Chat now with support
Chat with Support

Active Roles 7.3.1 - Synchronization Service Administrator Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Sample queries to modify SQL Server data Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Microsoft Azure Active Directory data supported out of the box

Microsoft Azure Active Directory data supported out of the box

The next table lists the Microsoft Azure Active Directory object types supported by the Microsoft Azure AD Connector out of the box. The table also provides information about the operations you can perform on these objects by using the Microsoft Azure AD Connector.

 

Table 99: Supported objects and operations

Object

Read

Create

Delete

Update

User

Yes

Yes

Yes

Yes

Group

Yes

Yes

Yes

Yes

The next sections describe the attributes provided by the Microsoft Azure AD Connector. By using these attributes, you can read and/or write data related to a particular object in Microsoft Azure Active Directory.

In the next sections:

User object attributes

User object attributes

 

Table 100: User attributes

Attribute

Description

Supported operations

accountEnabled

Gets or sets whether the user account is enabled. Required for creating a user.

Read, Write

assignedLicenses

Gets the licenses assigned to the user.

Read

assignedPlans

Gets the plans assigned to the user.

Read

city

Gets or sets the user’s city.

Read, Write

country

Gets or sets the user’s country.

Read, Write

department

Gets or sets the user’s department.

Read, Write

dirSyncEnabled

Gets or sets whether the user was synchronized from the on-premises Active Directory Domain Services.

Read, Write

directReports

Gets the direct reports of the user.

Read

displayName

Gets or sets the user’s name in the address book. Required for creating a user.

Read, Write

facsimileTelephoneNumber

Gets or sets the user’s fax number.

Read, Write

givenName

Gets or sets the user’s given name.

Read, Write

jobTitle

Gets or sets the user’s job title.

Read, Write

lastDirSyncTime

Gets the time when the user was last synchronized with the on-premises Active Directory Domain Services.

Read

mail

Gets or sets the user’s primary e-mail address.

Read, Write

mailNickName

Gets or sets the user’s mail alias. Required for creating a user.

Read, Write

manager

Gets or sets the user’s manager.

Read, Write

memberOf

Gets group membership for the user.

Read

mobile

Gets or sets the user’s mobile phone number.

Read, Write

objectId

Gets the user’s unique identifier.

Read

objectType

Gets the object type.

Read

otherMails

Gets or sets other e-mail addresses of the user.

Read, Write

passwordPolicies

Gets or sets password policies applicable to the user.

Read, Write

passwordProfile

Gets or sets the user’s password profile. Required for creating a user.

Read, Write

physicalDeliveryOfficeName

Gets or sets the user’s office location.

Read, Write

postalCode

Gets or sets the user’s postal code.

Read, Write

preferredLanguage

Gets or sets the user’s preferred language.

Read, Write

provisionedPlans

Gets the user’s provisioned plans.

Read

provisioningErrors

Gets the errors encountered when provisioning the user.

Read

proxyAddresses

Not available

Read

state

Gets or sets the user’s state or province.

Read, Write

streetAddress

Gets or sets the user’s street address.

Read, Write

surname

Gets or sets the user’s surname.

Read, Write

telephoneNumber

Gets or sets the user’s telephone number.

Read, Write

thumbnailPhoto

Gets or sets the user’s thumbnail photo.

Read, Write

usageLocation

Not available

Read, Write

userPrincipalName

Gets or sets the user’s principal name (UPN). Required when creating a user.

Read, Write

Group object attributes

Group object attributes

 

Table 101: Group attributes

Attribute

Description

Supported operations

description

Gets or sets the group’s description.

Read, Write

dirSyncEnabled

Gets whether the group was synchronized from the on-premises Active Directory Domain Services.

Read

displayName

Gets or sets the group’s display name. Required when creating a group.

Read, Write

lastDirSyncTime

Gets the time when the group was last synchronized with the on-premises Active Directory Domain Services.

Read

mail

Gets or sets the group’s e-mail address.

Read, Write

mailEnabled

Gets or sets whether the group is mail-enabled. Required when creating a group.

Read, Write

mailNickName

Gets or sets the group’s mail alias. Required when creating a group.

Read, Write

members

Gets or sets the group’s members.

Read, Write

objectId

Gets the group’s unique identifier.

Read

objectType

Gets the object type.

Read

provisioningErrors

Gets the errors encountered when provisioning the user.

Read

proxyAddresses

Not available

Read

securityEnabled

Gets or sets whether the group is a security group. Required when creating a group.

Read, Write

Using connectors installed remotely

Using connectors installed remotely

In some cases, you need to configure a connection to an external data system which is separated by a firewall from the computer running Synchronization Service. To implement this scenario, you can install an instance of Synchronization Service and built-in connectors on a remote computer and switch this Synchronization Service instance in the remote mode. This will allow the Synchronization Service instance running in the local mode to communicate with the remotely installed instance and connectors via a single port.

Consider a scenario where you want to synchronize data between two Active Directory domains that are separated by a firewall. In this case, you can install one Synchronization Service instance in the local mode in the first domain, and then deploy another Synchronization Service instance in the remote mode in the other domain. Then, ensure the firewall allows traffic on the port used for communications between the Synchronization Service instances.

In this section:

Related Documents