Quick Connect Express for Active Directory



Similar documents
FOR WINDOWS FILE SERVERS

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

ActiveRoles 6.8. Web Interface User Guide

Defender Delegated Administration. User Guide

Quest ChangeAuditor 4.8

8.7. Resource Kit User Guide

Enterprise Single Sign-On 8.0.3

formerly Help Desk Authority HDAccess Administrator Guide

4.0. Offline Folder Wizard. User Guide

formerly Help Desk Authority Quest Free Network Tools User Manual

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Quest Management Agent for Forefront Identity Manager

Enterprise Single Sign-On Installation and Configuration Guide

ActiveRoles 6.9. Quick Start Guide

6.7. Quick Start Guide

Quest Privilege Manager Console Installation and Configuration Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

formerly Help Desk Authority Upgrade Guide

Foglight. Dashboard Support Guide

Quest Collaboration Services 3.5. How it Works Guide

Quest Collaboration Services How it Works Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Introduction to Version Control in

DATA GOVERNANCE EDITION

Spotlight Management Pack for SCOM

2.0. Quick Start Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Web Portal Installation Guide 5.0

Dell Statistica Statistica Enterprise Installation Instructions

8.7. Target Exchange 2010 Environment Preparation

ChangeAuditor 6.0. Web Client User Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

ActiveRoles 6.9. Replication: Best Practices and Troubleshooting

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

NetVault LiteSpeed for SQL Server version Integration with TSM

About Recovery Manager for Active

Dell InTrust Preparing for Auditing Microsoft SQL Server

Defender 5.7. Remote Access User Guide

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Quest vworkspace Virtual Desktop Extensions for Linux

Spotlight on Messaging. Evaluator s Guide

New Features and Enhancements

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Dell Statistica Document Management System (SDMS) Installation Instructions

Foglight. Managing Hyper-V Systems User and Reference Guide

Dell One Identity Cloud Access Manager How to Configure for High Availability

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Object Level Authentication

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

formerly Help Desk Authority HDAccess User Manual

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

6.7. Replication: Best Practices and Troubleshooting

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Foglight Cartridge for Active Directory Installation Guide

Dell One Identity Quick Connect for Cloud Services 3.6.1

Dell One Identity Quick Connect for Cloud Services 3.6.0

Dell Statistica. Statistica Document Management System (SDMS) Requirements

6.7. Administrator Guide

8.10. Required Ports

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Built-in Plug-ins User s Guide

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Dell Client Profile Updating Utility 5.5.6

System Requirements and Platform Support Guide

FOR SHAREPOINT. Quick Start Guide

ActiveRoles 6.8. Web Interface Administrator Guide

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Spotlight Management Pack for SCOM

Dell NetVault Backup Plug-in for SharePoint 1.3. User s Guide

Security Analytics Engine 1.0. Help Desk User Guide

10.6. Auditing and Monitoring Quest ActiveRoles Server

Webthority 6.6. Best Practice Guide

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Enterprise Reporter Report Library

ChangeAuditor 5.7. What s New

Dell InTrust Preparing for Auditing CheckPoint Firewall

Security Explorer 9.5. User Guide

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

Troubleshooting Guide 5.1. Quest Workspace ChangeBASE

5.5. Change Management for PeopleSoft

2011 Quest Software, Inc. ALL RIGHTS RESERVED.

Dell Recovery Manager for Active Directory 8.6. Deployment Guide

Top 10 Most Popular Reports in Enterprise Reporter

Dell Recovery Manager for Active Directory 8.6.0

formerly Help Desk Authority Quick Start Guide

The Top 10 Things DBAs Should Know About Toad for IBM DB2

Dell NetVault Backup Plug-in for SQL Server 6.1

10.2. Auditing Cisco PIX Firewall with Quest InTrust

8.10. Migrating to Microsoft Office 365

Go beyond basic up/down monitoring

Transcription:

Quick Connect Express for Active Directory Version 5.2 Quick Start Guide

2012 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software, Inc. The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 email: legal@quest.com Refer to our Web site (www.quest.com) for regional and international office information. Trademarks Quest, Quest Software, the Quest Software logo, Simplicity at Work are trademarks and registered trademarks of Quest Software, Inc. For a complete list of Quest Software s trademarks, see http://www.quest.com/legal/trademarks.aspx. Other trademarks are property of their respective owners. Third Party Contributions This product contains some third party components (listed below). Copies of their licenses may be found at http://www.quest.com/legal/third-party-licenses.aspx. Source code for components marked with an asterisk (*) is available at http://rc.quest.com. COMPONENT.NET logging library 2.0 LICENSE OR ACKNOWLEDGEMENT BSD-style license Quick Connect Express for Active Directory - Quick Start Guide Updated - December 21, 2012 Software Version - 5.2

CONTENTS INTENDED AUDIENCE............................................ 4 CONVENTIONS................................................ 4 ABOUT QUEST SOFTWARE......................................... 5 CONTACTING QUEST SOFTWARE.................................. 5 CONTACTING QUEST SUPPORT................................... 5 ABOUT QUICK CONNECT.......................................... 6 INSTALLING QUICK CONNECT EXPRESS FOR ACTIVE DIRECTORY............... 7 WORKING WITH AN ACTIVE DIRECTORY DOMAIN......................... 8 CREATING AN ACTIVE DIRECTORY DOMAIN CONNECTION................... 9 MODIFYING AN EXISTING ACTIVE DIRECTORY DOMAIN CONNECTION........... 10 SYNCHRONIZING USER PASSWORDS BETWEEN TWO ACTIVE DIRECTORY DOMAINS... 11 SYNCHRONIZING SID HISTORY BETWEEN TWO ACTIVE DIRECTORY DOMAINS...... 12 WORKING WITH AN AD LDS (ADAM) INSTANCE....................... 13 CREATING AN AD LDS (ADAM) INSTANCE CONNECTION.................. 14 MODIFYING AN EXISTING AD LDS (ADAM) INSTANCE CONNECTION........... 15 iii

Quest One Quick Connect Express for Active Directory Intended Audience This document has been prepared to familiarize you with Quick Connect Express for Active Directory. This Quick Start Guide contains the information required to install and use the product. It is intended for network administrators, consultants, analysts, and any other IT professionals using Quick Connect Express for Active Directory. Conventions In order to help you get the most out of this guide, we have used specific formatting conventions. These conventions apply to procedures, icons, keystrokes and cross-references. ELEMENT Select Bolded text Italic text Bold Italic text Blue text CONVENTION This word refers to actions such as choosing or highlighting various interface elements, such as files and radio buttons. Interface elements that appear in Quest Software products, such as menus and commands. Used for comments. Used for emphasis. Indicates a cross-reference. When viewed in Adobe Reader, this format can be used as a hyperlink. Used to highlight additional information pertinent to the process being described. Used to provide Best Practice information. A best practice details the recommended course of action for the best result. Used to highlight processes that should be performed with care. + A plus sign between two keystrokes means that you must press them at the same time. A pipe sign between elements means that you must select the elements in that particular sequence. 4

Quick Start Guide About Quest Software Established in 1987, Quest Software (Nasdaq: QSFT) provides simple and innovative IT management solutions that enable more than 100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges ranging from database management, data protection, identity and access management, monitoring, user workspace management to Windows management. For more information, visit www.quest.com. Contacting Quest Software Email: Mail: Web site: info@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com Refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to our Support Portal at www.quest.com/support. From our Support Portal, you can do the following: Retrieve thousands of solutions from our Knowledge Base Download the latest releases and service packs Create, update and review Support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information, policies and procedures. The guide is available at: www.quest.com/support. 5

Quest One Quick Connect Express for Active Directory About Quick Connect Within the same organization identity information can be stored in many different data systems, such as directories, databases, or formatted dump files. To manage identity information and synchronize it between these data systems, administrators sometimes have to spend a considerable amount of time and effort. On top of that, performing the data synchronization tasks manually is error-prone and can lead to the duplication of information and incompatibility of data formats. With Quick Connect, you can completely automate the process of identity data synchronization between the data systems used in your enterprise environment. Quick Connect increases the data management efficiency by allowing you to automate the provision, deprovision, and update operations between the data systems you use. For example, when an employee joins or leaves the organization, the related information in the data systems managed by Quick Connect is automatically updated, thereby reducing your administrative workload and getting the new users up and running faster. The use of scripting capabilities provides a flexible way to automate day-to-day administration tasks and integrate the administration of managed data systems with other business processes. By automating regular synchronization tasks, Quick Connect allows administrators to concentrate on strategic issues, such as planning the directory, increasing enterprise security, and supporting business-critical applications. Quick Connect includes a core module called Quick Connect Sync Engine and a number of connectors that enable the Sync Engine to access external data systems to read and synchronize the identity information they contain. In order to synchronize identity data between external data systems, you must connect Quick Connect Sync Engine to these data systems through connectors. A connector enables the Sync Engine to access specific data system to read and synchronize data in that system according to your settings. Out of the box, the Quick Connect Sync Engine includes a number of built-in connectors. These connectors allow you to access the following data systems right after you install the Sync Engine: Quest ActiveRoles Server Quest One Identity Manager These built-in connectors do not require any license file. To connect the Sync Engine to other data systems, you need to obtain and install special Quick Connect packages (also known as bundles), each providing connectors for particular data systems. Each of these Quick Connect packages requires a separate license file you can obtain from Quest Software. To find out more about available Quick Connect packages, please visit www.quest.com/activeroles-server/quickconnect-connectedsystems.aspx. 6

Quick Start Guide Installing Quick Connect Express for Active Directory Before installing Quick Connect Express for Active Directory make sure that your system meets the system requirements provided in the Quick Connect Express for Active Directory Release Notes. To install the product by using the Setup Wizard 1. Do one of the following: In a 32-bit edition of Windows, run the QuickConnectExpressForAD_x86.msi file supplied with the Quick Connect Express for Active Directory installation package. In a 64-bit edition of Windows, run the QuickConnectExpressForAD_x64.msi file supplied with the Quick Connect Express for Active Directory installation package. 2. Follow the steps in the Setup Wizard until you are on the Completion page. 3. Select the Restart Quick Connect service now for changes to take effect check box. 4. Click Finish to close the wizard. To perform a silent installation On a 32-bit system, enter the following command at a command prompt: msiexec /i "<Path to QuickConnectExpressForAD_x86.msi>" RESTART_QCSERVICE=<Value> /qb /l*v "<Path to file that will store the Setup log>" OR On a 64-bit system, enter the following command at a command prompt: msiexec /i "<Path to QuickConnectExpressForAD_x64.msi>" RESTART_QCSERVICE=<Value> /qb /l*v "<Path to file that will store the Setup log>" In the above syntax: ARGUMENT RESTART_QCSERVICE Specifies whether or not to restart the Quest Quick Connect Service. The changes made by the Setup program may not take effect until the Quest Quick Connect Service is restarted. This argument can take one of the following values: 0. Specifies not to restart the Quest Quick Connect Service. This value is also used when the RESTART_QCSERVICE argument is omitted. 1. Specifies to restart the Quest Quick Connect Service. For instructions on how to configure connections to supported data systems, see the following sections in this guide: Working with an Active Directory Domain Working with an AD LDS (ADAM) Instance 7

Quest One Quick Connect Express for Active Directory Working with an Active Directory Domain This section describes how to create or modify a connection to an Active Directory domain so that Quick Connect Express for Active Directory could work with data in that data system. To create a connection to an Active Directory domain, you need to use Quick Connect Sync Engine in conjunction with a special connector called Active Directory Connector. This connector is included in the Quick Connect Express for Active Directory package. The Active Directory Connector provides the following features: FEATURE ACTIVE DIRECTORY CONNECTOR Bidirectional synchronization Yes Allows you to read and write data in the connected data system. Delta processing mode Yes Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time. Password synchronization Yes Allows you to synchronize user passwords from an Active Directory domain to the connected data system. The Active Directory Connector supports linked attributes existing in the Active Directory schema. Linked attributes allow you to associate one object with another object. Linked attributes exist in pairs, as follows: Forward link attribute. This is a linked attribute that exists on a source object (example: the member attribute on the Group object). Forward link attributes can be single-valued or multivalued. Back link attribute. This is a linked attribute that can be specified on a target object (example: the memberof attribute on the User object). Back link attributes are multivalued and they must have a corresponding forward link attribute. Back link attributes are not stored in Active Directory. Rather, they are calculated based on the corresponding forward link attribute each time a query is issued. In this section: Creating an Active Directory Domain Connection Modifying an Existing Active Directory Domain Connection Synchronizing User Passwords Between Two Active Directory Domains Synchronizing SID History Between Two Active Directory Domains For instructions on how to rename a connection, delete a connection, or modify synchronization scope for a connection, see the Quick Connect Administrator Guide. 8

Quick Start Guide Creating an Active Directory Domain Connection To create a new connection 1. In the Quick Connect Administration Console, open the Connections tab. 2. Click Add connection, and then use the following options: OPTION Connection name Use the specified connector Type a descriptive name for the connection. Select Active Directory Connector. 3. Click Next. 4. On the Specify connection settings page, use the following options: OPTION Any available domain controller in the specified domain Specified domain controller Allows you to connect to an available domain controller in the Active Directory domain you specify. In the Domain text box, type the fully qualified domain name of the domain to which you want to connect. Allows you to connect to a specific domain controller in a particular Active Directory domain. In the Domain controller text box, type the fully qualified domain name of the domain controller to which you want to connect. Secure Sockets Layer usage Access Active Directory using Test Connection Use this list to select one of the following: None. Allows you to connect without using Secure Sockets Layer (SSL). Use. Allows you to connect through SSL. Preferred. Allows you to attempt the connection through SSL first. If this connection attempt fails, the Sync Engine tries to connect without using SSL. Use this option to select one of the following: Quick Connect Service account. Allows you to access the Active Directory domain in the security context of the account under which the Quick Connect Service is running. Windows account. Allows you to access the Active Directory domain in the security context of the account whose user name and password you specify below this option. Click this button to verify the specified connection settings. 5. Click Finish to create a connection to the Active Directory domain. 9

Quest One Quick Connect Express for Active Directory Modifying an Existing Active Directory Domain Connection To modify connection settings 1. In the Quick Connect Administration Console, open the Connections tab. 2. Click Connection settings below the existing Active Directory domain connection you want to modify. 3. On the Connection Settings tab, click the Specify connection settings item to expand it, and then use the following options: OPTION Any available domain controller in the specified domain Specified domain controller Allows you to connect to any available domain controller in the Active Directory domain you specify. In the Domain text box, type the fully qualified domain name of the domain to which you want to connect. Allows you to connect to a specific domain controller in a particular Active Directory domain. In the Domain controller text box, type the fully qualified domain name of the domain controller to which you want to connect. Secure Sockets Layer usage Access Active Directory using Test Connection Use this list to select one of the following: None. Allows you to connect without using Secure Sockets Layer (SSL). Use. Allows you to connect through SSL. Preferred. Allows you to attempt the connection through SSL first. If this connection attempt fails, the Sync Engine tries to connect without using SSL. Use this option to select one of the following: Quick Connect Service account. Allows you to access the Active Directory domain in the security context of the account under which the Quick Connect Service is running. Windows account. Allows you to access the Active Directory domain in the security context of the account whose user name and password you specify below this option. Click this button to verify the specified connection settings. 4. Optionally, you can narrow the number of objects participating in the connection scope by setting up filter conditions: on the Connection Settings tab, click the Advanced item to expand it, and then use the following list columns: LIST COLUMN Object type Use this column to select the Active Directory object types for which you want to configure filter conditions: click the Add Object Type button to add an object type to the list. Once you have added an object type to the list, use the Filter condition column to specify a condition the objects of that type must meet in order to participate in the connection scope. 10

Quick Start Guide LIST COLUMN Filter condition Use this column to specify a filter condition for the corresponding Active Directory object type. To specify a filter condition, type an LDAP query. The Active Directory objects that meet the specified filter condition will participate in the connection scope. When no filter condition specified for an object type, all objects that belong to that type participate in the connection scope. 5. When you are finished, click Save. Synchronizing User Passwords Between Two Active Directory Domains You can automatically synchronize user passwords from one Active Directory domain to the other by using Quest One Quick Connect Express for Active Directory. To perform this task, you need to do the following: Perform an initial password synchronization between the two Active Directory domains by using the pwdhash attribute provided by the Active Directory Connector. This step is required because Quick Connect cannot read user passwords in the source domain and write them to the target domain. The pwdhash attribute allows you to copy user password hash from the source domain to the target domain. By doing so, you effectively change user s password in the target domain to the password existing in the source domain. Configure a password sync rule to automate the password synchronization operations between the two Active Directory domains. The next procedure provides instructions on how to synchronize user passwords between two Active Directory domains. To synchronize user passwords between two Active Directory domains 1. Install Capture Agent on each domain controller in the Active Directory domain you want to be the source for password synchronization. For more information on how to install Capture Agent, see the Quick Connect Administrator Guide supplied with Quick Connect Sync Engine. 2. Install Capture Agent on at least one domain controller in the target Active Directory domain in which you want to synchronize user passwords. 3. Connect the Quick Connect Sync Engine to the source and target Active Directory domains between which you want to synchronize user passwords. When connecting the Quick Connect Sync Engine to the target Active Directory domain, make sure you use the Specified domain controller option to connect to the domain controller on which you installed Capture Agent in step 2 of this procedure. For more information on how to connect the Sync Engine to an Active Directory domain, see Creating an Active Directory Domain Connection on page 9. 11

Quest One Quick Connect Express for Active Directory 4. Perform an initial synchronization of user passwords between the source and target Active Directory domains: a) Create a new provisioning or updating synchronization step for the source and target Active Directory domains. Alternatively, you can use an existing provisioning or updating step for the domains. b) If you use an updating synchronization step, ensure that user objects in the source Active Directory domain are properly mapped to their counterparts in the target domain. For more information on mapping objects, see the Quick Connect Administrator Guide supplied with Quick Connect Sync Engine. c) In the provisioning or updating synchronization step, configure a rule to synchronize the pwdhash attribute value from the user objects in the source domain to their counterparts in the target domain. d) Run the created provisioning or updating synchronization step to perform an initial synchronization of user passwords between the source and target Active Directory domains. For more information on managing synchronization steps, see the Quick Connect Administrator Guide supplied with Quick Connect Sync Engine. 5. Create and configure a password synchronization rule for the source and target Active Directory domains to automate the synchronization of user passwords. For more information on managing password sync rules, see the Automated Password Synchronization chapter in the Quick Connect Administrator Guide supplied with Quick Connect Sync Engine. Synchronizing SID History Between Two Active Directory Domains You can use Quest One Quick Connect Express for Active Directory to synchronize SID history between user objects in two Active Directory domains. For example, you may want to synchronize SID history when migrating users from one Active Directory domain to the other. Before you start synchronizing SID history, consider the following: To read SID data in the source Active Directory domain, you can use such Active Directory attributes as sidhistory and/or objectsid. To write SID data to the target Active Directory domain, always use the sidhistory attribute. To synchronize SID history between two Active Directory domains 1. Install Capture Agent on at least one domain controller in the Active Directory domain you want to be the target for the SID history synchronization. For instructions on how to install Capture Agent, see the Quick Connect Sync Engine Administrator Guide. 2. Connect the Quick Connect Sync Engine to the source and target Active Directory domains between which you want to synchronize SID history. When connecting the Quick Connect Sync Engine to the target Active Directory domain, make sure you use the Specified domain controller option to connect to the domain controller on which you installed Capture Agent in step 1 of this procedure. For instructions on how to connect the Quick Connect Sync Engine to an Active Directory domain, see Creating an Active Directory Domain Connection on page 9. 12

Quick Start Guide 3. Create a new provisioning or updating synchronization step for the source and target Active Directory domains. Alternatively, you can use an existing provisioning or updating step. When using an updating synchronization step, ensure that user objects in the source Active Directory domain are properly mapped to their counterparts in the target domain. For more information on mapping objects, see the Quick Connect Administrator Guide supplied with Quick Connect Sync Engine. 4. Configure the provisioning or updating synchronization step to do the following: Read SID data in the source Active Directory domain. For this purpose, you can use the sidhistory attribute, the objectsid attribute, or both. Write SID data to the target Active Directory domain by using the sidhistory attribute. To read attribute values in the source Active Directory domain and write them to the target domain, you can configure attribute modification rules in your synchronization workflow step. For detailed instructions, see Configuring Rules to Modify Attribute Values in the Quick Connect Sync Engine Administration Guide. 5. Run the created step to synchronize SID history between the domains. Working with an AD LDS (ADAM) Instance This section explains how to create or modify a connection to an AD LDS (ADAM) instance so that Quick Connect Express for Active Directory could work with data in that data system. To create a connection to an AD LDS (ADAM) instance, you need to use Quick Connect Sync Engine in conjunction with a special connector called AD LDS (ADAM) Connector. This connector is included in the Quick Connect Express for Active Directory package. The AD LDS (ADAM) Connector provides the following features: FEATURE Bidirectional synchronization AD LDS (ADAM) CONNECTOR Yes Allows you to read and write data in the connected data system. Delta processing mode Yes Allows you to process only the data that has changed in the connected data system since the last synchronization operation, thereby reducing the overall synchronization operation time. Password synchronization Yes Allows you to synchronize user passwords from an Active Directory domain to the connected data system. In this section: Creating an AD LDS (ADAM) Instance Connection Modifying an Existing AD LDS (ADAM) Instance Connection 13

Quest One Quick Connect Express for Active Directory For instructions on how to rename a connection, delete a connection, synchronize passwords in a connected data system, or modify synchronization scope for a connection, see the Quick Connect Administrator Guide. Creating an AD LDS (ADAM) Instance Connection To create a new connection 1. In the Quick Connect Administration Console, open the Connections tab. 2. Click Add connection, and then use the following options: OPTION Connection name Use the specified connector Type a descriptive name for the connection. Select AD LDS (ADAM) Connector. 3. Click Next. 4. On the Specify connection settings page, use the following options: OPTION Server Port Access AD LDS (ADAM) instance using Advanced Test Connection Type the fully qualified domain name of the computer on which the AD LDS (ADAM) instance to which you want to connect is running. Type the LDAP communication port number used by the AD LDS (ADAM) instance. Use this option to select one of the following: Quick Connect Service account. Allows you to access the target AD LDS (ADAM) instance in the security context of the account under which the Quick Connect Service is running. Windows account. Allows you to access the target AD LDS (ADAM) instance in the security context of the account whose user name and password you specify below this option. Click to specify advanced settings for connecting to the AD LDS (ADAM) instance. Click this button to verify the specified connection settings. 5. Click Finish to create a connection to the AD LDS (ADAM) instance. 14

Quick Start Guide Modifying an Existing AD LDS (ADAM) Instance Connection To modify connection settings 1. In the Quick Connect Administration Console, open the Connections tab. 2. Click Connection settings below the existing AD LDS (ADAM) instance connection you want to modify. 3. On the Connection Settings tab, click the Specify connection settings item to expand it and use the following options: OPTION Server Port Access AD LDS (ADAM) instance using Advanced Test Connection Type the fully qualified domain name (FQDN) of the computer on which the AD LDS (ADAM) instance to which you want to connect is running. Type the LDAP communication port number used by the AD LDS (ADAM) instance. Use this option to select one of the following: Quick Connect Service account. Allows you to access the target AD LDS (ADAM) instance in the security context of the account under which the Quick Connect Service is running. Windows account. Allows you to access the target AD LDS (ADAM) instance in the security context of the account whose user name and password you specify below this option. Click to specify advanced settings for connecting to the AD LDS (ADAM) instance. Click this button to verify the specified connection settings. 4. Optionally, you can narrow the number of AD LDS (ADAM) objects participating in the connection scope by setting up filter conditions: on the Connection Settings tab, click the Advanced item to expand it, and then use the following list columns: LIST COLUMN Object type Use this column to select the AD LDS (ADAM) object types for which you want to configure filter conditions: click the Add Object Type button to add an object type to the list. Once you have added an object type to the list, use the Filter condition column to specify a condition the objects of that type must meet in order to participate in the connection scope. Filter condition Use this column to specify a filter condition for the corresponding AD LDS (ADAM) object type. To specify a filter condition, type an LDAP query. The AD LDS (ADAM) objects that meet the specified filter condition will participate in the connection scope. When no filter condition specified for an object type, all objects that belong to that type participate in the connection scope. 5. When you are finished, click Save. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information