Allows you to manage password sync rules to automate password synchronization from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.
On the Password Sync tab, you can use the following elements (some of these elements become available only after you create at least one password sync rule):
- Add password sync rule. Allows you to create a rule for synchronizing passwords from an Active Directory domain to another connected system.
- Password sync settings. Allows you to specify how many times you want to retry the password synchronization operation in the event of a failure. Also allows you to type a Windows PowerShell script to generate passwords for the target connected system. For more information, see Appendix B: Using a PowerShell script to transform passwords.
- Delete rule. Deletes the password sync rule on which you click this link.
In the Synchronization Service Administration Console, you can configure a number of settings to write the Synchronization Service diagnostic data to a separate log file or to the Windows Event Log.
To configure diagnostic logging
- In the upper right corner of the Synchronization Service Administration Console, select
Settings | Diagnostic Logging.
- In the dialog box that opens, use the following options:
Table 3: Diagnostic logging options
Windows Event Log level
Drag the slider to select one of the following options to write Synchronization Service data to the Windows Event Log:
- Error, Warning, and Information. Records errors, warnings, and information events generated by Synchronization Service to the Windows Event Log.
- Error and Warning. Records error and warning events generated by Synchronization Service to the Windows Event Log.
- Error. Records error events generated by Synchronization Service to the Windows Event Log.
- Off. Disables writing Synchronization Service data to the Windows Event Log.
Synchronization Service log level
Drag the slider to select one of the following logging levels for the Synchronization Service log:
- All Possible Events. Writes detailed diagnostic data to the Synchronization Service log file.
- Important Events. Writes only essential events to the Synchronization Service log file.
- Off. Disables writing data to the Synchronization Service log file.
- When you are finished, click OK to apply your settings.
On a very high level, you need to complete the following steps to synchronize identity data between two external data systems:
- Connect the Synchronization Service to the data systems between which you want to synchronize identity data.
For more information, see Connections to external data systems.
- Configure synchronization scope for the connected data systems.
For more information, see Modifying synchronization scope for a connection.
- Create a sync workflow.
For more information, see Creating a sync workflow.
- Create one or more steps in the sync workflow, and, if necessary, define synchronization rules for these steps.
For more information, see Managing sync workflow steps.
- Run the sync workflow you have created.
For more information, see Running a sync workflow.
You can also use the Synchronization Service to automatically synchronize passwords from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.
Management Shell is implemented as a Windows PowerShell module, providing an extension to the Windows PowerShell environment. The commands provided by Management Shell conform to the Windows PowerShell standards, and are fully compatible with the default command-line tools that come with Windows PowerShell.
You can open Management Shell by using either of the following procedures. Each procedure loads the Management Shell module into Windows PowerShell. If you do not load the Management Shell module before you run a command (cmdlet) provided by that module, you will receive an error.
To open Management Shell
Alternatively to start the Active Roles Synchronization Management Shell, depending upon the version of your Windows operating system, click Active Roles 7.5 Synchronization Service Management Shell on the Apps page or select All Programs | One Identity Active Roles 7.5 | Active Roles 7.5 Synchronization Service Management Shell from the Start menu.
Upon the shell start, the console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the console requires you to enable trust for the certificate issuer before the file can be run. Press either R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).