Chat now with support
Chat with Support

Active Roles 7.2.1 - Synchronization Service Administrator Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Exchange Server Working with Active Roles Working with Quest One Identity Manager Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Sample queries to modify SQL Server data Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Step 4: Run map operation

Mapping objects > Steps to map objects > Step 4: Run map operation

Once you have created mapping rules for a mapping pair, you need to run the map operation in order to apply these rules and map objects that belong to the mapping pair. There are two methods to run the map operation: you can manually run the map operation once or you can create a recurring schedule to automatically run the map operation on a regular basis.

The latter method is recommended when you want to use Synchronization Service to synchronize passwords from an Active Directory domain to other connected systems.

Running mapping rules on a recurring schedule allows you to properly map newly-created Active Directory user objects to their counterparts in the connected systems where you automatically synchronize passwords with the Active Directory domain. If you do not run mapping rules on a regular basis, some passwords may become out of sync because of the changes that inevitably occur to your environment.

For example, new user objects are created, some user objects are deleted, but Synchronization Service cannot detect these changes and synchronize passwords for the newly-created users before you apply the mapping rules. In this scenario, the best way to ensure Synchronization Service synchronizes all passwords is to apply your mapping rules on a regular basis. You can accomplish this task by creating a recurring schedule for applying your mapping rules.

To run the map operation once

  1. In the Synchronization Service Administration Console, open the Mapping tab.
  2. Click the name of the connection for which you want to run the map operation.
  3. Click the mapping pair for which you want to run the map operation.
  4. Click Map now.
  5. In the dialog box that opens, click one of the following:
    • Full Map. With this option, Synchronization Service retrieves the data required to map objects from the connected data systems.
    • Quick Map. With this option, Synchronization Service first tries to map objects by using the data that is available in the local cache. If the local cache is missing or cannot be used to map objects, then Synchronization Service retrieves the required data from the connected data systems.

    Wait for the map operation to complete.

    After the map operation completes, the Synchronization Service Administration Console displays a report that provides information about the objects that participated in the map operation. At this stage, the application does not map the objects. To map the objects, you need to commit the map operation result.

    You can click the number that is provided next to an object category name in the report to view the details of objects that belong to that category.

  1. Review the report about the objects that participated in the map operation, and then click Commit to map the objects.

To automatically run the map operation on a recurring schedule

  1. In the Synchronization Service Administration Console, open the Mapping tab.
  2. Click the name of the connection for which you want to create a recurring mapping schedule.
  3. Click the mapping pair for which you want to run the map operation on a recurring schedule.
  4. Click Schedule mapping.
  5. In the dialog box that opens, select the Schedule the task to run check box, and then specify a schedule for the map operation.

    It is recommended to schedule the map operation to run once in every 6 hours.

  1. If several Synchronization Service instances are installed in your environment, under Run the task on, select the computer that hosts the instance you want to use for running the map operation.
  2. Click OK to activate the schedule.

    The results of a scheduled map operation always apply automatically, you do not need to commit the changes.

    When performing a scheduled map operation, Synchronization Service always retrieves the required data from the connected data systems and never uses the data available in the local cache.

Steps to unmap objects

Mapping objects > Steps to unmap objects

You can unmap the objects that were mapped earlier.

To unmap objects

  1. In the Synchronization Service Administration Console, open the Mapping tab.
  2. Click the name of the connection for which you want to unmap objects.
  3. Click the mapping pair that specifies the objects types you want to unmap.
  4. Click Unmap now and wait until the unmap operation completes.

    After the unmap operation completes, the Synchronization Service Administration Console displays a report which provides information about the objects that participated in the unmap operation. At this stage, the application does not unmap the objects. To unmap them, you need to commit the result of the unmap operation.

    You can click the number provided next to an object category name in the report to view the details of objects that belong to that category.

  1. Review the report on the objects that participated in the unmap operation, and then click Commit to unmap the objects.

 

Automated password synchronization

Automated password synchronization

About automated password synchronization

Automated password synchronization > About automated password synchronization

If your enterprise environment has multiple data management systems, each having its own password policy and dedicated user authentication mechanism, you may face one or more of the following issues:

  • Because users have to remember multiple passwords, they may have difficulty managing them. Some users may even write down their passwords. As a result, passwords can be easily compromised.
  • Each time users forget one or several of their numerous access passwords, they have to ask administrators for password resets. This increases operational costs and translates into a loss of productivity.
  • There is no way to implement a single password policy for all of the data management systems. This too impacts productivity, as users have to log on to each data management system separately in order to change their passwords.

With Synchronization Service, you can eliminate these issues and significantly simplify password management in an enterprise environment that includes multiple data management systems.

Synchronization Service provides a cost-effective and efficient way to synchronize user passwords from an Active Directory domain to other data systems used in your organization. As a result, users can access other data management systems using their Active Directory domain password. Whenever a user password is changed in the source Active Directory domain, this change is immediately and automatically propagated to other data systems, so each user password remains in sync in the data systems at all times.

You need to connect Synchronization Service to the data systems in which you want to synchronize passwords through special connectors supplied with Synchronization Service.

Related Documents