サポートと今すぐチャット
サポートとのチャット

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Configuring data synchronization with the Office 365 Connector
Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization
ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services
Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data
Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Step 1: Obtain and install a certificate

To obtain and install a certificate, you have to make a certificate request. There are two methods to request a certificate in Windows Server (2016 or later):

  • Request certificates using the Certificate Request Wizard. To request certificates from a Windows Server enterprise certification authority, you can use the Certificate Request Wizard.
  • Request certificates using the Windows Server Certificate Services Web interface. Each certification authority that is installed on a computer running Windows Server has a Web interface that allows the users to submit certificate requests. By default, the Web interface is accessible at http://servername/certsrv, where servername refers to the name of the computer running Windows Server.

This section provides steps to request certificates using the Windows Server Certificate Services Web interface. For detailed information about the Certificate Request Wizard, refer to the documentation on Certification Authority.

To request a certificate using the Windows Server Certificate Services Web interface

  1. Use a Web browser to open to http://servername/certsrv, where servername refers to the name of the Web server running Windows Server where the certification authority that you want to access is located.
  2. On the Welcome Web page, click Request a certificate.
  3. On the Request a Certificate Web page, click advanced certificate request.
  4. On the Advanced Certificate Request Web page, click Create and submit a certificate request to this CA.
  5. On the Web page that opens, do the following:
    • Select the Store certificate in the local computer certificate store check box.
    • Under Additional Options, select the PKCS10 option, and in the Friendly Name text box, specify a name for your certificate (such as My QC Certificate).

    Keep default values for all other options.

  1. Click Submit.
  2. On the Certificate Issued Web page, click Install this certificate.

After you install the certificate, it becomes available in the Certificates snap-in, in the Personal/Certificates store.

Step 2: Export custom certificate to a file

In this step, you export the issued certificate to a file. You will need the file to install the certificate on each domain controller running Capture Agent and on each computer running Synchronization Service.

To export the certificate

  1. On the computer where you installed the certificate in step 1, open the Certificates - Local Computers snap-in.
  2. In the console tree, click the Personal/Certificates store.
  3. In the details pane, click the issued certificate you want to export.
  4. On the Action menu, point to All Tasks, and then click Export.
  5. Step through the wizard.
  6. On the Export Private Key page, select Yes, export the private key, and then click Next.

    This option is available only if the private key is marked as exportable and you have access to the private key.

  1. On the Export File Format page, do the following, and then click Next:
    • To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.
    • To enable strong protection, select the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box.
  2. On the Password page, use the Password text box to type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.
  3. On the File to Export page, use the File name text box to specify the PKCS #12 file to which you want to export the certificate along with the private key, and click Next.
  4. On the Completion page, revise the specified settings and click Finish to create the file and close the wizard.

Step 3: Import certificate into certificates store

In this step, you import the certificate to the Personal\Certificates certificate store by using the Certificates snap-in. You must complete this step on each domain controller running Capture Agent and on each computer running Synchronization Service that will participate in the password synchronization.

To import the certificate

  1. Open the Certificates - Local Computers snap-in.
  2. In the console tree, click the Personal\Certificates logical store.
  3. On the Action menu, point to All Tasks and then click Import.
  4. Step through the wizard.
  5. On the File to Import page, in File name, type the file name containing the certificate to be imported or click Browse and to locate and select the file. When finished, click Next.
  6. On the Password page, type the password used to encrypt the private key, and then click Next.
  7. On the Certificate Store page, ensure that the Place all certificates in the following store option is selected, and the Certificate store text box displays Personal, and then click Next.
  8. On the Completion page, revise the specified settings and click Finish to import the certificate and close the wizard.

Step 4: Copy certificate’s thumbprint

In this step, you copy the thumbprint of your custom certificate. In the next steps, you will need to provide the thumbprint to Capture Agent and Synchronization Service.

To copy the thumbprint of your custom certificate

  1. Open the Certificates - Local Computer snap-in.
  2. In the console tree, click the Personal store to expand it.
  3. Click the Certificates store to expand it.
  4. In the details pane, double-click the certificate.
  5. In the Certificate dialog box, click the Details tab, and scroll through the list of fields to select Thumbprint.
  6. Copy the hexadecimal value of Thumbprint to Clipboard.

You will need the copied thumbprint value to configure the Capture Agent and Synchronization Service.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択