Editing target system connection properties
You can also use the system connection wizard to change the connection parameters. If variables are defined for the settings, the changes are transferred to the active variable set.
NOTE: In the following circumstances, the default values cannot be restored:
In both these cases, the system connection wizard overwrites the default values. They cannot be restored at a later time.
To edit connection parameters using the system connection wizard
-
In the Synchronization Editor, open the synchronization project.
-
In the toolbar, select the active variable set to be used for the connection to the target system.
NOTE: If the default variable set is selected, the default values are overwritten and cannot be restored at a later time.
-
Select the Configuration > Target system category.
-
Click Edit connection.
This starts the system connection wizard.
-
Follow the system connection wizard instructions and change the relevant properties.
- Save the changes.
Related topics
Updating schemas
All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.
If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.
To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:
To update a system connection schema
-
In the Synchronization Editor, open the synchronization project.
-
Select the Configuration > Target system category.
- OR -
Select the Configuration > One Identity Manager connection category.
-
Select the General view and click Update schema.
- Confirm the security prompt with Yes.
This reloads the schema data.
To edit a mapping
-
In the Synchronization Editor, open the synchronization project.
-
Select the Mappings category.
-
Select a mapping in the navigation view.
Opens the Mapping Editor. For more information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.
NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.
Speeding up synchronization with revision filtering
When you start synchronization, all synchronization objects are loaded. Some of these objects have not be modified since the last synchronization and, therefore, must not be processed. Synchronization is accelerated by only loading those object pairs that have changed since the last synchronization. One Identity Manager uses revision filtering to accelerate synchronization.
Active Directory supports revision filtering. The Active Directory objects' Update Sequence Number (USN) is used as revision counter. The Update Sequence Number (USN) is a sequential number that is incremented when changes are made to Active Directory objects. An Active Directory object has its own USN on each domain controller. During synchronization, the highest USN of the rootDSE to be found on the domain controller is stored as revision in the One Identity Manager database (table DPRRevisionStore, column value). This value is used as a comparison for revision filtering when the same workflow is synchronized the next time. When this workflow is synchronized the next time, the Active Directory objects' USN is compared with the revision saved in the One Identity Manager database. This involves finding object pairs where one has a newer USN than the last time it was synchronized. Thus, only objects that have changed since the last synchronization are updated.
The revision is found at start of synchronization. Objects modified by synchronization are loaded and checked by the next synchronization. This means that the second synchronization after initial synchronization is not significantly faster.
Revision filtering can be applied to workflows and start up configuration.
To permit revision filtering on a workflow
To permit revision filtering for a start up configuration
NOTE: Specify whether revision filtering will be applied when you first set up initial synchronization in the project wizard.
For more information about revision filtering, see the One Identity Manager Target System Synchronization Reference Guide.
Configuring the provisioning of memberships
Memberships, such as user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system may be overwritten. This behavior can occur under the following conditions:
-
Memberships are saved as an object property in list form in the target system.
Example: List of user accounts in the Member property of an Active Directory group (Group)
-
Memberships can be modified in either of the connected systems.
-
A provisioning workflow and provisioning processes are set up.
If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.
To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.
To allow separate provisioning of memberships
-
In the Manager, select the Active Directory > Basic configuration data > Target system types category.
-
In the result list, select the Active Directory target system type.
-
Select the Configure tables for publishing task.
-
Select the assignment tables that you want to set up for single provisioning. Multi-select is possible.
-
Click Merge mode.
NOTE:
-
This option can only be enabled for assignment tables that have a base table with a XDateSubItem column.
-
Assignment tables that are grouped together in a virtual schema property in the mapping must be marked identically.
Example: ADSAccountInADSGroup, ADSGroupInADSGroup, and ADSMachineInADSGroup
- Save the changes.
For each assignment table labeled like this, the changes made in One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and not the entire members list.
NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.
You can restrict single provisioning of memberships with a condition. Once merge mode has been disabled for a table, the condition is deleted. Tables that have had the condition deleted or edited are marked with the following icon: . You can restore the original condition at any time.
To restore the original condition
-
Select the auxiliary table for which you want to restore the condition.
-
Right-click on the selected row and select the Restore original values context menu item.
- Save the changes.
For more information about provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.