지금 지원 담당자와 채팅
지원 담당자와 채팅

Active Roles 7.5.3 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory Working with SCIM
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Installing Capture Agent manually

You can use this method to manually deploy Capture Agent on each domain controller in the source Active Directory domain.

To manually install Capture Agent

  1. Run one of the following files supplied with the Synchronization Service installation package:
    • On a 32-bit domain controller, run the file SyncServiceCaptureAgent_7.5_x86.msi.
    • On a 64-bit domain controller, run the file SyncServiceCaptureAgent_7.5_x64.msi.

    You can find these files in the Solutions folder on the Active Roles distribution media.

  1. Step through the wizard to complete the agent installation.

You can perform an unattended installation of Capture Agent as follows.

To perform an unattended installation

On a 32-bit system, enter the following syntax at a command prompt:

msiexec /i "<Path to SyncServiceCaptureAgent_7.5.3_x86.msi>" /qb
INSTALLDIR="<Path to installation folder>" REBOOT="<Value>"

On a 64-bit system, enter the following syntax at a command prompt:

msiexec /i "<Path to SyncServiceCaptureAgent_7.5.3_x64.msi>" /qb
INSTALLDIR="<Path to installation folder>" REBOOT="<Value>"

In the above syntax:

 

Table 121: Arguments

Argument

Description

INSTALLDIR

Specifies the installation folder for the Capture Agent. When this argument is omitted, the following default installation folder is used:

%ProgramFiles%\One Identity\Active Roles\7.5\SyncServiceCaptureAgent

REBOOT

Allows you to suppress a system restart in a situation where a restart is required for the Capture Agent installation to complete.

To suppress the restart, use the following syntax: REBOOT="ReallySupress"

Using Group Policy to install Capture Agent

You can use this method to automatically deploy Capture Agent on each domain controller in the source Active Directory domain. This method is applicable in the following scenarios only:

Table 122: Prerequisites by scenario

Supported scenario

Prerequisites

Scenario 1: AD domain includes either 32- or 64-bit domain controllers
  • All the domain controllers must be held in a single organizational unit (for example, the built-in Domain Controllers OU).
  • At least one group policy object must be linked to the OU holding the domain controllers (for example, the built-in Default Domain Controllers Policy Group Policy object).

Scenario 2: AD domain includes both 32- and 64-bit domain controllers
  • The domain controllers must be held in two separate organizational units, each containing domain controllers of the same bitness.
  • At least one group policy object must be linked to each of the two organizational units.

To install Capture Agent by using Group Policy

  1. Save the SyncServiceCaptureAgent_7.5_x86.msi and SyncServiceCaptureAgent_7.5_x64.msi files to a network share accessible from each domain controller in the source Active Directory domain.
  2. Depending on your scenario, complete the steps in the table:
Table 123: Steps by scenario

Scenario 1: AD domain includes either 32- or 64-bit domain controllers

Scenario 2: AD domain includes both 32- and 64-bit domain controllers
  1. Use Group Policy Editor to open the group policy object linked to the OU holding the domain controllers on which you want to install Capture Agent.
  2. In the Group Policy Object Editor console tree, in Windows Server 2016 or later, expand the Computer Configuration node, then expand Policies, and select Software Settings.
  3. In the details pane, click Software Installation, on the Action menu point to New, and then click Package.
  4. Use the dialog box to open one of the following files:

    SyncServiceCaptureAgent_7.5_x86.msi if all your domain controllers are 32-bit.

    or

    SyncServiceCaptureAgent_7.5_x64.msi if all your domain controllers are 64-bit.

  5. In the Deploy Software dialog box, select Assigned, and then click OK.
  1. Use Group Policy Object Editor to open the group policy object linked to the OU holding the 32-bit domain controllers.
  2. In the Group Policy Object Editor console tree, in Windows Server 2016 or later, expand the Computer Configuration node, then expand Policies, and select Software Settings.
  3. In the details pane, click Software Installation, on the Action menu point to New, then click Package.
  4. Use the dialog box to open the SyncServiceCaptureAgent_7.5_x86.msi file.
  5. In the Deploy Software dialog box, select Assigned, and then click OK.
  6. Repeat steps 1-5 for the group policy object linked to the OU holding the 64-bit domain controllers. Use the SyncServiceCaptureAgent_7.5_x64.msi file to install Capture Agent on these domain controllers.
  1. Run the following command at a command prompt to refresh the Group Policy settings: gpupdate /force

Uninstalling Capture Agent

To uninstall Capture Agent

  1. To open the list of installed programs on the computer where Capture Agent is installed, in Control Panel, open Programs and Features.
  2. In the list of installed programs, select One Identity Active Roles 7.5 - Synchronization Service Capture Agent x64 or One Identity Active Roles 7.5 - Synchronization Service Capture Agent x86.
  3. Click Uninstall to uninstall the agent.
  4. Follow the on-screen instructions to uninstall Capture Agent.

Managing password sync rules

To synchronize passwords from an Active Directory domain to other connected systems, you need to create and configure a password synchronization rule for each target connected system where you want to synchronize passwords.

A password synchronization rule allows you to specify the following:

  • The Active Directory domain you want to be the source for password synchronization operations.
  • The source object type for password synchronization operations (typically, this is the user object type in Active Directory).
  • The target connected system in which you want to synchronize passwords with the source Active Directory domain.
  • The target object type for password synchronization operations.

Optionally, you can configure a password synchronization rule to modify attribute values of the target connected system objects whose passwords are being synchronized.

This section covers:

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택