Active Roles 7.3.3 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Sample queries to modify SQL Server data Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Limitations

Limitations

Synchronization Service is unable to run synchronization workflows that employ connections to the following systems:

  • ActiveRoles Sever 6.5
  • Google Apps
  • Google Postini Services
  • IBM DB2
  • IBM Lotus Domino
  • IBM Lotus Notes
  • LDAP directory service
  • MySQL Database
  • Novell eDirectory
  • ODBC-compliant data source
  • OpenDS directory service
  • OpenLDAP directory service
  • Oracle Database
  • Oracle User Accounts
  • PeopleSoft HCM
  • Red Hat Directory Server
  • Salesforce
  • SAP Systems
  • ServiceNow
  • Sun One Directory Server
  • Workday

If you need to synchronize data held in these systems, then you should continue using Quick Connect. This limitation is because not all connectors provided by Quick Connect are included with Synchronization Service.

Upgrade steps

Upgrade steps

Perform the following steps to transfer synchronization workflows from Quick Connect to Synchronization Service:

  1. Install Synchronization Service.

    You can install Synchronization Service on the computer running Quick Connect or on a different computer. For installation instructions, see Step 1: Install Synchronization Service earlier in this document.

  1. Configure Synchronization Service to use a new database for storing configuration settings and synchronization data.

    To perform this step, use the Configuration Wizard that appears when you start the Synchronization Service Administration Console the first time after you install Synchronization Service. For detailed instructions, see Step 2: Configure Synchronization Service earlier in this document.

  1. Import configuration settings from Quick Connect or Synchronization Service.

    Before you proceed with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect or earlier versions of Synchronization Service. You can resume the scheduled workflows and mapping operations after you complete this step.

    To import configuration settings:

    1. On the computer where you have installed Synchronization Service, start the Synchronization Service Administration Console.
    2. In the upper right corner of the Administration Console window, click the gear icon, and then click Import Configuration.
    3. In the wizard that appears, select the version of Quick Connect Sync Engine used by your Quick Connect version or Active Roles Synchronization Service from which you want to import the configuration settings.

      Optionally, you can select the Import sync history check box to import the sync history along with the configuration settings.

    1. Follow the steps in the wizard to complete the import operation.

    If the synchronization data you want to import is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.

  1. Retype access passwords in the connections that were imported from Quick Connect.

    You need to retype access passwords in the imported connections because, for security reasons, the import of configuration settings does not retrieve the encrypted passwords from Quick Connect. Use the Synchronization Service Administration Console to make changes to each connection as appropriate, depending upon the data system to which the connection applies. For instructions on how to modify connections, see External data systems supported out of the box later in this document.

  1. If your synchronization workflows involve synchronization of passwords, then you need to install the new version of Capture Agent on your domain controllers. For installation instructions, see Managing Capture Agent later in this document.

    The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, you do not lose the password synchronization functions of Quick Connect after you upgrade Capture Agent.

Communication ports

Communication ports

The following table lists the default communication ports used by Synchronization Service:

 

Table 1:

Default communication ports

Port

Protocol

Type of traffic

Direction of traffic

53

TCP/UDP

DNS

Inbound, outbound

88

TCP/UDP

Kerberos

Inbound, outbound

139

TCP

SMB/CIFS

Inbound, outbound

445

TCP

SMB/CIFS

Inbound, outbound

389

TCP/UDP

LDAP

Outbound

3268

TCP

LDAP

Outbound

636

TCP

SSL

This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

3269

TCP

SSL

This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

15173

TCP

Synchronization Service

This port is used by Capture Agent to communicate with Active Roles Synchronization Service.

Outbound

7148

TCP

Capture Agent
(only if Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems)

This port is used by Active Roles Synchronization Service to communicate with Capture Agent.

Inbound

135

TCP

RPC endpoint mapper

Port 135 is a dynamically allocated TCP port for RPC communication with Active Directory domain controllers. For more information about ports used for RPC communication, see the following Microsoft Support Knowledge Base articles at support.microsoft.com:

Inbound, outbound

 

Getting started

Related Documents