdLet when it is called.

      The parameter names must conform to the following naming convention: Decryption_DefaultVariableSet_<variable name>.

      Example of a parameter definition: <Parameter Name="Decryption_DefaultVariableSet_Password" Display="Password of target system user" IsQueryParameter="False"</Parameter>

      Example of a command line call: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9";Patches="AllFixes";Decryption_DefaultVariableSet_Password="A123-z987"}

  5. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

  6. (Optional) Run the Update-ProjectorShell CmdLet with the -Remote option.

    This establishes a remote connection.

    Example: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -Remote

  7. If no error occur, run steps 3 and 4 with the -SaveToDatabase option.

    If the synchronization project was created with a project template, the schemas are shrunk when saved.

Table 92: Synchronization Editor Module for Windows PowerShell CmdLets

CmdLet

Description

New-ProjectorShell

Creates a new synchronization project using the data from the defined workspace.

Update-ProjectorShell

Applies patches to an existing synchronization project.

Table 93: Options

Option

Description

-?

Displays help.

-Workspace

Full or relative path of the configuration file.

-SaveToDatabase

Saves the new synchronization project in the database. If this option is not given, creating the synchronization project is simulated.

-WorkspaceParameter

Sets the value of the parameter defined in the configuration file. Overwrites default values.

Format: @{Parameter name="value"}

Multiple parameters are separated with semicolons: -WorkspaceParameter @{ParamName1="Value1";ParamName2="Value2"}

-Remote

Establishes the connection to the target system over a remote service connection.

Use a remote connection if it is not possible to directly access the target system from the workstation where the Synchronization Editor is installed.

Maintaining the data store

You set the maintenanceClosed mode in the start up configuration. Depending on the mode, maintenance of the data store is done after each synchronizationClosed whereby One Identity Manager attempts to clean up unresolved references. The contents of the data store can also be displayed in the Synchronization EditorClosed and you can start maintenance manually. In this case, you decide if you want to run maintenance directly on the workstation that the Synchronization Editor was started on, or if it should be run by the One Identity Manager ServiceClosed.

If the One Identity Manager connection is in expert mode, you also see the Data store view.

To display the contents of the data store

  1. Select the Configuration > One Identity Manager connection category.

  2. Open the Data store view.

    In the overview pane you can see the data store contents.

To start maintenance manually

  1. In the Data store view, click Perform maintenance.

  2. To allow maintenance to be run by the One Identity Manager Service, click Yes.

    - OR -

    To run maintenance on the current workstation, click No.

Related topics

Disabling the synchronization buffer

In synchronization projectsClosed created using a standard project templateClosed, the synchronization buffer is enabled by default. The synchronization buffer can be disabled for schema properties in the One Identity Manager schema that map members of many-to-many schema types or key resolutions.

The synchronization buffer can become very large if thousands of unresolvable references are read in by partial synchronizations. This can affect the synchronization performance. In such cases, it can be helpful to disable the synchronization buffer.

Disable the synchronization buffer if the following is true:

  • The number of objects in the synchronization buffer is very large and causes problems

  • Merge mode is enabled for the members of M:N schema types during provisioning

  • These memberships are never transferred to the target system by full synchronization

IMPORTANT: If the synchronization buffer is disabled, references that are missing in One Identity Manager will be deleted in the target system when synchronizing into the target system or during provisioning. Therefore, check carefully whether the synchronization buffer can be disabled.

To disable the synchronization buffer

  1. In the Synchronization EditorClosed, open the synchronization project.

  2. Select the Mappings.

  3. In the navigation view, select a mapping.

  4. In the One Identity Manager schema view, double-click on the schema property that maps an object reference.

  5. Disable the Save unresolvable keys option.
  6. Click OK.
  7. Save the changes.
Related topics
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione