立即与支持人员聊天
与支持团队交流

Active Roles On Demand Hosted - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported out of the box
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Working with Microsoft Azure Active Directory Working with SCIM
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Microsoft Azure Active Directory data supported out of the box

The next table lists the Microsoft Azure Active Directory object types supported by the Microsoft Azure AD Connector out of the box. The table also provides information about the operations you can perform on these objects by using the Microsoft Azure AD Connector.

 

Table 113: Supported objects and operations

Object

Read

Create

Delete

Update

User

Yes

Yes

Yes

Yes

Group

Yes

Yes

Yes

Yes

The next sections describe the attributes provided by the Microsoft Azure AD Connector. By using these attributes, you can read and/or write data related to a particular object in Microsoft Azure Active Directory.

In the next sections:

User object attributes

 

Table 114: User attributes

Attribute

Description

Supported operations

accountEnabled

Gets or sets whether the user account is enabled. Required for creating a user.

Read, Write

assignedLicenses

Gets the licenses assigned to the user.

Read

assignedPlans

Gets the plans assigned to the user.

Read

city

Gets or sets the user’s city.

Read, Write

country

Gets or sets the user’s country.

Read, Write

department

Gets or sets the user’s department.

Read, Write

dirSyncEnabled

Gets or sets whether the user was synchronized from the on-premises Active Directory Domain Services.

Read, Write

directReports

Gets the direct reports of the user.

Read

displayName

Gets or sets the user’s name in the address book. Required for creating a user.

Read, Write

facsimileTelephoneNumber

Gets or sets the user’s fax number.

Read, Write

givenName

Gets or sets the user’s given name.

Read, Write

jobTitle

Gets or sets the user’s job title.

Read, Write

lastDirSyncTime

Gets the time when the user was last synchronized with the on-premises Active Directory Domain Services.

Read

mail

Gets or sets the user’s primary e-mail address.

Read, Write

mailNickName

Gets or sets the user’s mail alias. Required for creating a user.

Read, Write

manager

Gets or sets the user’s manager.

Read, Write

memberOf

Gets group membership for the user.

Read

mobile

Gets or sets the user’s mobile phone number.

Read, Write

objectId

Gets the user’s unique identifier.

Read

objectType

Gets the object type.

Read

otherMails

Gets or sets other e-mail addresses of the user.

Read, Write

passwordPolicies

Gets or sets password policies applicable to the user.

Read, Write

passwordProfile

Gets or sets the user’s password profile. Required for creating a user.

Read, Write

physicalDeliveryOfficeName

Gets or sets the user’s office location.

Read, Write

postalCode

Gets or sets the user’s postal code.

Read, Write

preferredLanguage

Gets or sets the user’s preferred language.

Read, Write

provisionedPlans

Gets the user’s provisioned plans.

Read

provisioningErrors

Gets the errors encountered when provisioning the user.

Read

proxyAddresses

Not available

Read

state

Gets or sets the user’s state or province.

Read, Write

streetAddress

Gets or sets the user’s street address.

Read, Write

surname

Gets or sets the user’s surname.

Read, Write

telephoneNumber

Gets or sets the user’s telephone number.

Read, Write

thumbnailPhoto

Gets or sets the user’s thumbnail photo.

Read, Write

usageLocation

Not available

Read, Write

userPrincipalName

Gets or sets the user’s principal name (UPN). Required when creating a user.

Read, Write

Group object attributes

 

Table 115: Group attributes

Attribute

Description

Supported operations

description

Gets or sets the group’s description.

Read, Write

dirSyncEnabled

Gets whether the group was synchronized from the on-premises Active Directory Domain Services.

Read

displayName

Gets or sets the group’s display name. Required when creating a group.

Read, Write

lastDirSyncTime

Gets the time when the group was last synchronized with the on-premises Active Directory Domain Services.

Read

mail

Gets or sets the group’s e-mail address.

Read, Write

mailEnabled

Gets or sets whether the group is mail-enabled. Required when creating a group.

Read, Write

mailNickName

Gets or sets the group’s mail alias. Required when creating a group.

Read, Write

members

Gets or sets the group’s members.

Read, Write

objectId

Gets the group’s unique identifier.

Read

objectType

Gets the object type.

Read

provisioningErrors

Gets the errors encountered when provisioning the user.

Read

proxyAddresses

Not available

Read

securityEnabled

Gets or sets whether the group is a security group. Required when creating a group.

Read, Write

Working with SCIM

To create a connection to the source system supporting System for Cross-domain Identity Management (SCIM), you need to use Synchronization Service in conjunction with a special connector called SCIM Connector. This connector is included in the Synchronization Service package.

SCIM version 1.1 and SCIM version 2.0 are supported. For more information on SCIM and its specifications, see www.simplecloud.info/.

IMPORTANT: The SCIM connector in Synchronization service supports only an inbound synchronization. Only the SCIM connector to Active Roles connector synchronization is supported.

The SCIM connector supports the following features:

Table 116: Supported features

Feature

Supported

Bidirectional synchronization

Allows you to read and write data in the connected data system.

No.

Delta processing mode

Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time.

No

Password synchronization

Allows you to synchronize user passwords from an Active Directory domain to the connected data system.

No

Secure Sockets Layer (SSL) data encryption

Uses SSL to encrypt data that is transmitted between Synchronization Service and connected data system.

Yes

IMPORTANT:

  • For information on the schema and the extension model used to represent core users and groups, see:
  • When you are synchronizing Groups, the corresponding label name for the group name is displayName. The displayName attribute used to represent the name of the group is different from the displayName attribute used to represent the name of the user.

In this section:

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级