Chat now with support
Chat with Support

Active Roles Sync Service 8.2 - Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Verifying connectivity between the EC2 and RDS instances

After you created the RDS instance, you can test in the EC2 instance with the telnet client or Microsoft SQL Server Management Studio (SSMS) if the RDS connectivity was successfully configured.

To verify RDS connectivity in the EC2 instance

  1. Log in to the EC2 instance created for Active Roles Synchronization Service.

  2. To test connectivity to RDS, install the telnet client. To do so:

    1. Open Windows Server Manager.

    2. On the Dashboard, click Add roles and features.

    3. In Installation Type, select Role-based or feature-based installation, then click Next.

    4. In Server Selection, choose Select a server from the server pool, and make sure that the local server (the EC2 instance) is selected.

    5. In Server Roles, just click Next.

    6. In Features, select Telnet Client.

    7. In Confirmation, click Install, then Close the application.

  3. To verify connectivity to the RDS instance, open the Windows Command Prompt, and run the following command:

    telnet <rds-server-endpoint> <port-number>

    To find the RDS server endpoint and port to specify, open the entry of the RDS instance in the AWS console, and check the values under Connectivity & Security > Endpoint & port.

    NOTE: If the command returns an empty prompt, that indicates connectivity between the EC2 instance and the RDS instance.

  4. Download and install Microsoft SQL Server Management Studio (SSMS) on the EC2 instance.

  5. To test the connection with SSMS, start the application, then in the Connect to Server dialog, specify the following attributes:

    • Server type: Select Database Engine.

    • Server name: The same RDS instance endpoint used in the telnet command.

    • Authentication: Select SQL Server Authentication, then specify the admin user name and password created when configuring the RDS instance.

  6. After you specified all connection properties, click Connect.

Installing and configuring Synchronization Service for AWS Managed Microsoft AD

When used to synchronize AWS Managed Microsoft AD resources and passwords from an on-premises AD environment to AWS Managed Microsoft AD, you must install and configure Synchronization Service on an Amazon Elastic Compute Cloud (EC2) instance.

Prerequisites

Before starting the procedure, make sure that the EC2 and RDS instances are connected, as described in Verifying connectivity between the EC2 and RDS instances.

To install and configure Synchronization Service for use with AWS Managed Microsoft AD

  1. Download the Active Roles installation media to the EC2 instance.

  2. Run the setup and install Active Roles Synchronization Service with all required prerequisites as described in Installing Synchronization Service.

    NOTE: Make sure that you install Microsoft OLE DB Driver 19 for SQL Server and all its prerequisites from the Redistributables folder of the installation media.

    Also, to make sure that the connection to the SQL Server is properly encrypted, download and install the latest AWS RDS Root Certificate by adding it to the Trusted Root Certification Authorities container of the certmgr (Manage User Certificates) utility. For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS documentation.

  3. After installation is finished, start Active Roles Synchronization Service. The Configuration Wizard appears.

  4. In Service Account and Mode, configure the following settings:

    • Synchronization Service account: Enter the user name and password of the domain admin account supplied by Amazon Web Services (AWS).

    • Synchronization Service mode: Select Local.

    When you are ready, click Next.

  5. In Instance Configuration, select Create a new configuration, then click Next.

  6. In Database Connection, configure the following settings:

    • SQL Server: Specify the endpoint URL of the RDS instance connected to your EC2 instance. You can check the endpoint of the RDS instance in the AWS console by selecting the RDS instance, then navigating to Connectivity & Security > Endpoint & port.

    • Database: Specify the name of the database that will be used by Synchronization Service (for example, syncservice).

    • For authentication, select Use SQL Server authentication, then enter the user name and password of the primary user in your RDS instance (configured in Creating the RDS instance for the Active Roles Synchronization Service SQL Server).

  7. In Configuration File, specify the name and save location of the Synchronization Service configuration file.

  8. (Optional) For added security, specify a password for the configuration.

  9. To apply your changes and start creating the configuration, click Finish.

Getting started

  • Synchronization Service Console

  • Synchronizing identity data

  • Management Shell

Synchronization Service Console

The Synchronization Service Console is a graphical user interface that provides access to the Synchronization Service functionality. You can use the Synchronization Service Console to connect Synchronization Service to external data systems, manage existing connections, and perform data synchronization operations between the connected data systems. The Synchronization Service Console is installed as part of Synchronization Service.

To start the Synchronization Service Console, depending on the version of your Windows operating system, click Active Roles 8.2.0 Synchronization Service on the Apps page or select All Programs > One Identity Active Roles 8.2.0 > Active Roles 8.2.0 Synchronization Service from the Start menu.

The Synchronization Service Console looks similar to the following:

Figure 3: Synchronization Service Console

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating