Chat now with support
Chat mit Support

Power365 Current - SID History Synchronization Quick Start Guide

Setup Workflows

This section provides a step-by-step guide on how to set up sIDHistory Synchronization for Microsoft Active Directory Environments.

Setup Environments

To begin at least two (2) Active Directory environments must be configured in Power365 Directory Sync. At the end of this section there will be two (2) Active Directory environments fully configured.

An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target active directory environments.

To create a local AD environment, the following are required

  • One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows, this Administrator Account should also meet the sIDHistory synchronization requirement as stated in Account Permissions section above.

  • One (1) Windows Server to install and host the Power365 Directory Sync Agent.

    Follow these steps to setup the cloud environment endpoints.  

  1. Login to Power365

  2. Navigate to Environments

  3. Click the New button

  4. Click Local as the environment type, Click Next

  5. Name the environment, Click Next

  6. Name the local agent, Click Next

  7. Note the agent registration URL and registration Key for later use, click Finish.

  8. Install the agent in the Windows Server that is joined to the local AD domain.  

    1. Launch the Power365 Directory Sync Agent installation in the target workstation or server

    2. Accept the license agreement and click on next.

    3. Enter the target active directory environment information by providing the following and click next.

      1. Domain Name

      2. Global Catalog Server

      3. Username

      4. Password

    4. Enter the Power365 Directory Sync Registration URL and Agent Registration Key information and click next.

    5. In the sIDHistory Migration section, provide the source Active Directory domain name, and user credential information. The source credential must have administrator permission in the source domain.  If the source environment is a forest and contain multiple domains, ‘Use this account for all domains’ checkbox can be used to only a single source credential for all source domains in the forest. 

      Note, Refer to Power365 Online Help Center for detailed information about agent installation and set-up requirements.

  9. Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.

  10. Click on the Organization Unit tab and define the OU filter based on your project scope.

  11. Click on the Filters tab and define any LDAP filter based on your project scope.

  12. Click Save.

  13. Repeat steps 3 – 12 for the next local environment

Setup Templates

Before we can build our workflow, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.

For the purpose of this guide, the following template will need to be configured to perform sIDHistory synchronization.  Additional templates may be created based on your project requirements.

  • Local to Local sIDHistory Sync

How to create a Local to Local template

  1. Login to Power365

  2. Navigate to Templates

  3. Click the New button

  4. Name and Describe the template

  5. In our example, we will name our template “Local to Local sIDHistory Sync”, Click Next

  6. Click Local as the source environment type, Click Next

  7. Click Local as the target environment type, Click Next

  8. Set CREATE NEW USERS AS = AS-IS

  9. Set UPDATE CREATED USERS= ENABLE

  10. Set UPDATE MATCHED USERS= ENABLE

  11. Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.

  12. Click Next

  13. Set CREATE GROUPS AS = AS-IS

  14. Set UPDATE CREATED GROUPS = ENABLE

  15. Set UPDATE MATCHED GROUPS = ENABLE

  16. Set Convert Group Options with default settings:

    1. DOMAIN LOCAL GROUPS = DOMAIN LOCAL

    2. GLOBAL GROUPS = GLOBAL

    3. UNIVERSAL GROUPS = UNIVERSAL

  17. Click Next

  18. Set CREATE NEW CONTACTS AS = AS-IS

  19. Set UPDATE CREATED CONTACTS = ENABLE

  20. Set UPDATE MATCHED CONTACTS = ENABLE

  21. Click Next

  22. Set CREATE NEW DEVICES AS = SKIP

  23. Set UPDATE CREATED CONTACTS = DISABLE

  24. Set UPDATE MATCHED CONTACTS = DISABLE

  25. Click Next

  26. Enter a default password, Click Next

  27. Check SYNCHRONIZE SID HISTORY checkbox, Click Next

  28. Under mappings, we can leave the settings as default or update them based on your project requirements.

  29. Click Next

  30. Click Finish

Follow these steps to create two (2) new workflow for reading, matching, staging and writing data. 

How to create a one-way sync workflow for Local to Local

  1. Login to Power365

  2. Navigate to Workflows

  3. Click the New button

  4. Name and Describe the template, Click Next

  5. Select the all two (2) local Active Directory environments created previously, Click Next

  6. Select ONE-WAY SYNC, Click Next

  7. The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. 

  8. Start at the top of the steps, 1. Read From. Click the Select button

  9. Select all two (2) environments created previously the click OK

  10. Move to Match Objects

    1. This is the step where you will decide on how to match existing objects across your local Active Directories

    2. Matching is conducted by pairing sets of attributes to find corresponding objects

    3. Your two (2) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching

    4. For the purpose of sIDHistory Synchronization, it is most important that existing objects are correctly matched before attempting to create new objects with the source object’s sIDHistory.

  11. Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment

    Figure 1: Example Match Objects Criteria

    1. Select your source local environment from the drop-down menu

    2. Select your target local environment from the drop-down menu

    3. Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria

    4. Choose the sAMAccountName attribute for the source and target fields

    5. To add more attribute pairs, click the Add Attribute button

    6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

    7. In our case we are adding three (3) additional attribute pairings to our criteria

      1. cn – This attribute was added to ensure we can match existing objects based on CN.

      2. UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string.

      3. Mail – This attribute was added to ensure we can match existing objects based on Mail.

        Note: Matching attributes should be reviewed and adjusted based on actual project scope, there isn’t a set matching rule that will fit all scenarios.

    8. Ensure Match Across all object types is not checked in this case.

    9. There is no need in this guide to Add Another Pair, click OK to close this configuration

  12. Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above.  Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.

    1. Select the “Local to Local sIDHistory Sync” template, Click Next

    2. Select the source local environment as your source, Click Next

    3. Select the target local environment as your target, Click Next

    4. Select the default target domain name, Click Next

    5. Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,

    6. In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.

    7. Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next

      Figure 2: Example Source OU setup.

    8. Select the default OU for newly created objects for Users, Groups, Contacts, and Devices.  In our case, we can select the same OU for all object types as we are only syncing user as contact.

      Figure 3: Example Target OU setup.

    9. Click Finish

  13. Click the Select button to configure the WRITE TO workflow task. Ensure the target environment is selected, Click OK

  14. Click Next

  15. Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed.  Click Next

  16. Setup any workflow alert you may wish to configure, for now, Click SKIP

  17. Click Finish

How to create a one-way sync workflow for Local to Local

This section provides a step-by-step guide on how to set up sIDHistory Synchronization for Microsoft Active Directory Environments.

Setup Environments

To begin at least two (2) Active Directory environments must be configured in Power365 Directory Sync. At the end of this section there will be two (2) Active Directory environments fully configured.

An environment is an end-point connection that can control the scope of objects read. This guide will walk through how to create the source and target active directory environments.

To create a local AD environment, the following are required

  • One (1) Local Administrator Account for each Microsoft Forest and/or Domain that has permissions to create, update or delete depending on the scope of your Directory Sync workflows, this Administrator Account should also meet the sIDHistory synchronization requirement as stated in Account Permissions section above.

  • One (1) Windows Server to install and host the Power365 Directory Sync Agent.

    Follow these steps to setup the cloud environment endpoints.  

  1. Login to Power365

  2. Navigate to Environments

  3. Click the New button

  4. Click Local as the environment type, Click Next

  5. Name the environment, Click Next

  6. Name the local agent, Click Next

  7. Note the agent registration URL and registration Key for later use, click Finish.

  8. Install the agent in the Windows Server that is joined to the local AD domain.  

    1. Launch the Power365 Directory Sync Agent installation in the target workstation or server

    2. Accept the license agreement and click on next.

    3. Enter the target active directory environment information by providing the following and click next.

      1. Domain Name

      2. Global Catalog Server

      3. Username

      4. Password

    4. Enter the Power365 Directory Sync Registration URL and Agent Registration Key information and click next.

    5. In the sIDHistory Migration section, provide the source Active Directory domain name, and user credential information. The source credential must have administrator permission in the source domain.  If the source environment is a forest and contain multiple domains, ‘Use this account for all domains’ checkbox can be used to only a single source credential for all source domains in the forest. 

      Note, Refer to Power365 Online Help Center for detailed information about agent installation and set-up requirements.

  9. Once agent is installed and the environment is discovered, click on the Setting button to access the local AD environment setting page.

  10. Click on the Organization Unit tab and define the OU filter based on your project scope.

  11. Click on the Filters tab and define any LDAP filter based on your project scope.

  12. Click Save.

  13. Repeat steps 3 – 12 for the next local environment

Setup Templates

Before we can build our workflow, it is best to set up your template(s). Templates contain common mappings and settings used to sync Users, Contacts, Devices, Groups, Office 365 Groups and Microsoft Teams. A template can then be applied to any workflow with a Stage Data step.

For the purpose of this guide, the following template will need to be configured to perform sIDHistory synchronization.  Additional templates may be created based on your project requirements.

  • Local to Local sIDHistory Sync

How to create a Local to Local template

  1. Login to Power365

  2. Navigate to Templates

  3. Click the New button

  4. Name and Describe the template

  5. In our example, we will name our template “Local to Local sIDHistory Sync”, Click Next

  6. Click Local as the source environment type, Click Next

  7. Click Local as the target environment type, Click Next

  8. Set CREATE NEW USERS AS = AS-IS

  9. Set UPDATE CREATED USERS= ENABLE

  10. Set UPDATE MATCHED USERS= ENABLE

  11. Set IF TARGET ADDRESS EXISTS setting as OVERWRITE ONCE.

  12. Click Next

  13. Set CREATE GROUPS AS = AS-IS

  14. Set UPDATE CREATED GROUPS = ENABLE

  15. Set UPDATE MATCHED GROUPS = ENABLE

  16. Set Convert Group Options with default settings:

    1. DOMAIN LOCAL GROUPS = DOMAIN LOCAL

    2. GLOBAL GROUPS = GLOBAL

    3. UNIVERSAL GROUPS = UNIVERSAL

  17. Click Next

  18. Set CREATE NEW CONTACTS AS = AS-IS

  19. Set UPDATE CREATED CONTACTS = ENABLE

  20. Set UPDATE MATCHED CONTACTS = ENABLE

  21. Click Next

  22. Set CREATE NEW DEVICES AS = SKIP

  23. Set UPDATE CREATED CONTACTS = DISABLE

  24. Set UPDATE MATCHED CONTACTS = DISABLE

  25. Click Next

  26. Enter a default password, Click Next

  27. Check SYNCHRONIZE SID HISTORY checkbox, Click Next

  28. Under mappings, we can leave the settings as default or update them based on your project requirements.

  29. Click Next

  30. Click Finish

Setup Workflows

Follow these steps to create two (2) new workflow for reading, matching, staging and writing data. 

How to create a one-way sync workflow for Local to Local

  1. Login to Power365

  2. Navigate to Workflows

  3. Click the New button

  4. Name and Describe the template, Click Next

  5. Select the all two (2) local Active Directory environments created previously, Click Next

  6. Select ONE-WAY SYNC, Click Next

  7. The screen presented next will be a pre-configured set of workflow steps to facilitate the flow of object and attributes between your directories. 

  8. Start at the top of the steps, 1. Read From. Click the Select button

  9. Select all two (2) environments created previously the click OK

  10. Move to Match Objects

    1. This is the step where you will decide on how to match existing objects across your local Active Directories

    2. Matching is conducted by pairing sets of attributes to find corresponding objects

    3. Your two (2) environments may already have some attributes that can be used to find similar objects between the different directories, or you may need to set some to ensure accurate matching

    4. For the purpose of sIDHistory Synchronization, it is most important that existing objects are correctly matched before attempting to create new objects with the source object’s sIDHistory.

  11. Click the Select button to configure the Match Objects criteria for your source Cloud environment and target Cloud environment

    Figure 1: Example Match Objects Criteria

    1. Select your source local environment from the drop-down menu

    2. Select your target local environment from the drop-down menu

    3. Choose your first attribute pairings, we will use WindowsEmailAddress for our first match criteria

    4. Choose the sAMAccountName attribute for the source and target fields

    5. To add more attribute pairs, click the Add Attribute button

    6. Additional pairings are evaluated as “OR” conditions. After the first match is found, the additional pairings are not assessed.

    7. In our case we are adding three (3) additional attribute pairings to our criteria

      1. cn – This attribute was added to ensure we can match existing objects based on CN.

      2. UserPrincipalName – UPN was added to ensure uniqueness of the local part of the address string.

      3. Mail – This attribute was added to ensure we can match existing objects based on Mail.

        Note: Matching attributes should be reviewed and adjusted based on actual project scope, there isn’t a set matching rule that will fit all scenarios.

    8. Ensure Match Across all object types is not checked in this case.

    9. There is no need in this guide to Add Another Pair, click OK to close this configuration

  12. Drag a Stage Data workflow task from the left panel to the right under the Stage Data task mentioned above.  Click the Select button to configure the fourth STAGE DATA workflow task for your target local to source local synchronization rule.

    1. Select the “Local to Local sIDHistory Sync” template, Click Next

    2. Select the source local environment as your source, Click Next

    3. Select the target local environment as your target, Click Next

    4. Select the default target domain name, Click Next

    5. Select the source Organizational Units that will be in scope of the project by click on the ADD OUS button,

    6. In the new OU pop-up window, select the OU that will be in-scope, check the INCLUDE ALL SUB OUS checkbox, click OK to close the pop-up.

    7. Configure any Stage Data filter you like by double click on the OU in the OUs list, it is highly recommended to setup filter to limit the scope to perform a test on the first sync as part of the validation.  Click Next

      Figure 2: Example Source OU setup.

    8. Select the default OU for newly created objects for Users, Groups, Contacts, and Devices.  In our case, we can select the same OU for all object types as we are only syncing user as contact.

      Figure 3: Example Target OU setup.

    9. Click Finish

  13. Click the Select button to configure the WRITE TO workflow task. Ensure the target environment is selected, Click OK

  14. Click Next

  15. Configure the workflow sync interval, select Manual for now and we can setup a sync schedule once the test sync has completed.  Click Next

  16. Setup any workflow alert you may wish to configure, for now, Click SKIP

  17. Click Finish

Set up Test Objects

Follow these steps to create test objects in the source environment to validate the sIDHistory Sync workflow.

  1. Setup a User in the source local environment and ensure it is part of the OU filter setup for the Local Environment.

    1. DisplayName: Lab1SIDTest1

  2. Setup a group in the source local environment it is part of the OU filter setup for the Local Environment.

    1. DisplayName: Lab1SIDGrp1

  3. Capture the objectSid value for the above test objects for later use.

Validating the Workflow

Follow the below steps to perform the sIDHistory Sync workflow and validation.

  1. Select the workflow configured and click on RUN.

  2. Allow the workflow execution to complete.

  3. Validate Lab1SIDTest1 from source local Active Directory will be created in target.  Source user’s objectSid will be copied to the target user’s sIDHistory attribute.

  4. Validate Lab1SIDGrp1 from source local Active Directory will be created in target.  Source group’s objectSid will be copied to the target group’s sIDHistory attribute.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen