After , either none or only a manageable number of objects should be marked as outstanding. These can be checked individually and further processed using target system comparison. If a lot of objects are marked as outstanding during synchronization, editing them individually can be too time-consuming. The One Identity Manager provides methods to handle outstanding objects in an automated way. These methods can be called in scripts or processes.
NOTE: If a lot of objects are marked as outstanding during synchronization, this may be due to incorrect data. Before applying the methods, fix the cause of the incorrect data.
Call syntax: <method> ("<table>", "<condition>")
This method requires two parameters:
-
Table
Table containing the outstanding objects to be processed.
-
Condition
Condition that restricts the objects to be processed.
The condition XMarkedForDeletion & 2 = 2 is used to select all outstanding objects of the specified table. You can extend the condition to further restrict objects for processing.
Method: BulkDeleteOutstanding
Deletes the outstanding objects from the One Identity Manager database.
Example of a method call: BulkDeleteOutstanding ("ADSAccount", "XMarkedForDeletion & 2 = 2")
Deletes all outstanding objects of the ADSAccount table in the database.
Method: BulkDeleteOutstandingState
Resets the status of the outstanding objects.
Example of a method call: BulkDeleteOutstandingState ("ADSAccount", "XMarkedForDeletion & 2 = 2")
Resets the status of all outstanding objects of the ADSAccount table.
Method: BulkPublishOutstanding
Publishes the outstanding objects in the target system.
Example of a method call: BulkPublishOutstanding ("ADSAccount", "XMarkedForDeletion & 2 = 2")
Publishes all outstanding objects of the ADSAccount table.
Example of a method call by process
For example, to reset the status of all Active Directory user accounts marked as outstanding in bulk while synchronizing by process call, define a process and use the CallMethod process function in the . Pass the following parameters to the :
Process task: CallMethod
MethodName: Value = "BulkDeleteOutstandingState"
ObjectType: Value = "DPRNameSpace"
WhereClause: Value = "Ident_DPRNameSpace = 'ADS'"
Param1: Value = "ADSAccount"
Param2: Value = "XMarkedForDeletion & 2 = 2"
For more information about creating processes, see the One Identity Manager Configuration Guide.
Related topics
You can generate a report for analyzing problems that arise during , inadequate performance for example. The report contains information such as:
-
Consistency check results
-
settings
-
applied
-
Analysis of the data store
-
Object access times in the One Identity Manager database and in the target system
To generate a synchronization analysis report
-
Select the Help > Generate synchronization analysis report menu item and click Yes in the security prompt.
The report may take a few minutes to generate. It is displayed in a separate window.
-
Print the report or save it in one of the available output formats.
One Identity Manager provides connectors for with the following target systems:
- Directly supported target systems
Separate modules are provided for mapping and processing target system objects. Each target system has its own connector. This includes target systems such as:
- Active Directory
- SharePoint
- SAP R/3
Connectors for directly supported target systems are described in the administration guides for the relevant modules.
- Cloud applications
Using the SCIM connector, Cloud applications can be connected to the Universal Cloud Interface of the One Identity Manager. Cloud objects are transferred to the Universal Cloud Interface over the Cloud Systems Management Module and can be linked there to employees.
For more information, see the following guides:
- One Identity Manager Administration Guide for Connecting to Cloud Applications
- One Identity Manager Administration Guide for Connecting to the Universal Cloud Interface
- CSV files
The can transfer data between CSV files and the One Identity Manager database. In this context, the CSV files map the target system.
For more information, see the One Identity Manager CSV Connector User Guide.
- One Identity Manager databases
Use the One Identity Manager connector to synchronize One Identity Manager databases with the same product version.
For more information, see the One Identity Manager User Guide for the One Identity Manager Connector.
- Target systems that are not directly supported
You can use the Windows PowerShell connector to connect target systems to One Identity Manager that are not directly supported in One Identity Manager. Windows PowerShell cmdlets are used to run read and write operations in the target system.
For more detailed information, see the One Identity Manager Windows PowerShell Connector User Guide.
- Other database systems
With this , you can synchronize external databases with the One Identity Manager database.
For more information, see the following guides:
- One Identity Manager Generic Database Connector User Guide for Connecting DB2 (LUW) Databases
- One Identity Manager Generic Database Connector User Guide for Connecting MySQL Databases
- One Identity Manager Generic Database Connector User Guide for Connecting Oracle Databases
- One Identity Manager Generic Database Connector User Guide for Connecting SQLite Databases
- One Identity Manager Generic Database Connector User Guide for Connecting SQL Server Databases
- One Identity Manager Generic Database Connector User Guide for the CData ADO.NET Provider
- One Identity Manager Generic Database Connector User Guide for the generic ADO.NET Provider
- One Identity Manager Generic Database Connector User Guide for Connecting SAP HANA Databases
- One Identity Manager Generic Database Connector User Guide for Connecting PostgreSQL Databases
Any required changes to system connectors or the engine are made available when you update One Identity Manager. These changes must be applied to existing to prevent that are already set up, from failing. There are two way to do this:
- Apply the required patches to the existing synchronization projects.
Patches for new functions and resolved issues in One Identity Manager are installed by hotfix packages and migration packages. You must apply these patches manually for the changes to take effect in existing synchronization projects. The default configuration of these synchronization projects is update in the process. modifications are not effected by the patches.
This method is recommended if the synchronization projects conform to the default configuration and contain no, or only very little, customization.
Checks are made during daily to find out if there are patches available for the existing synchronization projects. This information is displayed on the 's start page. If there are patches, the icon and the number of patches are displayed next to the synchronization project's name. This display is updated each time a synchronization project is saved.
- Delete existing synchronization projects and create them again.
This method is recommended if your synchronization projects contain extensive customizations that might conflict with the modifications in the patches.
Detailed information about this topic
For more information about setting up synchronization projects, see the administration guides for connecting target systems.