After the synchronization of data from the target system into the One Identity Manager database, rework may be necessary. Check the following tasks:
After the synchronization of data from the target system into the One Identity Manager database, rework may be necessary. Check the following tasks:
Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Outstanding objects:
Cannot be edited in One Identity Manager.
Are ignored by subsequent synchronizations.
Are ignored by inheritance calculations.
This means, all memberships and assignments remain intact until the outstanding objects have been processed.
Start target system synchronization to do this.
To post-process outstanding objects
In the Manager, select the Active Directory > Target system synchronization: Active Directory category.
The navigation view lists all the synchronization tables assigned to the Active Directory target system type.
On the Target system synchronization form, in the Table / object column, open the node of the table for which you want to post-process outstanding objects.
All objects that are marked as outstanding are shown. The Last log entry and Last method run columns display the time at which the last entry was made in the synchronization log and which processing method was run. The No log available entry can mean the following:
The synchronization log has already been deleted.
- OR -
An assignment from a member list has been deleted from the target system.
The base object of the assignment was updated during the synchronization. A corresponding entry appears in the synchronization log. The entry in the assignment table is marked as outstanding, but there is no entry in the synchronization log.
An object that contains a member list has been deleted from the target system.
During synchronization, the object and all corresponding entries in the assignment tables are marked as outstanding. However, an entry in the synchronization log appears only for the deleted object.
TIP:
To display object properties of an outstanding object
Select the object on the target system synchronization form.
Open the context menu and click Show object.
Select the objects you want to rework. Multi-select is possible.
Click on one of the following icons in the form toolbar to run the respective method.
Icon |
Method |
Description |
---|---|---|
|
Delete |
The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account. Indirect memberships cannot be deleted. |
|
Publish |
The object is added to the target system. The Outstanding label is removed from the object. This runs a target system specific process that triggers the provisioning process for the object. Prerequisites:
|
|
Reset |
The Outstanding label is removed for the object. |
TIP: If a method cannot be run due to certain restrictions, the respective icon is disabled.
To display the constraint's details, click the Show button in the Constraints column.
NOTE: By default, the selected objects are processed in parallel, which speeds up the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.
Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.
To disable bulk processing
Disable the icon in the form's toolbar.
NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed.
You must customize your target system synchronization to synchronize custom tables.
To add
In the Manager, select the Active Directory > Basic configuration data > Target system types category.
In the result list, select the Active Directory target system type.
Select the Assign synchronization tables task.
In the
Select the Configure tables for publishing task.
Select the
In the default installation, after synchronizing, identities are automatically created for user accounts and contacts. If an account definition for the domain is not known at the time of synchronization, user accounts and contacts are linked to identities. However, account definitions are not assigned. The user accounts and contacts are therefore in a Linked state.
To manage the user accounts and contacts using account definitions, assign an account definition and a manage level to these user accounts and contacts.
To manage user accounts
Create an account definition.
Assign a user account in the Linked state to the account definition. The account definition's default manage level is applied to the user account.
In the Manager, select the Active Directory > User accounts > Linked but not configured > <domain> category.
- OR -
In the Manager, select the Active Directory > Contacts > Linked but not configured > <domain> category.
Select the Assign account definition to linked accounts task.
In the Account definition menu, select the account definition.
Select the user accounts that contain the account definition.
Save the changes.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center