Administration Guide › Synchronization › Synchronization Tasks

Synchronization Tasks

You can perform the following types of synchronization:

User Synchronization

Ensures that each user has the necessary accounts on the appropriate managed endpoints, and that each account is assigned to the appropriate account templates as called out by the user's provisioning roles.

Account Synchronization

Ensures that the capability attribute values on accounts are the appropriate values as indicated by the account's assigned account templates. Account synchronization can be strong or weak. Weak synchronization ensures that accounts capability attributes have at least the minimum capability required by its account templates. Strong synchronization ensures that account capability attributes have the exact capability required by its account templates. Account synchronization is strong if the account belongs to at least one account template whose Strong Synchronization check box is selected.

No corresponding Strong Synchronization check box governs User Synchronization, but a similar concept exists. When you issue the Synchronize User with Roles menu item on a user, you are presented with two synchronization options:

• Add missing accounts and account template assignments.
• Delete extra accounts and account template assignments.
• By selecting only the Add check box, which is similar to Weak Account Synchronization, you want global users to have at a minimum all accounts required by their assigned provisioning roles, but you allow users to have additional accounts not prescribed by current provisioning roles.

Select both the Add and Delete check boxes, which is similar to Strong Account Synchronization, to have the provisioning roles define exactly which accounts the user should have. Any additional accounts are deleted.

Choose Weak/Strong Account Synchronization or Weak/Strong User Synchronization based on how precisely provisioning roles are defined. If your users fit into clearly-defined provisioning roles where account access is tied to those roles, you would use Strong Synchronization.

Note: Some endpoint types set strong synchronization as the default. For more information, see the Connectors Guide.

User synchronization and account synchronization are separate tasks that you must perform individually. Typically, you perform user synchronization first to ensure that all necessary accounts are created, then perform account synchronization later so the Provisioning Server assigns or changes the values of the account attributes.

The Provisioning Server provides two sets of synchronization menu options for objects:

• Check synchronization menu options verify the synchronization and return a list of the accounts that do not comply with the provisioning roles or account templates.
• Synchronize menu options synchronize global users with their provisioning roles or accounts with their account templates.

If you perform the check synchronization functions first, the Provisioning Server tells you what corrections the synchronize functions will perform. If the check synchronization functions find no problem, the synchronize functions do not run.