Active Roles 7.2.1 - Synchronization Service Administrator Guide

Steps to synchronize identity data

On a very high level, you need to complete the following steps to synchronize identity data between two external data systems:

1. Connect the Synchronization Service to the data systems between which you want to synchronize identity data.

   For more information, see Connections to external data systems.

2. Configure synchronization scope for the connected data systems.

   For more information, see Modifying synchronization scope for a connection.

3. Create a sync workflow.

   For more information, see Creating a sync workflow.

4. Create one or more steps in the sync workflow, and, if necessary, define synchronization rules for these steps.

   For more information, see Managing sync workflow steps.

5. Run the sync workflow you have created.

   For more information, see Running a sync workflow.

You can also use the Synchronization Service to automatically synchronize passwords from a specified Active Directory domain to other connected data systems. For more information, see Automated password synchronization.

Management Shell

Management Shell is implemented as a Windows PowerShell module, providing an extension to the Windows PowerShell environment. The commands provided by Management Shell conform to the Windows PowerShell standards, and are fully compatible with the default command-line tools that come with Windows PowerShell.

You can open Management Shell by using either of the following procedures. Each procedure loads the Management Shell module into Windows PowerShell. If you do not load the Management Shell module before you run a command (cmdlet) provided by that module, you will receive an error.

To open Management Shell

• At the Windows PowerShell command prompt, run the following command:

  Import-Module [-Name]

  In the Name parameter specify the name of a file in the module and the file path. By default, the following path to the SyncServiceManagementShell module is used: C:\Program Files\One Identity\Active Roles\7.2\SyncService\SyncServiceShell\SyncServiceManagementShell.psd1.

Alternatively, complete the steps related to your version of Windows:

Upon the shell start, the console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the console requires you to enable trust for the certificate issuer before the file can be run. Press either R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).

Cmdlet naming conventions

All cmdlets are presented in verb-noun pairs. The verb-noun pair is separated by a hyphen (-) without spaces, and the cmdlet nouns are always singular. The verb refers to the action that the cmdlet performs. The noun identifies the entity on which the action is performed. For example, in the Get-QCObject cmdlet name, the verb is Get and the noun is QCObject. All the Management Shell cmdlets have the nouns prefixed with QC, to distinguish the Management Shell cmdlets from those provided by PowerShell itself or by other PowerShell modules.

Getting help

This section provides instructions on how to get help information for the cmdlets added by Management Shell to the Windows PowerShell environment.