Chat now with support
Chat with Support

Identity Manager 8.2.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Global definitions

The global definitions contain the information required for logging in to the One Identity Manager database where the changes are to be made. If the connection to the target system is supposed to be established over a remote connection, the address data of the remote connection server is also stored here.

Table 86: Global definitions

Elements

Description

WorkDatabase.ConnectionString

Database server connection parameter.

Modify these settings or define a parameter if adding new synchronization projectsClosed to a different database.

WorkDatabase.AuthenticationString

Login data for the One Identity Manager database.

Modify these settings or define a parameter if adding new synchronization projects to a different database.

WorkDatabase.DatabaseFactory

Supported database system. Only SQL Server is supported at present (VI.DB.ViSqlFactory, VI.DB).

LoadedShell.Uid

Unique ID of the synchronization project to be loaded. Only required when making changes to existing synchronization projects.

Remoting.Address

Address of the remote connection server.

Remoting.Port

Port of the remote connection server.

Defining the editor for new synchronization projects

To create new synchronization projectsClosed,use the ShellWizard editor. The definition part of this editor contains the following information:

Table 87: ShellWizard editor definitions

Elements

Description

TemplateUid

Unique project templateClosed ID to be used.

This element does not exist if the reference project was created without a project template.

ConnectedSystemIdentity

SchemaClosed information, such as type, version, and schema ID of the connected system.

ScriptLanguage

Script language used in the synchronization project.

ShellDisplay

Synchronization project display name.

ShellDescription

Description of the synchronization project.

AutoCompletion

Specifies whether the synchronization project is activated immediately.

MainConnection

The connection data for the One Identity Manager database to be synchronized in this synchronization project.

ConnectedSystemConnection

Connection data for the target system to be synchronized with this synchronization project.

TemplateConfiguration

Additional settings that were made in the project wizard. For example:

  • ProvisioningClosed data

  • Enabled revision filter

  • Setting for the synchronization log

  • Selected synchronization serverClosed

This element does not exist if the reference project was created without a project template.

Defining the editor for existing synchronization projects

To apply patches to existing synchronization projectsClosed, use the ShellPatchEditor. The definition part of this editor contains the following information:

Table 88: ShellPatchEditor editor definitions

Elements

Description

PatchesToApply

Comma-separated list of patch numbers for all patches that are to be applied.

Only patches that do not require any user input can be applied.

Keywords can be specified in order to apply all available patches.

  • AllFixes: Applies all patches for resoled issues.

  • AllFeatures: Applies all patches for new features.

Example: <Data Name="PatchesToApply" Display="Patches to apply" Type="System.String, mscorlib">AllFixes,AllFeatures</Data>

All dependent milestones will also be applied.

Synchronization Editor Command Line Interface

Once you have created a configuration file and have customizedClosed it accordingly, you can generate new synchronization projectsClosed or update existing synchronization projects with the Synchronization Editor Command Line InterfaceClosed. You can also opt to use the Synchronization Editor Module for Windows PowerShellClosed to do this. For more information, see Synchronization Editor Module for Windows PowerShell.

To create synchronization projects with the Synchronization Editor Command Line Interface

  1. Start a command line editor.

  2. Switch to the One Identity Manager installation directory.

  3. Run the Synchronization Editor Command Line Interface with the -V option and set the parameter values.

    SynchronizationEditor.CLI.exe --CreateShell {<Options>} <configuration file> {<Parameter>}

    NOTE: If the value of a parameter contains a space or special character, it must be enclosed in quotes.

    Example: SynchronizationEditor.CLI.exe --CreateShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="Synchronization project for Active Directory domain XYZ"

  4. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

    • To transfer the default value defined in the configuration file, click Esc.

  5. (Optional) Run the Synchronization Editor Command Line Interface with the option -R.

    This establishes a remote connection.

    Example: SynchronizationEditor.CLI.exe --CreateShell -R /Workspace=D:\ActiveDirectoryProject.sews

  6. If no error occur, run steps 3 and 4 with the -S option.

    If the synchronization project was created with a project templateClosed, the schemas are shrunk when saved.

To update synchronization projects with the Synchronization Editor Command Line Interface

  1. Start a command line editor.

  2. Switch to the One Identity Manager installation directory.

  3. Run the Synchronization Editor Command Line Interface with the -V option and set the parameter values.

    SynchronizationEditor.CLI.exe --PatchShell {<options>} <configuration file> {<parameter>}

    NOTE: If the value of a parameter contains a space or special character, it must be enclosed in quotes.

    Example: SynchronizationEditor.CLI.exe --PatchShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9" /SetParam Patches=AllFixes,Milestone_OneIM_8.0.2017.1104,VPR#12345,VPR#23456,VPR#34567

    • If the target system is accessed when the patch is applied and the connection parameters in the default variable set contain encrypted values, you will be prompted to enter the decrypted values. The names of the required parameters are displayed.

      TIP: Use these parameter names to add a parameter in the configuration file for each encrypted connection parameter. This allows values for the encrypted connection parameters to be passed to the Synchronization Editor Command Line Interface when it is called.

      The parameter names must conform to the following naming convention: Decryption_DefaultVariableSet_<variable name>.

      Example of a parameter definition: <Parameter Name="Decryption_DefaultVariableSet_Password" Display="Password of target system user" IsQueryParameter="False"</Parameter>

      Example of a command line call: SynchronizationEditor.CLI.exe --PatchShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9" /SetParam Patches=AllFixes /SetParam Decryption_DefaultVariableSet_Password="A123-z987"

  4. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

    • To transfer the default value defined in the configuration file, click Esc.

  5. (Optional) Run the Synchronization Editor Command Line Interface with the option -R.

    This establishes a remote connection.

    Example: SynchronizationEditor.CLI.exe --PatchShell -R /Workspace=D:\ActiveDirectoryProject.sews

  6. If no error occur, run steps 3 and 4 with the -S option.

    If the synchronization project was created with a project template, the schemas are shrunk when saved.

TIP: Run the SynchronizationEditor.CLI.exe without additional input to view help for the Synchronization Editor Command Line Interface.

Table 89: Synchronization Editor Command Line Interface commands

Command

Description

--CreateShell

Creates a new synchronization project using the data from the defined workspace.

Short form: --CS

--PatchShell

Applies patches to an existing synchronization project.

Short form: --PS

Table 90: Synchronization Editor Command Line Interface options

Option

Description

-?|H

Displays help.

-Q

No alert before running irreversible actions.

-V

The Synchronization Editor Command Line Interface is run in verbose mode. Use this option for debugging.

-S

Saves the new synchronization project in the database. If this option is not given, creating the synchronization project is simulated.

-N

Defines whether the Synchronization Editor Command Line Interface opens in non-interactive mode. This may cause requests for parameter input to fail.

Missing encrypted values are also queried in non-interactive mode.

-R

Establishes the connection to the target system over a remote service connection.

Use a remote connection if it is not possible to directly access the target system from the workstation where the Synchronization Editor is installed.

Table 91: Parameter declaration

Parameters

Description

/Workspace

Full or relative path of the configuration file.

/SetParam

Sets the value of the parameter defined in the configuration file. Overwrites default values.

Format: Parameter name=value

Pay attention to the upper and lower case characters in the parameter name.

If a value contains a space or special character, it must be enclosed in quotes. Multiple parameters are declared individually: /SetParam ParamName1=Value1 /SetParam ParamName2=Value2

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating