Active Roles Sync Service 8.2

Active Roles Sync Service 8.2 - Release Notes

System requirements

Active Roles Synchronization Service 8.2 > System requirements

Before installing Active Roles Synchronization Service 8.2, ensure that your system meets the following minimum hardware and software requirements.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. For more information about environment virtualization, see One Identity's Product Support Policies.

Hardware requirements

Table 2: Hardware requirements
Requirement	Details
Processor NOTE: The number of cores required depends on the size of the environment and the total number of managed objects.	Any of the following: Intel 64 (EM64T) AMD64 Minimum 2 cores CPU speed: 2.0 GHz or faster NOTE: For Active Roles Synchronization Service, One Identity recommends using a multi-core CPU for the best performance.
Memory NOTE: The amount of RAM required depends on the size of the environment and the total number of managed objects.	A minimum of 2 GB of RAM.
Hard disk space	A minimum of 250 MB of free disk space. NOTE: If SQL Server and Synchronization Service are installed on the same computer, the amount required depends on the size of the Synchronization Service database.
Operating system	You can install Active Roles Synchronization Service on a computer running: Microsoft Windows Server 2022 Microsoft Windows Server 2019 Microsoft Windows Server 2016 Active Roles Synchronization Service supports the Standard or Datacenter edition of these operating systems.

Software requirements

CAUTION: To avoid inconsistent behavior in Active Roles Synchronization Service when managing Azure Active Directory resources, you must enable Transport Layer Security (TLS) protocol version 1.2. For more information, see TLS 1.2 enforcement for Azure AD Connect in the Microsoft Azure documentation.

To synchronize Azure Active Directory resources, you must install the following PowerShell modules (and optionally, the following certificate).

TIP: To run the PowerShell commands of the following modules, use the 64-bit version of Windows PowerShell.

Table 3: Synchronization Service PowerShell and certificate requirements
Requirement	Version	Details
NuGet package provider	Minimum: 2.8.5.201 Maximum: 3.0.0.1	You must install the NuGet package provider on the computer running Active Roles Synchronization Service. To install the package provider, run the following command: Install-Module -Name NuGet -MaximumVersion 3.0.0.1 -AllowClobber -SkipPublisherCheck -Force For more information, see Install-PackageProvider in the Microsoft Package Management documentation.
Exchange Online PowerShell V3 module	Minimum: 3.0.0 Maximum: 3.5.0	You must install the the Exchange Online PowerShell V3 module on the computer running Active Roles Synchronization Service. To install the module, run the following command: Install-Module -Name ExchangeOnlineManagement -MaximumVersion 3.5.0 -AllowClobber -SkipPublisherCheck -Force For more information, see About the Exchange Online PowerShell module in the Microsoft Exchange PowerShell documentation.
Az.Accounts PowerShell module	Minimum: 2.15.1 Maximum: 2.16.0	You must install the Az.Accounts PowerShell module on the computer running Active Roles Synchronization Service. To install the module, run the following command: Install-Module -Name Az.Accounts -MaximumVersion 2.16.0 -AllowClobber -SkipPublisherCheck -Force For more information, see Az.Accounts in the Microsoft PowerShell Gallery.
Microsoft Edge WebView2 Runtime	N/A	If no web browser is installed on the machine where you want to install and use Active Roles Synchronization Service, download the Microsoft Edge Webview 2 Runtime installer with the following PowerShell command: Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$([System.IO.Path]::Combine([System.Environment]::GetFolderPath('UserProfile'), 'Downloads', 'MicrosoftEdgeWebView2Setup.exe'))" After the download is finished, locate the installer in your Downloads folder and run it.
(Optional) One Identity certificate	N/A	If your organization enforces the AllSigned policy, you must install the One Identity certificate during the installation of Active Roles Synchronization Service.

Active Roles Synchronization Service has the following main software requirements and supports the following connections.

Table 4: Synchronization Service requirements
Requirement	Details
Operating system on domain controllers	The product retains all of its features and functions when managing Active Directory on domain controllers running any of these operating systems, any edition, with or without any Service Packs: Microsoft Windows Server 2022 Microsoft Windows Server 2019 Microsoft Windows Server 2016 NOTE: The supported domain functional level is Windows Server 2008 R2 or higher.
SQL Server	You can host the Active Roles Synchronization Service database on: Microsoft SQL Server 2022, any edition. Microsoft SQL Server 2019, any edition. Microsoft SQL Server 2017, any edition. Microsoft SQL Server 2016, any edition. Microsoft SQL Server 2014, any edition, 32-bit (x86) or 64-bit (x64), with or without any Service Pack. Azure SQL hosted databases.
Windows Management Framework	Windows Management Framework 5.1 (available for download) is required on all supported operating systems.
Supported connections	Active Roles Synchronization Service can connect to the following data systems: Data sources accessible via an OLE DB provider. NOTE: To create a connection to an OLE DB-compliant relational database, the OLE DB Connector requires any version of Microsoft OLE DB Driver for SQL Server that is supported by Microsoft to be installed on the machine running Active Roles Synchronization Service. The Active Roles Synchronization Service installer is shipped with and automatically installs Microsoft OLE DB Driver 19.x for SQL Server. Delimited text files. IBM AS/400, IBM Db2, and IBM RACF systems. LDAP directory service. Micro Focus NetIQ Directory systems. The following Microsoft services and resources: Active Directory Domain Services (AD DS) with the domain or forest functional level of Windows Server 2016 or higher. Active Directory Lightweight Directory Services (AD LDS) running on any Windows Server operating system supported by Microsoft. Azure Active Directory (Azure AD) using Microsoft Graph API version 1.0. Exchange Online services. Exchange Server with the following versions: Microsoft Exchange Server 2019 Microsoft Exchange Server 2016 Lync Server version 2013 with limited support. SharePoint 2019, 2016, or 2013. SharePoint Online service. Skype for Business 2019, 2016 or 2015. Skype for Business Online service. SQL Server, any version supported by Microsoft. One Identity Active Roles Synchronization Service version 7.4.3, 7.4.1, 7.3, 7.2, 7.1, 7.0, and 6.9. One Identity Manager version 8.0 and 7.0 (D1IM 7.0). OpenLDAP directory service. Oracle Database, Oracle Database User Accounts, and Oracle Unified Directory data systems. MySQL databases. Salesforce systems. SCIM-based data systems. ServiceNow systems.
Internet connection	To connect to cloud directories or online services, the machine running Active Roles Synchronization Service must have a stable Internet connection.

In addition, Active Roles Synchronization Service also requires the following components to be installed:

Microsoft .NET Framework 4.8. For more information, see Installing .NET Framework for developers in the Microsoft .NET documentation.
Visual C++ 2017 Redistributable.

The optional Active Roles Synchronization Service Capture Agent has the following requirements.

Table 5: Synchronization Service Capture Agent requirements
Requirement	Details
Operating system	The DCs on which you install Active Roles Synchronization Service Capture Agent must run one of the following operating systems with or without any Service Pack: Microsoft Windows Server 2022 Microsoft Windows Server 2019 Microsoft Windows Server 2016 For more information, see the Active Roles Synchronization Service Administration Guide.

Deployment requirements on AWS

Active Roles Synchronization Service 8.2 > System requirements > Deployment requirements on AWS

Before deploying Active Roles Synchronization Service 8.2 in Amazon Web Services (AWS) to manage AWS Managed Microsoft AD via AWS Directory Service, ensure that the following prerequisites are met.

Connectivity requirements

You must have:

Stable network connectivity to Amazon Web Services (AWS).
Port 1433 open and available for the Amazon Relational Database Service (RDS) service.
Access to the AWS service with the AWSAdministratorAccess permission.

NOTE: Make sure that you have AWSAdministratorAccess permission, as it is required for certain configuration steps. The AWSPowerUserAccess permission is not sufficient for completing the entire configuration procedure.

Infrastructure requirements

To deploy and configure Active Roles Synchronization Service for AWS Managed Microsoft AD, you must have access to the following AWS services and resources:

AWS Managed Microsoft AD deployed via AWS Directory Service.
One or more Amazon Elastic Compute Cloud (EC2) instance(s) hosting the Active Roles Synchronization Service services and components.

The EC2 instance(s) must have, at minimum:
- 2 vCPUs running at 2.0 GHz.
- 4 GB of RAM.
NOTE: AWS Managed Microsoft AD support was tested with a single t2.large EC2 instance.
An Amazon Relational Database Service for SQL Server (RDS for SQL Server).

NOTE: AWS Managed Microsoft AD support was tested with an RDS instance running the latest version of Microsoft SQL Server.

Make sure that all these components are discoverable or visible to each other.

Product licensing

Active Roles Synchronization Service 8.2 > Product licensing

Use of this software is governed by the Software Transaction Agreement found at https://www.oneidentity.com/legal/sta.aspx. This software does not require an activation or license key to operate.

Upgrade and installation instructions

Active Roles Synchronization Service 8.2 > Upgrade and installation instructions

This section contains information about the upgrade and installation changes affecting Active Roles Synchronization Service 8.2.

NOTE: You must run the Active Roles Synchronization Service installer with administrator privileges.

Importing sync workflows from earlier product versions

If you have sync workflows configured and run by Quick Connect (the predecessor of Synchronization Service), or earlier versions of Active Roles Synchronization Service, then you can transfer those sync workflows to the current version of Active Roles Synchronization Service.

You can transfer sync workflows from the following Quick Connect or Active Roles Synchronization Service versions:

Quick Connect for Active Directory 6.1
Quick Connect for AS400 1.4
Quick Connect for Base Systems 2.4
Quick Connect for Cloud Services 3.7
Quick Connect for RACF 1.3
Quick Connect Sync Engine 5.5 and 6.1
Synchronization Service 7.5 and later

For more information, see Transferring sync workflows from Quick Connect in the Active Roles Synchronization Service Administration Guide.

Forcing the supported authentication method

After installing a supported version of the Az.Accounts PowerShell module, to prevent the module from using a non-supported authentication method later, run the following command in Windows PowerShell:

Update-AzConfig -EnableLoginByWam $false

Running this command ensures that the module uses an authentication method supported by Active Roles Synchronization Service, even if the Az.Accounts module is updated later to a newer version (for example, because of upgrading another PowerShell module) that uses a newer, unsupported authentication method by default.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem