サポートと今すぐチャット
サポートとのチャット

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

How to unmap objects

You can unmap the objects that were mapped earlier.

To unmap objects

  1. In the Synchronization Service Console, open Mapping.
  2. Click the name of the connection for which you want to unmap objects.

  3. Click the mapping pair that specifies the objects types you want to unmap.

  4. Click Unmap now and wait until the unmap operation completes.

    After the unmap operation is completed, the Synchronization Service Console displays a report that provides information about the objects that participated in the unmap operation. At this stage, the application does not unmap the objects. To unmap them, you need to commit the result of the unmap operation.

    To view the details of objects that belong to a given object category, you can click the number provided next to the object category name in the report.

  5. Review the report on the objects that participated in the unmap operation, and then click Commit to unmap the objects.

Automated password synchronization

If your enterprise environment has multiple data management systems, each having its own password policy and dedicated user authentication mechanism, you may face one or more of the following issues:

  • Because users have to remember multiple passwords, they may have difficulty managing them. Some users may even write down their passwords. As a result, passwords can be easily compromised.

  • Each time users forget one or several of their numerous access passwords, they have to ask administrators for password resets. This increases operational costs and translates into a loss of productivity.

  • There is no way to implement a single password policy for all of the data management systems. This too impacts productivity, as users have to log on to each data management system separately in order to change their passwords.

With Synchronization Service, you can eliminate these issues and significantly simplify password management in an enterprise environment that includes multiple data management systems.

Synchronization Service provides a cost-effective and efficient way to synchronize user passwords from an Active Directory domain to other data systems used in your organization. As a result, users can access other data management systems using their Active Directory domain password. Whenever a user password is changed in the source Active Directory domain, this change is immediately and automatically propagated to other data systems, so each user password remains in sync in the data systems at all times.

You need to connect Synchronization Service to the data systems in which you want to synchronize passwords through special connectors supplied with Synchronization Service.

How to automate password synchronization

To automatically synchronize passwords from an Active Directory domain to another data system, complete these steps:

  1. Install Capture Agent on each domain controller in the Active Directory domain you want to be the source for password synchronization operations.

    Capture Agent tracks changes to the user passwords in the source Active Directory domain and provides this information to Synchronization Service, which in turn synchronizes passwords in the target connected systems you specify.

    For more information on how to install Capture Agent, see Managing Capture Agent.

  2. Connect the Synchronization Service to the Active Directory domain where you installed Capture Agent.

    Alternatively, you can configure a connection to Active Roles that manages the source Active Directory domain.

  3. Connect the Synchronization Service to the data system where you want to synchronize user object passwords with those in the source Active Directory domain.

    • For some target data systems (such as SQL Server) you must specify the data you want to participate in the password synchronization by configuring an SQL query.

    • If the target data system is an LDAP directory service accessed via the generic LDAP connector, you must specify the target object type for which you want to synchronize passwords and the attribute where you want to store object passwords.

  4. Ensure that user objects in the source Active Directory domain are properly mapped to their counterparts in the target connected system.

    For more information about mapping objects, see Mapping objects.

    Synchronization Service automatically maps objects between the source Active Directory domain and the target connected system if you configure sync workflows to manage the creation and deprovision operations between the source Active Directory domain (or Active Roles that manages that domain) and the target connected system.

    For more information on sync workflows, see Synchronizing identity data.

  5. Create a password synchronization rule for the target connected system.

    For more information, see Creating a password sync rule.

After you complete the above steps, the Synchronization Service starts to automatically track user password changes in the source Active Directory domain and synchronize passwords in the target connected system.

If necessary, you can fine-tune the password synchronization settings by completing these optional tasks:

Managing Capture Agent

Capture Agent is required to track changes to the user passwords in the Active Directory domain you want to be the authoritative source for password synchronization operations. To synchronize passwords, you must install Capture Agent on each domain controller in the source Active Directory domain.

Whenever a password changes in the source Active Directory domain, the agent captures that change and provides the changed password to the Synchronization Service. In turn, the Synchronization Service uses the provided information to synchronize passwords in the target connected systems according to your settings.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択