立即与支持人员聊天
与支持团队交流

Active Roles 8.1.1 - Synchronization Service Administration Guide

Synchronization Service overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector Objects and operations supported by the SCIM Connector Example of using the Generic SCIM Connector for data synchronization
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Upgrade from Quick Connect and Synchronization Service

If you have sync workflows configured and run by Quick Connect (predecessor of Synchronization Service), or earlier versions of Synchronization Service, then you can transfer those sync workflows to Active Roles and have them run by Synchronization Service.

You can transfer sync workflows from the following Quick Connect or Synchronization Service versions:

  • Quick Connect Sync Engine 5.2.0, 5.3.0, 5.4.0, 5.4.1, 5.5.0, 6.1.0
  • Quick Connect Express for Active Directory 5.3.0, 5.4.0, 5.4.1, 5.5.0, 5.6.0, or 6.1.0
  • Quick Connect for Cloud Services 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.6.1, 3.6.2, or 3.7.0
  • Quick Connect for Base Systems 2.2.0, 2.3.0, or 2.4.0
  • Synchronization Service 7.0, 7.1, 7.2, 7.3, or 7.4.x

Synchronization Service limitations

Synchronization Service is unable to run sync workflows that employ connections to the following systems:

  • ActiveRoles Server 6.5

  • ODBC-compliant data sources

  • OpenDS directory service

  • PeopleSoft HCM

  • Red Hat Directory Server

  • SAP Systems

  • Workday

If you need to synchronize data held in these systems, then continue using Quick Connect. This limitation is because not all connectors provided by Quick Connect are included with Synchronization Service.

IMPORTANT: Google Postini Services, IBM Lotus Domino, IBM Lotus Notes, Google Apps are removed as the mentioned systems are now end-of-life.

Transferring sync workflows from Quick Connect

To transfer sync workflows from Quick Connect to Synchronization Service

  1. Install Synchronization Service.

    You can install Synchronization Service on the computer running Quick Connect or on a different computer. For installation instructions, see Installing Synchronization Service.

  2. Configure Synchronization Service to use a new database for storing configuration settings and synchronization data.

    To perform this step, use the Configuration Wizard that appears when you start the Synchronization Service Console the first time after you install Synchronization Service. For more information, see Configuring Synchronization Service.

  3. Import configuration settings from Quick Connect or Synchronization Service.

    Before you proceed with this step, it is highly recommended to disable the scheduled workflows and mapping operations in Quick Connect or earlier versions of Synchronization Service. You can resume the scheduled workflows and mapping operations after you complete this step.

    To import configuration settings:

    1. On the computer where you have installed Synchronization Service, start the Synchronization Service Console.

    2. In the upper right corner of the Active Roles Synchronization Service window, click the gear icon, and then click Import Configuration.

    3. In the wizard that appears, select the version of Quick Connect Sync Engine used by your Quick Connect version or Active Roles Synchronization Service from which you want to import the configuration settings.

      Optionally, you can select the Import sync history check box to import the sync history along with the configuration settings.

    4. Follow the steps in the wizard to complete the import operation.

    If the synchronization data you want to import is stored separately from the configuration settings, then, on the Specify source SQL Server databases step, select the Import sync data from the specified database check box, and specify the database.

  4. Retype access passwords in the connections that were imported from Quick Connect.

    NOTE: Re-entering passwords in the imported connections is required because due to security reasons, the configuration import process does not retrieve encrypted passwords from Quick Connect. To modify the imported connections later, use the Synchronization Service Console. For more information, see External data systems supported with built-in connectors.

  5. If your sync workflows involve synchronization of passwords, then you need to install the new version of Capture Agent on your domain controllers. For installation instructions, see Managing Capture Agent.

    The new version of Capture Agent replaces the old version. However, as the new version supports both Synchronization Service and Quick Connect, you do not lose the password synchronization functions of Quick Connect after you upgrade Capture Agent.

Communication ports

The following table lists the default communication ports used by Synchronization Service:

Table 1: Default communication ports

Port

Protocol

Type of traffic

Direction of traffic

53

TCP/UDP

DNS

Inbound, outbound

88

TCP/UDP

Kerberos

Inbound, outbound

139

TCP

SMB/CIFS

Inbound, outbound

445

TCP

SMB/CIFS

Inbound, outbound

389

TCP/UDP

LDAP

Outbound

3268

TCP

LDAP

Outbound

636

TCP

SSL

NOTE: This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

3269

TCP

SSL

NOTE: This port is only required if Synchronization Service is configured to use SSL to connect to an Active Directory domain.

Outbound

15173

TCP

Synchronization Service

NOTE: This port is used by Capture Agent to communicate with Active Roles Synchronization Service.

Outbound

7148

TCP

Between Synchronization Service and Capture Agent.

NOTE: This port is used only if Synchronization Service is configured to synchronize user passwords from an Active Directory domain to other connected data systems.

Inbound

135

TCP

RPC endpoint mapper

NOTE: Port 135 is a dynamically allocated TCP port for RPC communication with Active Directory domain controllers. For more information about ports used for RPC communication, see the following Microsoft Support Knowledge Base articles at support.microsoft.com:

Inbound, outbound

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级