Chat now with support
Chat with Support

Active Roles 7.6.3 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Upgrade steps

Perform the following steps to transfer synchronization workflows from Quick Connect to Synchronization Service:

  1. Install Synchronization Service.

    You can install Synchronization Service on the computer running Quick Connect or on a different computer. For installation instructions, see Step 1: Install Synchronization Service earlier in this document.

  1. Configure Synchronization Service to use a new database for storing configuration settings and synchronization data.

    To perform this step, use the Configuration Wizard that appears when you start the Synchronization Service Administration Console the first time after you install Synchronization Service. For detailed instructions, see Step 2: Configure Synchronization Service earlier in this document.

  1. Import configuration settings from Quick Connect or Synchronization Service.

    Before you proceed with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect or earlier versions of Synchronization Service. You can resume the scheduled workflows and mapping operations after you complete this step.

    To import configuration settings:

    1. On the computer where you have installed Synchronization Service, start the Synchronization Service Administration Console.
    2. In the upper right corner of the Administration Console window, click the gear icon, and then click Import Configuration.
    3. In the wizard that appears, select the version of Quick Connect Sync Engine used by your Quick Connect version or Active Roles Synchronization Service from which you want to import the configuration settings.

      Optionally, you can select the Import sync history check box to import the sync history along with the configuration settings.

    1. Follow the steps in the wizard to complete the import operation.

    If the synchronization data you want to import is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.

  1. Retype access passwords in the connections that were imported from Quick Connect.

    You need to retype access passwords in the imported connections because, for security reasons, the import of configuration settings does not retrieve the encrypted passwords from Quick Connect. Use the Synchronization Service Administration Console to make changes to each connection as appropriate, depending upon the data system to which the connection applies. For instructions on how to modify connections, see External data systems supported with built-in connectors later in this document.

  1. If your synchronization workflows involve synchronization of passwords, then you need to install the new version of Capture Agent on your domain controllers. For installation instructions, see Managing Capture Agent later in this document.

    The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, you do not lose the password synchronization functions of Quick Connect after you upgrade Capture Agent.

Communication ports

The following table lists the default communication ports used by Synchronization Service:

 

Table 1:

Default communication ports

Port

Protocol

Type of traffic

Direction of traffic

53

TCP/UDP

DNS

Inbound, outbound

88

TCP/UDP

Kerberos

Inbound, outbound

139

TCP

SMB/CIFS

Inbound, outbound

445

TCP

SMB/CIFS

Inbound, outbound

389

TCP/UDP

LDAP

Outbound

3268

TCP

LDAP

Outbound

636

TCP

SSL

This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

3269

TCP

SSL

This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

15173

TCP

Synchronization Service

This port is used by Capture Agent to communicate with Active Roles Synchronization Service.

Outbound

7148

TCP

Capture Agent
(only if Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems)

This port is used by Active Roles Synchronization Service to communicate with Capture Agent.

Inbound

135

TCP

RPC endpoint mapper

Port 135 is a dynamically allocated TCP port for RPC communication with Active Directory domain controllers. For more information about ports used for RPC communication, see the following Microsoft Support Knowledge Base articles at support.microsoft.com:

Inbound, outbound

 

Getting started

Synhronization Service Administration Console

Synchronization Service Administration Console

The Synchronization Service Administration Console is a graphical user interface that provides access to the Synchronization Service functionality. You can use the Administration Console to connect Synchronization Service to external data systems, manage existing connections, and perform data synchronization operations between the connected data systems. The Administration Console is installed as part of Synchronization Service.

To start the Administration Console

To start the Active Roles Synchronization Console, depending upon the version of your Windows operating system, click Active Roles 7.6.3 Synchronization Service on the Apps page or select All Programs | One Identity Active Roles 7.6.3 | Active Roles 7.6.3 Synchronization Service from the Start menu.

The Synchronization Service Administration Console looks similar to the following:

Figure 3: Administrator Console

In the upper right corner of the console, you can click the following items:

 

Table 2:  

Item

Description

The Gear icon

Provides the following commands:

  • Configure Sync Service  Starts a wizard that helps you change the configuration settings of the current Synchronization Service instance.
  • Import Configuration  Starts a wizard that helps you to import configuration settings from a configuration file created by another instance of Synchronization Service.
  • Export Configuration  Starts a wizard that helps you to save the configuration profile of the current Synchronization Service instance to a file. You can use this file to apply the saved configuration to other instances of Active Roles Synchronization Service deployed in your environment.
  • Mail Profiles  Allows you to add, edit, or delete mail profiles for sending notification emails about sync workflow runs. For more information on how to use the email notification, see Using sync workflow alerts.
  • Diagnostic Logging  Allows you to specify settings for writing Synchronization Service diagnostic data to the Synchronization Service log file or Windows Event Log.
  • Communication Port  Allows you to change the communication port number used by the Synchronization Service.
  • Configure Azure BackSync Allows you to configure backsync operation in Azure with on-premises Active Directory objects.

In this section:

For more information about the elements you can use on these tabs, see the next subsections.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating