Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 8.1.4 - Windows PowerShell Connector User Guide

How to post-process outstanding objects

To post-process outstanding objects

  1. In the Manager, select the Data synchronization | Target system synchronization: <target system type> category.

    All tables assigned to the target system type are displayed in the navigation view.

  2. Select the table whose outstanding objects you want to edit in the navigation view.

    All objects marked as outstanding are shown on the form.

    TIP:

    To display object properties of an outstanding object

    1. Select the object on the target system synchronization form.
    2. Open the context menu and click Show object.
  1. Select the objects you want to rework. Multi-select is possible.

  2. Click on one of the following icons in the form toolbar to execute the respective method.

    Table 9: Methods for handling outstanding objects

    Icon

    Method

    Description

    Delete

    The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account. The Outstanding label is removed from the object.

    Indirect memberships cannot be deleted.

    Publish

    The object is added to the target system. The Outstanding label is removed from the object.

    The method triggers the HandleOutstanding event. This runs a target system specific process that triggers the provisioning process for the object.

    Prerequisites:

    • The table containing the object can be published.

    • The target system connector has write access to the target system.

    • A custom process is set up for provisioning the object.

    Reset

    The Outstanding label is removed for the object.

  3. Confirm the security prompt with Yes.

NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.

Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.

To disable bulk processing

  • In the form's toolbar, click to disable bulk processing.

Related topics

Configuring the provisioning of memberships

Memberships, such as user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system may be overwritten. This behavior can occur under the following conditions:

  • Memberships are saved in the target system as an object property in list form (Example: List of user accounts in the Members property of an Active Directory group).

  • Memberships can be modified in either of the connected systems.

  • A provisioning workflow and provisioning processes are set up.

If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.

To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.

To allow separate provisioning of memberships

  1. In the Manager, select the Data Synchronization | Basic configuration data | Target system types category.

  2. Select the Configure tables for publishing task.

  3. Select the assignment tables that you want to set up for single provisioning. Multi-select is possible.

    • This option can only be enabled for assignment tables that have a base table with XDateSubItem or CCC_XDateSubItem column.

    • Assignment tables that are grouped together in a virtual schema property in the mapping must be marked identically (for example, ADSAccountInADSGroup, ADSGroupInADSGroup and ADSMachineInADSGroup).

  4. Click Merge mode.

  5. Save the changes.

For each assignment table labeled like this, the changes made in One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and not the entire members list.

NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.

You can restrict single provisioning of memberships with a condition. Once merge mode has been disabled for a table, the condition is deleted. Tables that have had the condition deleted or edited are marked with the following icon: . You can restore the original condition at any time.

To restore the default condition

  1. Select the auxiliary table for which you want to restore the condition.

  2. Right-click on the selected row and select the Restore original values context menu item.
  3. Save the changes.

For more detailed information about provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

Troubleshooting

For detailed information about correcting errors during synchronization of object hierarchies, see the One Identity Manager Target System Synchronization Reference Guide.

Help for the analysis of synchronization issues

You can generate a report for analyzing problems that arise during synchronization, inadequate performance for example. The report contains information such as:

  • Consistency check results
  • Revision filter settings
  • Scope applied
  • Analysis of the data store
  • Object access times in the One Identity Manager database and in the target system

To generate a synchronization analysis report

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Help | Generate synchronization analysis report menu item and click Yes in the security prompt.

    The report may take a few minutes to generate. It is displayed in a separate window.

  3. Print the report or save it in one of the available output formats.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating