立即与支持人员聊天
与支持团队交流

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Importing certificate into certificates store

In this step, you import the certificate to the Personal\Certificates certificate store by using the Certificates snap-in. You must complete this step on each domain controller running Capture Agent and on each computer running Synchronization Service that will participate in the password synchronization.

To import the certificate

  1. Open the Certificates - Local Computers snap-in.

  2. In the Console tree, click the Personal > Certificates logical store.

  3. On the Action menu, point to All Tasks and then click Import.

  4. Step through the wizard.

  5. On the File to Import page, in File name, type the file name containing the certificate to be imported or click Browse and to locate and select the file. When finished, click Next.

  6. On the Password page, type the password used to encrypt the private key, and then click Next.

  7. On the Certificate Store page, ensure that the Place all certificates in the following store option is selected, and the Certificate store text box displays Personal, and then click Next.

  8. On the Completion page, revise the specified settings and click Finish to import the certificate and close the wizard.

Copying the certificate's thumbprint

In this step, you copy the thumbprint of your custom certificate. In the next steps, you will need to provide the thumbprint to Capture Agent and Synchronization Service.

To copy the thumbprint of your custom certificate

  1. Open the Certificates - Local Computer snap-in.

  2. In the Console tree, click the Personal store to expand it.

  3. Click the Certificates store to expand it.

  4. In the details pane, double-click the certificate.

  5. In the Certificate dialog, click the Details tab, and scroll through the list of fields to select Thumbprint.

  6. Copy the hexadecimal value of Thumbprint to the clipboard.

You will need the copied thumbprint value to configure the Capture Agent and Synchronization Service.

Providing the certificate’s thumbprint to Capture Agent

This step assumes that:

  • The same Group Policy object is linked to each OU holding the domain controllers on which the Capture Agent is installed. For more information on how to create and link a Group policy object, see the documentation for your version of Windows.

  • The SyncServiceCaptureAgent.adm administrative template file is linked to that Group Policy object.

For instructions on how to add an administrative template file to a Group Policy object, see Adding an administrative template to Group Policy object.

To provide the thumbprint to Capture Agent

On any computer joined to the domain where Capture Agent is installed, open Group Policy Object Editor, and connect to the Group Policy object to which you added the Administrative Template in Adding an administrative template to Group Policy object.

  1. In the Group Policy Object Editor console, expand the Group Policy object, and then expand the Computer Configuration node.

  2. Expand the Administrative Templates > Active Roles node to select Sync Service Capture Agent Settings.

  3. In the details pane, double-click Certificate to encrypt Capture Agent traffic.

  4. Select the Enabled option, and then paste the certificate’s thumbprint (the one you copied in Copying the certificate's thumbprint) in the Thumbprint text box. When finished, click OK.

  5. For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt:

    gpupdate /force

Providing the certificate’s thumbprint to Synchronization Service

Perform the next steps on each computer running the Synchronization Service that participates in the password sync operations.

To provide the thumbprint to Synchronization Service

  1. On the computer running the Synchronization Service, start Group Policy Object Editor, and then connect to the Local Computer Policy Group Policy object.

  2. In the Group Policy Object Editor console, expand the Local Computer Policy node, expand the Computer Configuration node, and select Administrative Templates.

  3. On the Action menu, point to All Tasks, and click Add/Remove Templates.

  4. In the Add/Remove Templates dialog, click Add, and then use the Policy Templates dialog to open the SyncService.adm file that holds the Administrative Template.

  5. By default, the SyncService.adm file is stored in <Active Roles installation folder>\SyncServiceCaptureAgent\Administrative Templates.

  6. Under Computer Configuration > Administrative Templates > Active Roles, select Sync Service Settings.

  7. In the details pane, double-click Certificate to encrypt Capture Agent traffic.

  8. Select the Enabled option, and then paste the certificate’s thumbprint (the one you copied in Copying the certificate's thumbprint) in the Thumbprint text box. When finished, click OK.

  9. For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt:

    gpupdate /force

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级