To configure Synchronization Service you installed in Step 1: Install Synchronization Service, you can use one of the following methods:
To configure Synchronization Service from scratch using a new database
If you want to store the configuration settings and synchronization data in a single SQL Server database, clear the Store sync data in a separate database check box, and then specify the database name.
If you want to store the configuration settings and synchronization data in two separate databases, select that check box, and then specify the database in which you want to store the synchronization. data.
To configure Synchronization Service using an existing database
After you configure Synchronization Service, you can change its settings at any time using this Configuration wizard. To start the wizard, start the Administration console and click the gear icon in the upper right corner of the console.
Prerequisites to configure the back-synchronization:
The user account used to perform Back sync configuration must have the following privileges:
User Administrator
Privileged Role Administrator
Exchange Administrator
Application Administrator
The Windows Azure Active Directory (Azure AD) module version 2.0.0.131 or later must be installed for the backsync feature to work successfully.
Directory Writers Role must be enabled in Azure Active Directory. To enable the role use the following script:
$psCred=Get-Credential
Connect-AzureAD -Credential $psCred
$roleTemplate = Get-AzureADDirectoryRoleTemplate | ? { $_.DisplayName -eq "Directory Writers" }
# Enable an instance of the DirectoryRole template
Enable-AzureADDirectoryRole -RoleTemplateId $roleTemplate.ObjectId
To configure Azure backsync in Active Roles Synchronization Service
In the upper right corner of the Synchronization Service Administration Console, select Settings | Configure Azure BackSync.
The Configure BackSync operation in Azure with on-prem Active Directory objects dialog box is displayed.
In the dialog box that opens:
Enter the Azure domain valid Account ID credentials, and click Test Office 365 Connection.
Use Internet Explorer settings: Causes the connector to automatically detect and use the proxy server settings specified in Microsoft Internet Explorer installed on the Synchronization Service computer.
Use WinHTTP settings: Causes the connector to use the proxy server settings configured for Windows HTTP Services (WinHTTP).
Automatically detect: Automatically detects and uses proxy server settings.
Do not use proxy settings: Specifies to not use proxy server for the connection.
On successful validation, the success message that the Office 365 Connection settings are valid is displayed.
Enter the valid Active Roles account details and click Test Active Roles Connection.
On successful validation the success message that the Active Roles connection settings are valid is displayed.
The Azure App registration is done automatically. The required connections, mappings, and workflow steps are created automatically. For more information on the automatically created backsync settings, see Settings updated after Azure backsync configuration operation.
On successful configuration the success message is displayed.
If the Azure BackSync settings are already configured in the system, a warning message is displayed to confirm if you want to override the existing backsync settings with the new settings. If yes, click Override BackSync Settings. Else, click Cancel to retain the existing settings.
This section gives descriptions about the Azure App registration, connections, mappings, and workflow steps that are created automatically as a result of the Azure backsync configuration operation.
The Azure App is created automatically with the default name as ActiveRoles AutocreatedAzureBackSyncApp_V2.
|
NOTE: After the Azure App is registered in Azure, you must not delete or modify the application. The backsync operation will not work as expected in case you modify or delete the registered Azure App. |
On the Synchronization Service Administration Console, click Sync Workflows to view the sync workflow named AutoCreated_AzureADBackSyncWorkflow that is created as a result of the Azure BackSync configuration. The workflow displays the following synchronization update steps from Azure AD to Active Roles for users, groups, and contacts.
|
NOTE:
|
On the Synchronization Service Administration Console, click Connections to view the connections from Active Roles, Azure AD, and Office 365 to external data systems. The following connections are configured and displayed by default:
On the Synchronization Service Administration Console, click Mapping to view the Mapping rules which identify the users, groups, or contacts in Azure AD and on-premises AD uniquely and map the specified properties from Azure AD to Active Roles appropriately.
On the Mapping tab, click a connection name to view or modify the mapping settings for the corresponding connection. The user, group, and contact mapping pair information is displayed by default as a result of the Azure BackSync configuration. For example, the property userprincipalname can be used to map users between on-premises AD and Azure AD in a federated environment.
|
NOTE:
|
If you have synchronization workflows configured and run by Quick Connect (predecessor of Synchronization Service), or earlier versions of Synchronization Service, then you can transfer those synchronization workflows to Active Roles and have them run by Synchronization Service.
You can transfer synchronization workflows from the following Quick Connect or Synchronization Service versions:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책