Chat now with support
Chat with Support

Active Roles 7.2 - Synchronization Service Administrator Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Exchange Server Working with Active Roles Working with Quest One Identity Manager Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Sample queries to modify SQL Server data Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Step 1: Configure an application in Microsoft Azure Active Directory

Connections to external data systems > External data systems supported out of the box > Working with Microsoft Azure Active Directory > Step 1: Configure an application in Microsoft Azure Active Directory

Synchronization Service reads and writes data in Microsoft Azure Active Directory by using an application existing in your Microsoft Azure Active Directory environment. This step describes how to configure such an application.

To configure an application

  1. Create an application in any domain of your Microsoft Azure Active Directory environment. The application must have sufficient permissions to read and write data in Microsoft Azure Active Directory.

    You can assign the required permissions to the application by running a Windows PowerShell script. Below is an example of such a script. To run the script, you need to install Microsoft Azure PowerShell on your computer.

    # Replace <ClientId> with the Client ID of the Active Roles Azure AD Connector Application (example format: 455ad643-332g-32h7-q004-8ba89ce65ae26)

    $Id = "<ClientID>"

    # Prompt for Microsoft Azure AD Global Admin credentials.

    # Save the supplied credentials to the $creds variable.

    $creds=get-credential

    # Connect to Azure AD using the credentials stored in $creds.

    connect-msolservice -credential $creds

    # Get the Principal ID of the Active Roles Azure AD Connector Application and save it to the $servicePrincipal variable

    $servicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $Id

    # Get the required role ID from the Active Roles Azure AD Connector Application and save it to the $roleId variable

    $roleId = (Get-MsolRole -RoleName "Company Administrator").ObjectId

    # Assign the required permissions to the Active Roles Azure AD Connector Application

    Add-MsolRoleMember -RoleObjectId $roleId -RoleMemberObjectId $servicePrincipal.ObjectId -RoleMemberType servicePrincipal

  1. Open the application properties and copy the following:
    • Client ID
    • Valid key of the application

    You need to supply the copied client ID and key when creating a new or modifying an existing connection to Microsoft Azure Active Directory in the Synchronization Service Administration Console.

Step 2: Create a connection to Microsoft Azure Active Directory

Connections to external data systems > External data systems supported out of the box > Working with Microsoft Azure Active Directory > Step 2: Create a connection to Microsoft Azure Active Directory

To create a new connection

  1. In the Synchronization Service Administration Console, open the Connections tab.
  2. Click Add connection, and then use the following options:
    • Connection name. Type a descriptive name for the connection.
    • Use the specified connector. Select Microsoft Azure AD Connector.
  3. Click Next.
  4. On the Specify connection settings page, use the following options:
  5. Click Finish to create a connection to Microsoft Azure Active Directory.

Modifying a Microsoft Azure Active Directory connection

Connections to external data systems > External data systems supported out of the box > Working with Microsoft Azure Active Directory > Modifying a Microsoft Azure Active Directory connection

This section assumes that your Microsoft Azure Active Directory environment already includes an application through which Synchronization Service can read and write data. For more information, see Step 1: Configure an application in Microsoft Azure Active Directory.

To modify connection settings

  1. In the Synchronization Service Administration Console, open the Connections tab.
  2. Click Connection settings below the existing Microsoft Azure Active Directory connection you want to modify.
  3. On the Connection Settings tab, click the Specify connection settings item to expand it and use the following options:
    1. Test Connection. Click this button to verify the specified connection settings.
  4. When you are finished, click Save.

Microsoft Azure Active Directory data supported out of the box

Connections to external data systems > External data systems supported out of the box > Working with Microsoft Azure Active Directory > Microsoft Azure Active Directory data supported out of the box

The next table lists the Microsoft Azure Active Directory object types supported by the Microsoft Azure AD Connector out of the box. The table also provides information about the operations you can perform on these objects by using the Microsoft Azure AD Connector.

 

Table 102: Supported objects and operations

Object

Read

Create

Delete

Update

User

Yes

Yes

Yes

Yes

Group

Yes

Yes

Yes

Yes

The next sections describe the attributes provided by the Microsoft Azure AD Connector. By using these attributes, you can read and/or write data related to a particular object in Microsoft Azure Active Directory.

In the next sections:

Related Documents