立即与支持人员聊天
与支持团队交流

Active Roles Sync Service 8.2 - Administration Guide

Synchronization Service overview Deploying Synchronization Service Deploying Synchronization Service for use with AWS Managed Microsoft AD Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Database Working with Oracle Database user accounts Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with an OpenLDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with IBM RACF Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft 365 Working with Microsoft Azure Active Directory Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Developing PowerShell scripts for attribute synchronization rules Using PowerShell script to transform passwords

Supported AWS Managed Microsoft AD deployment configuration

To synchronize data to and from AWS Managed Microsoft AD, you must deploy Active Roles Synchronization Service in Amazon Web Services (AWS) in the following configuration:

  • Active Roles Synchronization Service must be deployed on an Amazon Elastic Compute Cloud (EC2) instance or instances. For more information, see the Amazon Elastic Compute Cloud documentation.

  • The SQL Server required by Active Roles Synchronization Service must run on a separate Amazon Relational Database Service for Microsoft SQL Server (RDS for SQL Server) instance. For more information, see the Amazon RDS documentation.

  • The Active Directory environment must be hosted in AWS via AWS Directory Service. For more information, see the AWS Directory Service documentation.

NOTE: Support for AWS Managed Microsoft AD by Active Roles Synchronization Service was tested only in this configuration. Active Roles Synchronization Service does not officially support managing AWS Managed Microsoft AD environments in a hybrid deployment, that is, using an on-premises Active Roles Synchronization Service and/or SQL Server installation and hosting AD via AWS Directory Service.

Synchronization Service features and limitations when used with AWS Managed Microsoft AD

If configured to manage AWS Managed Microsoft AD in the Amazon cloud, Active Roles Synchronization Service offers the following features:

  • Synchronization Service connections and sync workflows based on the following Active Roles Synchronization Service connectors:

    • Active Directory Connector

    • Active Roles Connector

    • Delimited Text File Connector

  • Synchronizing passwords with Active Roles Synchronization Service from on-premises AD to AWS Managed Microsoft AD.

However, when using Synchronization Service in an EC2 instance in the Amazon cloud, also consider the following limitations.

Amazon Web Services limitations

For Active Roles Synchronization Service installations deployed in Amazon Elastic Compute Cloud (EC2) instances and SQL Servers hosted on Amazon Relational Database Service for SQL Server (RDS for SQL Server) instances, the known EC2 and RDS limitations apply.

Synchronization Service limitations
  • When synchronizing directory data or passwords from on-premises Active Directory to AWS Managed Microsoft AD, Active Roles Synchronization Service has the following limitations:

    • Active Roles Synchronization Service was only tested to work with connections and sync workflows based on the following connectors:

      • Active Directory Connector

      • Active Roles Connector

      • Delimited Text File Connector

      Sync workflows and connections based on other connectors are not officially supported.

    • When synchronizing passwords from an on-premises Active Directory to AWS Managed Microsoft AD, synchronizing the pwdHash attribute and synchronizing then populating the SIDHistory attribute to AWS Managed Microsoft AD is not supported. This is because the Synchronization Service Capture Agent cannot be installed in an AWS Managed Microsoft AD environment.

  • Synchronizing passwords from AWS Managed Microsoft AD to on-premises AD with Active Roles Synchronization Service is not supported. This is because the Synchronization Service Capture Agent cannot be installed in an AWS Managed Microsoft AD environment.

Main steps of configuring Active Roles Synchronization Service for AWS Managed Microsoft AD

If your organization and environment meet the Deployment requirements for AWS Managed Microsoft AD support, configuring Active Roles Synchronization Service for managing AWS Managed Microsoft AD via AWS Directory Service has the following main steps:

  1. Creating your AWS Managed Microsoft AD environment.

  2. Creating an Amazon Elastic Compute Cloud (EC2) instance for Active Roles Synchronization Service.

  3. Joining the EC2 instance to AWS Managed Microsoft AD.

  4. Creating an Amazon Relational Database Service for SQL Server (RDS for SQL Server) instance to host the Active Roles Synchronization Service database.

  5. Verifying the connectivity between the EC2 and RDS instances.

  6. Installing and configuring Active Roles Synchronization Service on the EC2 instance.

Deployment requirements for AWS Managed Microsoft AD support

Before starting the deployment and configuration of Active Roles Synchronization Service to manage AWS Managed Microsoft AD via AWS Directory Service, make sure that the following requirements are met.

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. For more information about environment virtualization, see One Identity's Product Support Policies.

Connectivity requirements

You must have:

  • Stable network connectivity to Amazon Web Services (AWS).

  • Port 1433 open and available for the Amazon Relational Database Service (RDS) service.

  • Access to the AWS service with the AWSAdministratorAccess permission.

    NOTE: Make sure that you have AWSAdministratorAccess permission, as it is required for certain configuration steps. The AWSPowerUserAccess permission is not sufficient for completing the entire configuration procedure.

Infrastructure requirements

To deploy and configure Active Roles Synchronization Service for AWS Managed Microsoft AD, you must have access to the following AWS services and resources:

  • AWS Managed Microsoft AD deployed via AWS Directory Service.

  • One or more Amazon Elastic Compute Cloud (EC2) instance(s) hosting the Active Roles Synchronization Service services and components.

    The EC2 instance(s) must have, at minimum:

    • 2 vCPUs running at 2.0 GHz.

    • 4 GB of RAM.

    NOTE: AWS Managed Microsoft AD support was tested with a single t2.large EC2 instance.

  • An Amazon Relational Database Service for SQL Server (RDS for SQL Server).

    NOTE: AWS Managed Microsoft AD support was tested with an RDS instance running the latest version of Microsoft SQL Server.

Make sure that all these components are discoverable or visible to each other.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级