Converse agora com nosso suporte

Obtenha ajuda em tempo real
Concluir registro

Entrar

Solicitar preços

Entre em contato com o setor de vendas

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Navegação de conteúdo

Synchronization Service Overview

About Synchronization Service Features and benefits

Bidirectional synchronization Delta processing mode Synchronization of group membership Windows PowerShell scripting Attribute synchronization rules Rule-based generation of distinguished names Scheduling capabilities Extensibility Azure Backsync Configuration

Technical overview

Synchronization Service Capture Agent Connectors and connected data systems Synchronization workflows and steps

Deploying Synchronization Service

Deployment steps

Step 1: Install Synhronization Service Step 2: Configure Synchronization Service Step 3: Configure Azure Backsync

Configuring automatic Azure BackSync Configuring manual Azure BackSync Settings updated after Azure backsync configuration operation Finding the GUID (Tenant ID) of an Azure AD for Azure BackSync

Upgrade from Quick Connect

Limitations Upgrade steps

Communication ports

Getting started

Synhronization Service Administration Console

Sync Workflows tab Sync History tab Connections tab Mapping tab Password Sync tab Configuring diagnostic logging

Steps to synchronize identity data Management Shell

Cmdlet naming conventions Getting help

Connections to external data systems

External data systems supported with built-in connectors

Working with Active Directory

Creating an Active Directory connection Modifying an existing Active Directory connection Communication ports required to synchronize data between two AD domains Synchronizing user passwords between two AD domains Synchronizing SID history of users or groups

Working with an AD LDS (ADAM) instance

Creating an AD LDS (ADAM) instance connection Modifying an existing AD LDS (ADAM) instance connection

Working with Skype for Business Server

Creating a new Skype for Business Server connection Modifying an existing Skype for Business Server connection Skype for Business Server data supported out of the box

User object attributes ArchivingPolicy object attributes ClientPolicy object attributes ClientVersionPolicy object attributes ConferencingPolicy object attributes DialPlanPolicy object attributes ExternalAccessPolicy object attributes LocationPolicy object attributes MobilityPolicy object attributes PersistentChatPolicy object attributes PinPolicy object attributes VoicePolicy object attributes LyncSettings object attributes

Attributes required to create a Skype for Business Server user Getting or setting the Telephony option value in Skype for Business Server

Working with Oracle

Working with Oracle Database

Creating an Oracle Database connection Modifying an existing Oracle Database connection Specify connection settings Advanced Specify attributes to identify objects Sample SQL queries

Sample SQL query 1 Sample SQLl query 2

Working with Oracle Database user accounts

Creating an Oracle Database user accounts connection Modifying an existing Oracle Database user account connection Specify connection settings Advanced Sample SQL queries

Sample SQL query 1 Sample SQL query 2

Working with Exchange Server

Creating a new connection to Exchange Server Modifying an existing connection to Exchange Server Exchange Server data supported out of the box

ActiveSyncMailboxPolicy object attributes AddressBookPolicy object attributes AddressList object attributes DistributionGroup object attributes DynamicDistributionGroup object attributes ExchangeServer object attributes GlobalAddressList object attributes Mailbox object attributes MailContact object attributes MailboxDatabase object attributes MailUser object attributes OfflineAddressBook object attributes OrganizationConfig object attributes OwaMailboxPolicy object attributes PublicFolder object attributes PublicFolderDatabase object attributes RoleAssignmentPolicy object attributes StorageGroup object attributes UmDialPlan object attributes UmMailboxPolicy object attributes

Scenario: Migrate mailboxes from one Exchange Server to another

Step 1: Configure a connection to Exchange Server Step 2: Create a new sync workflow Step 3: Configure a step to update MoveMailboxTo attribute value Step 4: Run your sync workflow

Working with Active Roles

Creating an Active Roles connection Modifying an Active Roles connection

Working with One Identity Manager

Creating a One Identity Manager connection Modifying a One Identity Manager connection One Identity Manager Connector configuration file

Working with a delimited text file

Creating a delimited text file connection Modifying an existing delimited text file connection

Specify connection settings Specify delimited text file format Schema Specify attributes to identify objects

Working with Microsoft SQL Server

Creating a Microsoft SQL Server connection Modifying an existing Microsoft SQL Server connection

Specify connection settings Specify how to select and modify data Advanced Specify attributes to identify objects

Sample queries to modify SQL Server data

How to insert an object into a table How to create a SQL Server account

Working with Micro Focus NetIQ Directory

Creating a Micro Focus NetIQ Directory connection Modifying an existing Micro Focus NetIQ Directory connection Specify connection settings Specify naming attributes

Working with Salesforce

Creating a Salesforce connection Modifying an existing Salesforce connection Salesforce data supported out of the box

User object additional attributes Group object additional attributes

Scenario: Provisioning users from an Active Directory domain to Salesforce

Step 1: Configure a connection to source Active Directory domain Step 2: Configure a connection to Salesforce Step 3: Create a new synchronization workflow Step 4: Configure a workflow step Step 5: Run your workflow

Working with ServiceNow

Creating a ServiceNow connection

Step 1: Configure ServiceNow Step 2: Create a new connection to ServiceNow

Modifying an existing ServiceNow connection ServiceNow data supported out of the box

Working with Oracle Unified Directory

Creating an Oracle Unified Directory connection Modifying an existing Oracle Unified Directory Server connection

Specify connection settings

Specify naming attributes

Working with an LDAP directory service

Creating an LDAP directory service connection Modifying an existing Generic LDAP directory service connection

Specify connection settings Specify directory partitions Specify naming attributes Specify attributes to identify objects

Specify password sync parameters for LDAP directory service

Working with IBM DB2

Creating an IBM DB2 connection Modifying an existing IBM DB2 connection

Specify connection settings Specify how to select and modify data Advanced Specify attributes to identify objects

Working with IBM AS/400

Creating an IBM AS/400 connection Modifying an existing IBM AS/400 connection Specify connection settings Additional considerations

Working with an OpenLDAP directory service

Creating an OpenLDAP directory service connection Modifying an existing OpenLDAP directory service connection

Specify connection settings Specify naming attributes

Working with IBM RACF connector

Creating a IBM RACF connection Modifying a IBM RACF connection Example of Mapping for Dataset Information Create SQL Database and Table Provisioning Datasets Updating datasets Deprovisioning datasets Running TSO command

Working with TSO command

Working with MySQL database

Creating a MySQL database connection Modifying an existing MySQL database connection

Specify connection settings Specify how to select and modify data Advanced Specify attributes to identify objects

Working with an OLE DB-compliant relational database

Creating an OLE DB-compliant relational database connection Modifying an existing OLE DB-compliant data source connection

Specify connection settings Specify how to select data Advanced Specify attributes to identify objects

Working with SharePoint

Creating a SharePoint connection SharePoint data supported out of the box

AlternateURL object attributes ClaimProvider object attributes Farm object attributes Group object attributes Language object attributes Policy object attributes PolicyRole object attributes Prefix object attributes RoleAssignment object attributes RoleDefinition object attributes Site object attributes User object attributes Web object attributes WebApplication object attributes WebTemplate object attributes

Considerations for creating objects in SharePoint

Configuring data synchronization with the Office 365 Connector

Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization

ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services

Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data

Configuring data synchronization with the Microsoft Azure AD Connector

Configuring a Microsoft Azure AD connection

Configuring the Microsoft Azure AD Connector as an Azure application for data synchronization Creating a connection with the Microsoft Azure AD Connector

Viewing or modifying a Microsoft Azure AD connection Microsoft Azure AD object types supported for data synchronization

Microsoft Azure AD user attributes supported for data synchronization Microsoft Azure AD group attributes supported for data synchronization

Configuring data synchronization with the SCIM Connector

Creating a SCIM connection Modifying a SCIM connection Additional authentication parameters Supported objects and operations

Configuring data synchronization with the Generic SCIM Connector

Configuring the Generic SCIM Connector for Starling Connect connections Viewing or modifying the settings of a Generic SCIM Connector connection

Using connectors installed remotely

Steps to install Synchronization Service and built-in connectors remotely Creating a connection using a remotely installed connector

Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection

Synchronizing identity data

Getting started with identity data synchronization Managing sync workflows

Creating a sync workflow Running a sync workflow

Running a sync workflow manually Running a sync workflow on a recurring schedule Disabling a sync workflow run schedule

Renaming a sync workflow Deleting a sync workflow

Managing sync workflow steps

Adding a creating step Creating an updating step Creating a deprovisioning step Modifying a step

General Options tab Source tab Target tab Creation Rules tab Deprovisioning Rules tab Updating Rules Tab Step Handlers tab

Deleting a step Changing the order of steps in a sync workflow Generating object names by using rules Modifying attribute values by using rules

Configuring a forward sync rule

Source item Target item

Configuring a reverse sync rule

Source item Target item

Configuring a merge sync rule

Using value generation rules

Configuring a rule entry

Using sync workflow step handlers Example: Synchronizing group memberships Example: Synchronizing multivalued attributes Using sync workflow alerts

Creating or editing a sync workflow alert Deleting a sync workflow alert Managing outgoing mail profiles

Outgoing mail profile settings

Mapping objects

About mapping objects Steps to map objects

Step 1: Create mapping pairs Step 2: Create mapping rules Step 3 (optional): Change scope for mapping rules Step 4: Run map operation

Steps to unmap objects

Automated password synchronization

About automated password synchronization Steps to automate password synchronization Managing Capture Agent

Installing Capture Agent manually Using Group Policy to install Capture Agent Uninstalling Capture Agent

Managing password sync rules

Creating a password sync rule Deleting a password sync rule Modifying settings of a password sync rule

Fine-tuning automated password synchronization

Configuring Capture Agent

Step 1: Create and link a Group Policy object Step 2: Add administrative template to Group Policy object Step 3: Use Group Policy object to modify Capture Agent settings

Configuring Active Roles Synchronization Service Specifying a custom certificate for encrypting password sync traffic

Step 1: Obtain and install a certificate Step 2: Export custom certificate to a file Step 3: Import certificate into certificates store Step 4: Copy certificate’s thumbprint Step 5: Provide certificate’s thumbprint to Capture Agent Step 6: Provide certificate’s thumbprint to Synchronization Service

Using PowerShell scripts with password synchronization

Example of a PowerShell script run after password synchronization

Synchronization history

About synchronization history Viewing sync workflow history Viewing mapping history Searching synchronization history Cleaning up synchronization history

Scenarios of use

About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain

Step 1: Create a sync workflow Step 2: Add a creating step Step 3: Run the configured creating step Step 4: Commit changes to Active Directory

Scenario 2: Use a .csv file to update user accounts in an Active Directory domain

Step 1: Create an updating step Step 2: Run the created updating step Step 3: Commit changes to Active Directory

Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain

Step 1: Create connection to One Identity Manager Step 2: Configure One Identity Manager modules, Custom Target System and Container Information Step 3: Create Workflow for Provisioning Step 4: Create Provisioning Step 5: Specify the synchronization rules Step 6: Execute Workflow Step 7: Commit changes to One Identity Manager Step 8: Verify on One Identity Manager

Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization

Creating object mapping between a SCIM connection and an SQL connection Creating a synchronization workflow for synchronizing data from a SCIM-based Starling Connect connector Synchronizing complex multi-value objects from a SCIM source system

Appendix A: Developing PowerShell scripts for attribute synchronization rules

Accessing source and target objects using built-in hash tables

Appendix B: Using a PowerShell script to transform passwords

Accessing source object password

Appendix B: Using a PowerShell script to transform passwords

Appendix B: Using a PowerShell script to
transform passwords

You can use a Windows PowerShell script in a password sync rule to transform passwords. This section provides some reference materials on how to write a Windows PowerShell script for password transformation.

Accessing source object password

To synchronize passwords between the source Active Directory domain and the target connected data system, Synchronization Service uses the password sync rules you configure. In a password rule settings, you can type a PowerShell script that transforms source Active Directory user passwords into object passwords for the target connected system. For example, you can use such a script if you want the object passwords in the source and target connected systems to be different.

When developing a PowerShell script to transform passwords, you can employ the $srcPwd built-in associative array (hash table) that allows the scripts to access the source object password. The $srcPwd returns a string that contains the object password.

Example script

To clarify the use of $srcPwd, consider a scenario where the target object password in the target connected data system must include only 8 first characters of the source object password in the source Active Directory domain.

The following scripts implements the described scenario:

if($srcPwd.length -gt 8)

{

$srcPwd.substring(0,8)

}

else

{

$srcPwd

}

# End of the script

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center