Active Roles 7.3.3 - How-To Guide

Capture Agent

Synchronization Service Capture Agent allows password synchronization between Active Directory domains managed by Synchronization Service and other connected data systems. The following diagram shows how the Password Synchronization feature of Synchronization Service works:

Figure 2: Password Synchronization

Capture Agent tracks changes to user passwords in the source Active Directory domain and provides that information to Synchronization Service, which in turn synchronizes the changes with target connected data systems by using the configured password synchronization rules. To synchronize passwords, install a Capture Agent on each domain controller in the Active Directory source domain.

Upgrade from Quick Connect

If Quick Connect is configured with synchronization workflows that contain similar connector in Synchronization Service, then those synchronization workflows can be transferred to Synchronization Service.

The following synchronization workflows can be transferred from the following Quick Connect versions:

  • Quick Connect Sync Engine 5.2.0, 5.3.0, 5.4.x, or 5.5
  • Quick Connect Express for Active Directory 5.3.0, 5.4.0, 5.4.1, or 5.5.0
  • Quick Connect for Cloud Services 3.3.0, 3.4.0, or 3.5.0
  • Quick Connect for Base Systems 2.2.0 or 2.3.0

Limitations

Synchronization Service is unable to run synchronization workflows that employ connections to the following systems:

  • ActiveRoles Server 6.5
  • Google Apps
  • Google Postini Services
  • IBM DB2
  • IBM Lotus Domino
  • IBM Lotus Notes
  • LDAP directory service
  • MySQL Database
  • Novell eDirectory
  • ODBC-compliant data source
  • OpenDS directory service
  • OpenLDAP directory service
  • Oracle Database
  • Oracle User Accounts
  • PeopleSoft HCM
  • Red Hat Directory Server
  • Salesforce
  • SAP Systems
  • ServiceNow
  • Sun One Directory Server
  • Workday

If it is necessary to synchronize data held in these systems, continue using Quick Connect as not all connectors provided by Quick Connect are included with Synchronization Service. Alternatively, One Identity Manager may support these systems.

Upgrade Steps

For an upgrade demonstration, please refer to the following knowledge base article:

https://support.oneidentity.com/kb/226332

To upgrade Synchronization Service

  1. Install Synchronization Service on the computer running Quick Connect or on a different host.
  2. Configure Synchronization Service to use a new database for storing configuration settings and synchronization data. To perform this step, use the Configuration Wizard that appears when the Synchronization Service Administration Console starts for the first time after installation.
  3. Import configuration settings from Quick Connect to Synchronization Service.

    NOTE: Before proceeding with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect. The scheduled workflows and mapping operations may be started after this step is completed.

    To import configuration settings:

    1. On the computer where the Synchronization Service is installed, start the Synchronization Service Administration Console.
    2. In the upper right corner of the Administration Console window, click the gear icon, and then click Import Configuration.
    3. In the wizard that appears, select the correct version of Quick Connect Sync Engine from which to import the configuration settings. Optionally, the Import sync history check box may be selected to import the sync history along with the configuration settings.
    4. Follow the steps in the wizard to complete the import operation. If the synchronization data to be imported is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.

  1. Retype access passwords in the connections that were imported from Quick Connect.

    This is required due to security reasons. The import of configuration settings does not retrieve the encrypted passwords from Quick Connect. Use the Synchronization Service Administration Console to make changes to each connection as appropriate, depending upon the data system to which the connection applies.

  1. If the synchronization workflows involve synchronization of passwords, install the new version of Capture Agent on the domain controllers.

    The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, the password synchronization functions of Quick Connect will not be lost after the Capture Agent is updated.

Related Documents