サポートと今すぐチャット
サポートとのチャット

Active Roles 8.1.4 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Supported AWS Managed Microsoft AD deployment configuration

To manage AWS Managed Microsoft AD environments, you must deploy Active Roles in Amazon Web Services (AWS) in the following configuration:

  • Active Roles must be deployed on an Amazon Elastic Compute Cloud (EC2) instance or instances. For more information, see the Amazon Elastic Compute Cloud documentation.

  • The SQL Server required by Active Roles Administration Service must run on a separate Amazon Relational Database Service for Microsoft SQL Server (RDS for SQL Server) instance. For more information, see the Amazon RDS documentation.

  • The Active Directory environment must be hosted in AWS via AWS Directory Service. For more information, see the AWS Directory Service documentation.

NOTE: Support for AWS Managed Microsoft AD by Active Roles was tested only in this configuration. Active Roles does not officially support managing AWS Managed Microsoft AD environments in a hybrid deployment, that is, using an on-premises Active Roles and/or SQL Server installation and hosting AD via AWS Directory Service.

Synchronization Service features and limitations when used with AWS Managed Microsoft AD

If configured to manage AWS Managed Microsoft AD in the Amazon cloud, Active Roles Synchronization Service offers the following features:

  • Synchronization Service connections and sync workflows based on the following Active Roles Synchronization Service connectors:
    • Active Directory Connector

    • Active Roles Connector

    • Delimited Text File Connector

  • Synchronizing passwords with Active Roles Synchronization Service from on-premises AD to AWS Managed Microsoft AD.

However, when using Synchronization Service in an EC2 instance in the Amazon cloud, also consider the following limitations.

Amazon Web Services limitations

For Active Roles installations deployed in Amazon Elastic Compute Cloud (EC2) instances and SQL Servers hosted on Amazon Relational Database Service for SQL Server (RDS for SQL Server) instances, the known EC2 and RDS limitations apply.

Synchronization Service limitations
  • When synchronizing directory data or passwords from on-premises Active Directory to AWS Managed Microsoft AD, Active Roles Synchronization Service has the following limitations:

    • Active Roles Synchronization Service was only tested to work with connections and sync workflows based on the following connectors:

      • Active Directory Connector

      • Active Roles Connector

      • Delimited Text File Connector

      Sync workflows and connections based on other connectors are not officially supported.

    • When synchronizing passwords from an on-premises Active Directory to AWS Managed Microsoft AD, synchronizing the pwdHash attribute and synchronizing then populating the SIDHistory attribute to AWS Managed Microsoft AD is not supported. This is because the Synchronization Service Capture Agent cannot be installed in an AWS Managed Microsoft AD environment.

  • Synchronizing passwords from AWS Managed Microsoft AD to on-premises AD with Active Roles Synchronization Service is not supported. This is because the Synchronization Service Capture Agent cannot be installed in an AWS Managed Microsoft AD environment.

Main steps of configuring Active Roles for AWS Managed Microsoft AD

If your organization and environment meet the Deployment requirements for AWS Managed Microsoft AD support, configuring Active Roles for managing AWS Managed Microsoft AD via AWS Directory Service has the following main steps:

  1. Creating your AWS Managed Microsoft AD environment.

  2. Creating an Amazon Elastic Compute Cloud (EC2) instance for Active Roles.

  3. Joining the EC2 instance to AWS Managed Microsoft AD.

  4. Creating an Amazon Relational Database Service for SQL Server (RDS for SQL Server) instance to host the Active Roles Management History and Configuration databases.

  5. Verifying the connectivity between the EC2 and RDS instances.

  6. Installing and configuring Active Roles on the EC2 instance.

  7. (Optional) Installing and configuring Active Roles Synchronization Service on the EC2 instance. For more information, see Installing and configuring Synchronization Service to manage AWS Managed Microsoft AD resources in the Active Roles Synchronization Service Administration Guide.

Deployment requirements for AWS Managed Microsoft AD support

Before starting the deployment and configuration of Active Roles to manage AWS Managed Microsoft AD via AWS Directory Service, make sure that the following requirements are met.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Connectivity requirements

You must have:

  • Stable network connectivity to Amazon Web Services (AWS).

  • Port 1433 open and available for the Amazon Relational Database Service (RDS) service.

  • Access to the AWS service with the AWSAdministratorAccess permission.

    NOTE: Make sure that you have AWSAdministratorAccess permission, as it is required for certain configuration steps. The AWSPowerUserAccess permission is not sufficient for completing the entire configuration procedure.

Infrastructure requirements

To deploy and configure Active Roles for AWS Managed Microsoft AD, you must have access to the following AWS services and resources:

  • AWS Managed Microsoft AD deployed via AWS Directory Service.

  • One or more Amazon Elastic Compute Cloud (EC2) instance(s) hosting the Active Roles services and components.

    The EC2 instance(s) must have, at minimum:

    • 2 vCPUs running at 2.0 GHz.

    • 4 GB of RAM.

    TIP: One Identity recommends hosting the main Active Roles services and components (the Active Roles Service and Console, and the Active Roles Web Interface) on separate EC2 instances. If you deploy all Active Roles services and components in a single EC2 instance, use a more powerful instance to ensure a better user experience for the product.

    NOTE: AWS Managed Microsoft AD support was tested with a single t2.large EC2 instance.

  • An Amazon Relational Database Service for SQL Server (RDS for SQL Server).

    NOTE: AWS Managed Microsoft AD support was tested with an RDS instance running the latest version of Microsoft SQL Server.

Make sure that all these components are discoverable or visible to each other.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択