Converse agora com nosso suporte
Chat com o suporte

Active Roles 8.0 LTS - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Configuring data synchronization with the Office 365 Connector
Creating a Microsoft 365 connection Viewing or modifying a Microsoft 365 connection Microsoft 365 data supported for data synchronization
ClientPolicy object attributes supported for Microsoft 365 data synchronization ConferencingPolicy object attributes supported for Microsoft 365 data synchronization Contact object attributes supported for Microsoft 365 data synchronization DistributionGroup object attributes supported for Microsoft 365 data synchronization Domain object attributes supported for Microsoft 365 data synchronization DynamicDistributionGroup object attributes supported for Microsoft 365 data synchronization ExternalAccessPolicy object attributes supported for Microsoft 365 data synchronization HostedVoicemailPolicy object attributes supported for Microsoft 365 data synchronization LicensePlanService object attributes supported for Microsoft 365 data synchronization Mailbox object attributes supported for Microsoft 365 data synchronization MailUser object attributes supported for Microsoft 365 data synchronization PresencePolicy object attributes supported for Microsoft 365 data synchronization SecurityGroup object attributes supported for Microsoft 365 data synchronization SPOSite object attributes supported for Microsoft 365 data synchronization SPOSiteGroup object attributes supported for Microsoft 365 data synchronization SPOWebTemplate object attributes supported for Microsoft 365 data synchronization SPOTenant object attributes supported for Microsoft 365 data synchronization User object attributes supported for Microsoft 365 data synchronization VoicePolicy object attributes supported for Microsoft 365 data synchronization Microsoft 365 Group attributes supported for Microsoft 365 data synchronization Changing the display names of synchronized Microsoft 365 licenses and services
Objects and attributes specific to Microsoft 365 services How the Office 365 Connector works with data
Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Step 5: Provide certificate’s thumbprint to Capture Agent

This step assumes that:

  • The same Group Policy object is linked to each OU holding the domain controllers on which the Capture Agent is installed. For more information on how to create and link a Group policy object, see the documentation for your version of Windows.
  • The SyncServiceCaptureAgent.adm administrative template file is linked to that Group Policy object.

For instructions on how to add an administrative template file to a Group Policy object, see Step 2: Add administrative template to Group Policy object

To provide the thumbprint to Capture Agent

On any computer joined to the domain where Capture Agent is installed, open Group Policy Object Editor, and connect to the Group Policy object to which you added the Administrative Template in Step 2: Add administrative template to Group Policy object.

  1. In the Group Policy Object Editor console, expand the Group Policy object, and then expand the Computer Configuration node.
  2. Expand the Administrative Templates\Active Roles node to select Sync Service Capture Agent Settings.
  3. In the details pane, double-click Certificate to encrypt Capture Agent traffic.
  4. Select the Enabled option, and then paste the certificate’s thumbprint (the one you copied in Step 4: Copy certificate’s thumbprint) in the Thumbprint text box. When finished, click OK.
  5. For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt: gpupdate /force

Step 6: Provide certificate’s thumbprint to Synchronization Service

Step 6: Provide certificate’s thumbprint to Synchronization Service

Perform the next steps on each computer running the Synchronization Service that participates in the password sync operations.

To provide the thumbprint to Synchronization Service

  1. On the computer running the Synchronization Service, start Group Policy Object Editor, and then connect to the Local Computer Policy Group Policy object.
  2. In the Group Policy Object Editor console, expand the Local Computer Policy node, expand the Computer Configuration node, and select Administrative Templates.
  3. On the Action menu, point to All Tasks, and click Add/Remove Templates.
  4. In the Add/Remove Templates dialog box, click Add, and then use the Policy Templates dialog box to open the SyncService.adm file that holds the Administrative Template.
  5. By default, the SyncService.adm file is stored in <Active Roles installation folder>\SyncServiceCaptureAgent\Administrative Templates.
  6. Under Computer Configuration\Administrative Templates\Active Roles, select Sync Service Settings.
  7. In the details pane, double-click Certificate to encrypt Capture Agent traffic.
  8. Select the Enabled option, and then paste the certificate’s thumbprint (the one you copied in Step 4: Copy certificate’s thumbprint) in the Thumbprint text box. When finished, click OK.
  9. For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt: gpupdate /force

Using PowerShell scripts with password synchronization

Optionally, you can configure the Synchronization Service to run your custom PowerShell script before, after, or instead of the password synchronization operation. To do so, create a connection handler. For instructions, see Using connection handlers.

Example of a PowerShell script run after password synchronization

#---- Specify the SMTP Server name in your organization ----
$SmtpServer = "smtpServerName"
$smtp = new-object system.net.mail.smtpClient($SmtpServer)
$mail = new-object System.Net.Mail.MailMessage
# ---- Set the sender mail ----
$mail.From = "yourmail@mydomain.com"
# ---- Set the destination mail ----
$mail.To.Add("Administrator@mydomain.com")
# --- Specify the message subject ----
$mail.Subject = "Password was changed"
# ---- Set the message text ----
$body = "The passwords were synchronized for the following object pair: "
$body = $body + $srcObj.Name + "->" + $dstObj.Name
$mail.Body = $body
# ---- Send mail ----
$smtp.Send($mail)

Description: After the password synchronization is complete, this script sends a notification email message informing the administrator that the specified object password has been modified in the target connected system. The message provides the names of the source Active Directory object and its counterpart in the target connected system.

 

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação