About scenarios
This section provides some use case scenarios that help you familiarize yourself with Synchronization Service. The scenarios illustrate how to create and run sync workflows and their steps to update and create user information from a Human Resources database represented by a delimited text file to an Active Directory domain.
The scenarios are:
Scenario 1: Create users from a .csv file to an Active Directory domain. In this scenario, Synchronization Service creates user accounts from a Comma Separated Values (.csv) file that includes a Human Resources (HR) database to individual Organizational Units in an Active Directory domain, depending on the city where each user is based.
Scenario 2: Use a .csv file to update user accounts in an Active Directory domain. In this scenario, Synchronization Service updates user accounts in an Active Directory domain based on the changes made to the Human Resources (HR) database saved in a Comma Separated Values (.csv) file.
Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain. In this scenario, Quick Connect updates data in One Identity Manager based on the changes made in Active Directory domain.
Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain. In this scenario, Quick connect deprovisioning synchronized objects in One Identity Manager processed from the Active Directory domain.
Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain. In this scenario, Quick Connect provisions group objects to be synchronized to One Identity Manager from Active Directory domain.
Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain. In this scenario, Quick Connect updates data in One Identity Manager based on the changes made in Active Directory domain in the delta sync mode.
Before you proceed with these sample scenarios, perform the following steps:
Make sure you have properly configured the connection to the target Active Directory domain in the Synchronization Service Administration Console.
Create the Employees Organizational Unit (OU) at the root of the target Active Directory domain.
In the Employees OU, create the following OUs:
New York
Tokyo
Amsterdam
OtherCities
Scenario 1: Create users from a .csv file to an Active Directory domain
The following scenario demonstrates how to create user accounts from a Human Resources (HR) database to an Active Directory domain. The HR database is represented by a sample Comma Separated Values (.csv) file. Depending on the user city, accounts will be created in one of the following OUs:
- Employees\New York
- Employees\Tokyo
- Employees\Amsterdam
- Employees\OtherCities
This scenario includes the following steps:
- Step 1: Create a sync workflow
- Step 2: Add a creating step
- Step 3: Run the configured creating step
- Step 4: Commit changes to Active Directory
Step 1: Create a sync workflow
To create a new sync workflow
- Start the Synchronization Service Administration Console.
- Open the Sync Workflows tab, and then click Add sync workflow.
- Type a descriptive name for the sync workflow being created, and then click OK to create the sync workflow.
Step 2: Add a creating step
This section provides instructions on how to:
- Connect Synchronization Service to the source Comma Separated Values (.csv) file and target Active Directory domain.
- Add a new creating step and configure its settings, for example, specify the object attributes to create.
- Develop a Windows PowerShell script that returns the name of an Active Directory container for created user accounts.
- Preview a list of user accounts to be created.
To add a creating step
- In the Synchronization Service Administration Console, open the Sync Workflows tab, and then click the sync workflow you created in Step 1: Create a sync workflow.
- Click Add synchronization step.
- On the Select an action page, select Creation, and then click Next.
- On the Specify source and criteria page, click Specify, click Add new connected system, and then step through the wizard to add the sample Comma Separated Values (.csv) file as a connected system:
- Use the Connection name box to type a descriptive name for the connection being created.
- In the Use the specified connector list, select Delimited Text File Connector. Click Next.
- Click Browse to locate and select the sample Comma Separated Values (.csv) file supplied with Synchronization Service. This file is located in the folder
<Synchronization Service installation folder>\Samples. - Step through the wizard until you are on the Specify attributes to identify objects page.
- In the Available attributes list, select Employee ID, click Add, and then click Finish.
- Click Next.
- On the Specify target page, click Specify, and then step through the wizard to add the target Active Directory domain as a connected system:
- Use the Connection name box to type a descriptive name for the connection being created.
- In the Use the specified connector list, select Active Directory Connector. Click Next.
- Use the Domain name box to type the FQDN name of the target Active Directory domain. If necessary, adjust other connection settings on this page as appropriate. Click Finish.
- Click the down arrow on the button provided next to the Target container option.
- In the provided list, click PowerShell Script.
- Insert the following script sample into the dialog box, and then click OK:
$userCity = $srcObj["City"]
switch ($userCity)
{
"New York" {$container = "OU=New York,OU=Employees,DC=mycompany,DC=com"; break}
"Amsterdam" {$container = "OU=Amsterdam,OU=Employees,DC=mycompany,DC=com"; break}
"Tokyo" {$container = "OU=Tokyo,OU=Employees,DC=mycompany,DC=com"; break}
default {$container = "OU=OtherCities,OU=Employees,DC=mycompany,DC=com"; break}
}
$containerNOTE: Before using the script, change the "DC=mycompany",DC=com" string as appropriate to reflect your environment. For example, if you have created the Employees OU in the testlab.ttt domain, use the following string: "DC=testlab,DC=ttt"
- Click the down arrow on the leftmost button provided below the Rules to generate unique object name list.
- In the provided list, click Attribute.
- Select Logon Name, and then click OK. Click Next.
- Expand Initial Attribute Population Rules, and then create forward sync rules to synchronize the following pairs of attributes:
Table 106: Initial attribute population rules CSV file attribute
Synchronization direction
Active Directory attribute
Logon Name
=>
Logon Name (Pre-Windows 2000)
First Name
=>
First Name
Last Name
=>
Last Name
City
=>
City
For information on how to create rules, see Modifying attribute values by using rules.
- Expand Initial Password, click Text, and type a password in the Set Password dialog box. Click OK.
- Optionally, you can expand User Account Options to modify the default options to create new user accounts.
- Click Finish to close the wizard.