Chat now with support
Chat with Support

Active Roles 7.3.1 - Synchronization Service Administrator Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Sample queries to modify SQL Server data Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Delta processing mode

Delta processing mode

Delta processing mode allows you to more quickly synchronize identities by processing only the data that has changed in the source and target connected systems since their last synchronization.

Both the full mode and the delta mode provide you with the flexibility of choosing the appropriate method for your synchronization tasks.

Note, that delta processing mode is unavailable for some of the supported data systems. For details, refer to the sections about the supported data systems.

Synchronization of group membership

Synchronization of group membership

Synchronization Service allows you to ensure that group membership information is in sync in all connected data systems. For example, when creating a group object from an Active Directory domain to an AD LDS (ADAM) instance, you can configure rules to synchronize the Member attribute from the Active Directory domain to the AD LDS (ADAM) instance.

Windows PowerShell scripting

Windows PowerShell scripting

The Management Shell component of Synchronization Service is an automation and scripting shell that provides a command-line management interface for synchronizing data between connected systems via the Synchronization Service.

The Management Shell is implemented as a Windows PowerShell snap-in extending the standard Windows PowerShell functionality. The cmdlets provided by the Management Shell conform to the Windows PowerShell standards and are fully compatible with the default command-line tools that come with Windows PowerShell.

The Management Shell lets administrators perform attribute or password synchronization operations by using Windows PowerShell scripts. For example, you can compose and run a Windows PowerShell script that assigns values to the target object attributes using the values of the source object attributes. For more information, see Appendix B: Using a PowerShell script to transform passwords.

Attribute synchronization rules

Attribute synchronization rules

With Synchronization Service, you can create and configure synchronization rules to generate values of target object attributes. These rules support the following types of synchronization:

  • Direct synchronization. Assigns the value of a source object attribute to the target object attribute you specify.
  • Script-based synchronization. Allows you to use a Windows PowerShell script to generate the target object attribute value.
  • Rule-based synchronization. Allows you to create and use rules to generate the target object attribute value you want.
Related Documents