Regular synchronization cannot be started until the synchronization project and the schedule are active.
To prevent regular synchronization
-
In the Synchronization Editor, open the synchronization project.
-
Select the start up configuration and deactivate the configured schedule.
Now you can only start synchronization manually.
An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.
Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).
To deactivate the synchronization project
-
In the Synchronization Editor, open the synchronization project.
-
Select the General view on the home page.
-
Click Deactivate project.
Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a membership list belongs to one of these properties, the entries in the assignment table will also be updated.
NOTE: If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.
To synchronize a single object
-
In the Manager, select the HCL Domino category.
-
Select the object type in the navigation view.
-
In the result list, select the object that you want to synchronize.
-
Select the Synchronize this object task.
A process for reading this object is entered in the job queue.
Features of synchronizing memberships
If you synchronize changes in an object's member list, run single object synchronization on the assignment's root object, The base table of an assignment contains an XDateSubItem column containing information about the last change to the memberships.
Example:
Base object for assigning user accounts to groups is the group.
In the target system, a user account was assigned to a group. To synchronize this assignment, in the Manager, select the group that the user account was assigned to and run single object synchronization. In the process, all of the group's memberships are synchronized.
The user account must already exist as an object in the One Identity Manager database for the assignment to be made.
Detailed information about this topic
After the synchronization of data from the target system into the One Identity Manager database, rework may be necessary. Check the following tasks:
Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.
Outstanding objects:
-
Cannot be edited in One Identity Manager.
-
Are ignored by subsequent synchronizations.
-
Are ignored by inheritance calculations.
This means, all memberships and assignments remain intact until the outstanding objects have been processed.
Start target system synchronization to do this.
To post-process outstanding objects
-
In the Manager, select the HCL Domino > Target system synchronization: Domino category.
The navigation view lists all the synchronization tables assigned to the Domino target system type.
-
On the Target system synchronization form, in the Table / object column, open the node of the table for which you want to post-process outstanding objects.
All objects that are marked as outstanding are shown. The Last log entry and Last method run columns display the time at which the last entry was made in the synchronization log and which processing method was run. The No log available entry can mean the following:
-
The synchronization log has already been deleted.
- OR -
-
An assignment from a member list has been deleted from the target system.
The base object of the assignment was updated during the synchronization. A corresponding entry appears in the synchronization log. The entry in the assignment table is marked as outstanding, but there is no entry in the synchronization log.
-
An object that contains a member list has been deleted from the target system.
During synchronization, the object and all corresponding entries in the assignment tables are marked as outstanding. However, an entry in the synchronization log appears only for the deleted object.
TIP:
To display object properties of an outstanding object
-
Select the object on the target system synchronization form.
-
Open the context menu and click Show object.
-
Select the objects you want to rework. Multi-select is possible.
-
Click on one of the following icons in the form toolbar to run the respective method.
Table 12: Methods for handling outstanding objects
|
Delete |
The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account. The Outstanding label is removed from the object.
Indirect memberships cannot be deleted. |
|
Publish |
The object is added to the target system. The Outstanding label is removed from the object.
This runs a target system specific process that triggers the provisioning process for the object.
Prerequisites:
|
|
Reset |
The Outstanding label is removed for the object. |
- Confirm the security prompt with Yes.
NOTE: By default, the selected objects are processed in parallel, which speeds up the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.
Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.
To disable bulk processing
NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed. That means, the Connection is read-only option must not be set for the target system connection.
Related topics