Synchronization Configuration Export

Synchronization Configuration Export

SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. projects created for a test database, for example, can be transported to a live database. To be able to use synchronization configuration here, modify the One Identity Manager database connection parameter and the start up configuration.

Prerequisite

• The schema of both One Identity Manager databases are identical. Customized schema extensions used in the mapping exist in both databases.

To export a synchronization project from one One Identity Manager database to another

1. Save the synchronization project in the source database with change labels. Add new changes labels to do this.
   • To save the synchronization project with change labels, open the Commit to database submenu and click Commit and assign a change label...
2. Create a transport package for the synchronization project using the Database Transporter.
   1. Select the export criteria Transport by change label.
   2. Select the change label.
   3. Click Options and set Add dependent objects to transport file and Close change labels after export.

      TIP: To display objects that belong to change labels, click Show.

3. Import the transport package into the target database with the Database Transporter.
4. Edit the synchronization project in the target database.
   1. Add a new base object:

      Use the wizard to do this, if it is available.

      The wizard creates a variable set with the given connection parameters. It adds the synchronization base object, for example, the actual Active Directory domain you want to synchronize, as object in the One Identity Manager database.

   2. Customize the One Identity Manager database connection data.

      Select the category Configuration | One Identity Manager connection | General and click Edit connection....

   3. Customize your start up configuration.
      • Assign a schedule to it.
      • Assign the variable set that belongs to the associated base object.

   4. Run a consistency check.

   5. Activate the synchronization project.

Detailed information about this topic

• System Connection Properties
• How to Edit Start up Configurations
• Specifying a Schedule
• How to Create Base Objects
• Checking Synchronization Configuration Consistency
• Activating the Synchronization Project

For more detailed information about committing with change labels as well as creating and importing transport packages, see the One Identity Manager Configuration Guide.

Operations for Provisioning Processes

Operations for Provisioning Processes

In order to provision object modifications in the target system, you must specify which synchronization workflow provisioning should take over. This information is stored in the table DPRObjectOperation. If you create your own provisioning processes, define operations for each of the provisioning tasks. Assign the operations to the synchronization workflows, which are going to be executed. Edit the assignments in the Designer.

To define operations for provisioning processes

1. Select the category Process Orchestration | ProvisioningActual changes to an object in the One Identity Manager database (added, modified, deleted) are made immediately written to the target system. process operations in the Designer.
2. Select the menu item Object | New.
3. Edit the operation properties.
4. Save the changes.
5. Use this operation as parameter for the script DPR_GetAdHocData in the provisioning process.

Table 74: Operations for Provisioning Processes

Property	Description
Name	Name of the operation.
Synchronization workflowsee WorkflowCollection of all the synchronization steps to be executed.	Workflow for executing provisioning.
System connection	Target system connection for the target system in which changes must be provisioned.
Table	Table responsible for triggering provisioning.
Display name	Operation display name in the One Identity Manager tools' user interface.
Description	Spare text box for additional explanation.
Processing status	Only used internally by One Identity Manager.

Creating Synchronization Projects Automatically

Creating Synchronization Projects Automatically

You can create synchronization projects automatically. This can be particularly useful if you want to set up synchronization projects for different Active Directory domains, which require the same configuration. A new synchronization project is generated from the command line. using the configuration of a reference project. The reference project's configuration is supplied in a configuration file. which you can modify. You can define variable settings, like the target system to connect or password, in parameters, which are used passed values when the command is called.

To set up automation

1. Enable expert mode.
2. Create the reference project using the project wizard.
   1. Create a new synchronization project.
   2. Click Save configuration... on the last page of the project wizard.
   3. Select a repository for the configuration file and give it a name.

      The file is saved as a Synchronization EditorOne Identity Manager tool for configuring target system synchronization. workspace file with the extension sews.

   4. Quit the wizard.
3. Customize the synchronization configuration in the configuration file.
   • Check the saved settings and adjust the values.
   • Create parameters for variable settings.
4. To create synchronization projects with this conifiguration
   • Call the SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. Editor Command Line Interface.
5. To automatically create synchronization projects, use scripts which execute the Synchronization Editor Command Line Interface .

Detailed information about this topic

• How to Create a Synchronization Project
• Customizing the Configuration File
• Synchronization Editor Command Line Interface

Customizing the Configuration File

Customizing the Configuration File

All data in the configuration file that the project wizard collected when the synchronization project was created, is saved in XML format. The file is divided into three main sections:

• Parameter Definitions

  For more information, see Parameter Definitions.

• Global Definitions

  For more information, see Global Definitions.

• Editor Definitions

  For more information, see Editor Definitions.

Structure of the configuration file

Customize the settings to create a new synchronization project based on this configuration file. Use parameters for all variable values if different synchronization projects are going to be created with this configuration file.

To Customize the configuration file

1. Decide on the variable values.
2. Define parameters for each of these values.
3. Replace the values with parameters.

Example

SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. projects should be created for various Active Directory domains in different One Identity Manager databases on one and the same database server. A synchronization project has been created with the project wizard for one of these domains. This reference project's configuration file must be adjusted such that it can be used for all the other domains.

The following settings must be customized:

• Define parameters for the One Identity Manager database, database user, system user and its password.
• Define parameter for the domain name, domain controller Active Directory user and its password.
• Define a parameter for the synchronization project, if more than one synchronization projects is going to added to one database.
• Replace the respective values in the global and editor sections with these parameters.

  IMPORTANT: The One Identity Manager database connection data in the global definitions (WorkDatabase.ConnectionString) and in the editor definitions (MainConnection.ConnectionParameter) must be identical. If you replace these value with parameters, use the same parameter in each case.

  The following table shows the modifications required in the configuration file based on a reference project from a SQL Server database. For more detailed information about connecting to an SQL Server or Oracle database, see the One Identity Manager Installation Guide. For more detailed information about initial data for the authentication module, see the One Identity Manager Configuration Guide.

  Table 75: Modifications in the configuration file

  Element/value	Changes
  WorkDatabase.ConnectionString data source=<database server>; initial catalog=<database>; user id=<user>; pooling=false; password=$DBPassword$	Replace <database> and <user> with parameters, for example $Database$ and $DBUser$.
  WorkDatabase.AuthenticationString module=<authentication module>; user[VI.DB_USER]=<system user>; (Password)Password[VI.DB_Password]=<password>	Replace <system user> and <password> with parameters, for example $SystemUser$ and $SystemPassword$.
  MainConnection.ConnectionParameter authentication=ProjectorAuthenticator; data source=<database server>; DBFactory="VI.DB.ViSqlFactory, VI.DB"; initial catalog=<database>; password="<DBPassword>"; pooling=false; user id=<user>	Replace <database>, <DBPassword> and <user> with parameters from the element WorkDatabase.ConnectionString.
  ConnectedSystemConnection.ConnectionParameter ADAuthentication=<authentication type>; ADEnableras=<Remote Access Service>; ADEnablerecyclebin=<Active Directory recycle bin>; ADEnableterminal=<terminal service>; ADPort=<port>; ADRootdn="<distinguished domain name>"; ADServer=<domain controller>; ADTypeEnableExtensions=<Typklassen erlaubt>; ADTypeExtensions=<Typklassendefinition>; baseloginaccount=<Active Directory Benutzer>; basepassword="<Active Directory Kennwort>"	Replace <distinguished domain name>, <domain controller>, <Active Directory user> and <Active Directory password> with parameters.
  ShellDisplay <synchronization project display name>	Replace <synchronization project display name> with a parameter, if more than one synchronization projects are going to be added to one database.

For more information, see Appendix: Example of a Configuration File.