지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.2 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Configuring the synchronization log Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences Copying synchronization projects
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Synchronization Editor Module for Windows PowerShell

Once you have created a configuration file and have customizedClosed it accordingly, you can generate new synchronization projectsClosed or update existing synchronization projects with the Synchronization Editor Module for Windows PowerShellClosed. You can also opt to use the Synchronization Editor Command Line InterfaceClosed to do this. For more information, see Synchronization Editor Command Line Interface.

To create synchronization projects with the Synchronization Editor ModuleClosed for Windows PowerShell

  1. Start Windows PowerShell.

  2. Switch to the One Identity Manager installation directory.

  3. Load the Synchronization Editor Module for Windows PowerShell.

    Import-Module .\VI.Projector.Editor.PowerShell.dll

  4. Run the New-ProjectorShell CmdLet and set the value for the parameter.

    New-ProjectorShell -Workspace <configuration file> {option} {parameter}

    Example: New-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="Synchronization Project for Active Directory Domain XYZ"}

    NOTE: Mandatory parameter are queried one at a time if you run the CmdLet without additional input.

  5. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.
  6. (Optional) Run the New-ProjectorShell CmdLet with the -Remote option.

    This establishes a remote connection.

    Example: New-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -Remote

  7. If no error occur, run steps 3 and 4 with the -SaveToDatabase option.

    If the synchronization project was created with a project templateClosed, the schemas are shrunk when saved.

To update synchronization projects with the Synchronization Editor Module for Windows PowerShell

  1. Start Windows PowerShell.

  2. Switch to the One Identity Manager installation directory.

  3. Load the Synchronization Editor Module for Windows PowerShell.

    Import-Module .\VI.Projector.Editor.PowerShell.dll

  4. Run the Update-ProjectorShell CmdLet and set the value for the parameter.

    Update-ProjectorShell -Workspace <configuration_file> {option} {parameters}

    Example: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9";Patches="AllFixes,Milestone_OneIM_8.0.2017.1104,VPR#12345,VPR#23456,VPR#34567"}

    NOTE: Mandatory parameter are queried one at a time if you run the CmdLet without additional input.

    • If the target system is accessed when the patch is applied and the connection parameters in the default variable set contain encrypted values, you will be prompted to enter the decrypted values. The names of the required parameters are displayed.

      TIP: Use these parameter names to add a parameter in the configuration file for each encrypted connection parameter. This allows values for the encrypted connection parameters to be passed to the CmdLet when it is called.

      The parameter names must conform to the following naming convention: Decryption_DefaultVariableSet_<variable name>.

      Example of a parameter definition: <Parameter Name="Decryption_DefaultVariableSet_Password" Display="Password of target system user" IsQueryParameter="False"</Parameter>

      Example of a command line call: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -WorkspaceParameter @{SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9";Patches="AllFixes";Decryption_DefaultVariableSet_Password="A123-z987"}

  5. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.
  6. (Optional) Run the Update-ProjectorShell CmdLet with the -Remote option.

    This establishes a remote connection.

    Example: Update-ProjectorShell -Workspace D:\ActiveDirectoryProject.sews -Remote

  7. If no error occur, run steps 3 and 4 with the -SaveToDatabase option.

    If the synchronization project was created with a project template, the schemas are shrunk when saved.

Table 90: Synchronization Editor Module for Windows PowerShell CmdLets

CmdLet

Description

New-ProjectorShell

Creates a new synchronization project using the data from the defined workspace.

Update-ProjectorShell

Applies patches to an existing synchronization project.

Table 91: Options

Option

Description

-?

Displays help.

-Workspace

Full or relative path of the configuration file.

-SaveToDatabase

Saves the new synchronization project in the database. If this option is not given, creating the synchronization project is simulated.

-WorkspaceParameter

Sets the value of the parameter defined in the configuration file. Overwrites default values.

Format: @{Parameter name="value"}

Multiple parameters are separated with semicolons: -WorkspaceParameter @{ParamName1="Value1";ParamName2="Value2"}

-Remote

Establishes the connection to the target system over a remote service connection.

Use a remote connection if it is not possible to directly access the target system from the workstation where the Synchronization Editor is installed.

Maintaining the data store

You set the maintenanceClosed mode in the start up configuration. Depending on the mode, maintenance of the data store is done after each synchronizationClosed whereby One IdentityClosed Manager attempts to clean up unresolved references. The contents of the data store can also be displayed in the Synchronization EditorClosed and you can start maintenance manually. In this case, you decide if you want to run maintenance directly on the workstation that the Synchronization Editor was started on, or if it should be run by the One Identity Manager ServiceClosed.

If the One Identity Manager connection is in expert mode, you also see the Data store view.

To display the contents of the data store

  1. Select the Configuration > One Identity Manager connection category.

  2. Open the Data store view.

    In the overview pane you can see the data store contents.

To start maintenance manually

  1. In the Data store view, click Perform maintenance.

  2. To allow maintenance to be run by the One Identity Manager Service, click Yes.

    - OR -

    To run maintenance on the current workstation, click No.

Related topics

Disabling the synchronization buffer

In synchronization projectsClosed created using a standard project templateClosed, the synchronization buffer is enabled by default. The synchronization buffer can be disabled for schema properties in the One IdentityClosed Manager schema that map members of many-to-many schema types or key resolutions.

The synchronization buffer can become very large if thousands of unresolvable references are read in by partial synchronizations. This can affect the synchronization performance. In such cases, it can be helpful to disable the synchronization buffer.

Disable the synchronization buffer if the following is true:

  • The number of objects in the synchronization buffer is very large and causes problems

  • Merge mode is enabled for the members of M:N schema types during provisioning

  • These memberships are never transferred to the target system by full synchronization

IMPORTANT: If the synchronization buffer is disabled, references that are missing in One Identity Manager will be deleted in the target system when synchronizing into the target system or during provisioning. Therefore, check carefully whether the synchronization buffer can be disabled.

To disable the synchronization buffer

  1. In the Synchronization EditorClosed, open the synchronization project.

  2. Select the Mappings.

  3. In the navigation view, select a mapping.

  4. In the One Identity Manager schema view, double-click on the schema property that maps an object reference.

  5. Disable the Save unresolvable keys option.
  6. Click OK.
  7. Save the changes.
Related topics

Pausing handling of target system specific processes

Sometimes a target system is not available. For example, during maintenanceClosed. If synchronizationsClosed are started or data is changed in One IdentityClosed Manager during this time, synchronization and provisioning tasks are queued in the Job queueClosed. As long as the target system is down, these processes are sent into a FROZEN state and must be verified and re-enabled once the target system is available again.

One Identity Manager allows you to temporarily label the target system connection as offline. During this offline phase, synchronization is not run and provisioning tasks are put on hold. The respective synchronization serverClosed pauses Job queue processing. Once the target system is available again, the system connection must be switched to online. This starts Job queue processing again and all pending processes are run in sequence.

IMPORTANT: To prevent data inconsistencies, the offline phase should be kept as short as possible.

The number of processes to handle depends on the extent of the changes in the One Identity Manager database and their effect on the target system during the offline phase. To establish data consistency between the One Identity Manager database and the target system, all pending processes must be handled before synchronization can start.

Only use offline mode, if possible, for short system downtimes such as maintenance windows.

Detailed information about this topic
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택