Chat now with support
Chat with Support

Active Roles 8.1.5 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Upgrade from Quick Connect and Synchronization Service

If you have sync workflows configured and run by Quick Connect (the predecessor of Synchronization Service), or earlier versions of Active Roles Synchronization Service, then you can transfer those sync workflows to the current version of Active Roles Synchronization Service.

You can transfer sync workflows from the following Quick Connect or Active Roles Synchronization Service versions:

  • Quick Connect for Active Directory 6.1

  • Quick Connect for AS400 1.4

  • Quick Connect for Base Systems 2.4

  • Quick Connect for Cloud Services 3.7

  • Quick Connect for RACF 1.3

  • Quick Connect Sync Engine 5.5 and 6.1

  • Synchronization Service 7.5 and later

For more information, see Transferring sync workflows from Quick Connect in the Active Roles Synchronization Service Administration Guide.

Transferring sync workflows from Quick Connect

To transfer sync workflows from Quick Connect to Synchronization Service

  1. Install Synchronization Service.

    You can install Synchronization Service on the computer running Quick Connect or on a different computer. For installation instructions, see Installing Synchronization Service.

  2. Configure Synchronization Service to use a new database for storing configuration settings and synchronization data.

    To perform this step, use the Configuration Wizard that appears when you start the Synchronization Service Console the first time after you install Synchronization Service. For more information, see Configuring Synchronization Service.

  3. Import configuration settings from Quick Connect or Synchronization Service.

    Before you proceed with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect or earlier versions of Synchronization Service. You can resume the scheduled workflows and mapping operations after you complete this step.

    To import configuration settings:

    1. On the computer where you have installed Synchronization Service, start the Synchronization Service Console.

    2. In the upper right corner of the Active Roles Synchronization Service window, click the gear icon, and then click Import Configuration.

    3. In the wizard that appears, select the version of Quick Connect Sync Engine used by your Quick Connect version or Active Roles Synchronization Service from which you want to import the configuration settings.

      Optionally, you can select the Import sync history check box to import the sync history along with the configuration settings.

    4. Follow the steps in the wizard to complete the import operation.

    If the synchronization data you want to import is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.

  4. Retype access passwords in the connections that were imported from Quick Connect.

    NOTE: Re-entering passwords in the imported connections is required because due to security reasons, the configuration import process does not retrieve encrypted passwords from Quick Connect. To modify the imported connections later, use the Synchronization Service Console. For more information, see External data systems supported with built-in connectors.

  5. If your sync workflows involve synchronization of passwords, then you need to install the new version of Capture Agent on your domain controllers. For installation instructions, see Managing Capture Agent.

    The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, you do not lose the password synchronization functions of Quick Connect after you upgrade Capture Agent.

Communication ports

The following table lists the default communication ports used by Synchronization Service:

Table 1: Default communication ports

Port

Protocol

Type of traffic

Direction of traffic

53

TCP/UDP

DNS

Inbound, outbound

88

TCP/UDP

Kerberos

Inbound, outbound

139

TCP

SMB/CIFS

Inbound, outbound

445

TCP

SMB/CIFS

Inbound, outbound

389

TCP/UDP

LDAP

Outbound

3268

TCP

LDAP

Outbound

636

TCP

SSL

NOTE: This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

3269

TCP

SSL

NOTE: This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

15173

TCP

Synchronization Service

NOTE: This port is used by Capture Agent to communicate with Active Roles Synchronization Service.

Outbound

7148

TCP

Between Synchronization Service and Capture Agent.

NOTE: This port is used only if Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems.

Inbound

135

TCP

RPC endpoint mapper

NOTE: Port 135 is a dynamically allocated TCP port for RPC communication with Active Directory domain controllers. For more information about ports used for RPC communication, see the following Microsoft Support Knowledge Base articles at support.microsoft.com:

Inbound, outbound

Deploying Synchronization Service for use with AWS Managed Microsoft AD

NOTE: This feature is officially supported starting from Active Roles 8.1.3 SP1 (build 8.1.3.10). It is not supported on Active Roles 8.1.3 (build 8.1.3.2) and earlier versions.

Active Roles Synchronization Service supports deployment and configuration in the Amazon cloud to manage AWS Managed Microsoft AD object synchronization.

This allows you to:

  • Synchronize directory data from an on-premises AD environment to AWS Managed Microsoft AD.

  • Synchronize passwords from an on-premises Active Directory to AWS Managed Microsoft AD (with certain limitations).

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating