Target
For customers who wish to synchronize users from the Active Directory to the HENNGE Access Control using the HENNGE Directory Sync Tool.
Purpose
This procedure outlines how to execute the HENNGE Directory Sync Tool.
Caution
1. Please ensure that the requirements outlined in the following article have been satisfied. Please refer to "HENNGE Directory Sync Tool" in the article below.
Supported environments for HENNGE One
2. If the following error is displayed, please follow the following article to install the root certificate.
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>
Installation Manual of Root Certificate for HDE One Directory Sync Tool
3. This article is based on the product content of March 2019. May be revised without prior notice due to subsequent update or specification change.
Procedures
1. Run a Test Synchronization
1.1. Open the PowerShell with Admin permissions.
1.2.Execute the HENNGE Directory Sync Tool by entering the following commands into the PowerShell.
> cd "C:\Program Files\HDE One Directory Sync"
> .\console.exe /n
※ [ /n ] is the option for Test Execution, which will not actually perform synchronization.
※ [ /n ] option is not present will perform actual synchronization, please pay extra attention to performing this command.
Example Output:
##### Sync set [sync01] #####
Active Directory ---> HDE Access Control
Add: Administrator / iGcrgi8tjUy1NfaLulJ/5Q==
Add: Guest / qWEUYHX3DUOxPrZv6C271Q==
Add: test01 / test01@addc1.example.com / WEt4r/aDlE3wtGz0UbVoqQ==
Delete: aaa / aab@addc1.example.com / hfJV7x6cakym2AIWkThdA==
If there are no users existing targeted for synchronization, the following output will be found.
##### Sync set [sync01] #####
Active Directory ---> HDE Access Control
* No sync data *
2. Manual Synchronization
If the test synchronization outputs the desired result, please omit the [ /n ] option to perform an actual synchronization with the [ console.exe ] command.
> cd "C:\Program Files\HDE One Directory Sync"
> .\console.exe
3. Regular Synchronization (Scheduled Synchronization)
To make sure that the synchronization runs automatically every few hours, please set up the [ HDE One Directory Sync ] and the [ HDE One Password Sync ] service.
Please start the following services from the Windows Server machine where HENNGE Directory Sync Tool was installed on.
・HDE One Directory Sync
・HDE One Password Sync
3.1. Enable and run the [ Services ].
3.2. Open the Properties menu of the service and configure the following values.
[ General ] - [ StartUp Type ] : Automatically.
[ Login ] - [ Account ]: Please set this to the user the same as the user specified in the config.ini file.
First time setting up the config.ini file for HENNGE Directory Sync Tool Procedure 2.2.
3.3. Save the settings and start the services.
4. Regular Sync Log Confirmation
4.1. Access the HENNGE Access Control admin console.
Accessing HENNGE Access Control admin console
4.2. Click on the [ Sync Logs ] menu on the left side of the screen.
4.3. Set any date in the search menu at the top of the screen and click on the magnifying glass icon.
4.4. Confirm that the sync log is displayed as search results.
Confirm that the content of the sync log is displayed as search results, as shown in above.
If the sync log is not displayed in the search results, there may be a problem on the client where the HENNGE Directory Sync Tool is running.
In such cases, please contact the HENNGEOne onboarding guide or technical support team.
4.5. Check for errors in the displayed sync log search results.
If a red X mark is displayed in the [ Failed ] column of the sync log search results, synchronization has failed due to some reason.
In such cases, please contact the HENNGE One Onboarding Guide or HENNGE One support team.
There are two types of sync logs that appear as search results.
1. Synchronization of user information from Windows Active Directory to HENNGE Access Control.
2. Synchronization of user passwords from Windows Active Directory to HENNGE Access Control.
Since these logs are not distinguished in the search results display, you need to click on the output of each log and expand the details.
Case 1: If User Synchronization is Successful
By default, it is executed regularly every 2 hours.
Changes made to Windows Active Directory user account properties (such as username, UPN, etc.) will be reflected in HENNGE Access Control at the next sync.
Even if there are no changes to all user accounts in Windows Active Directory, they will be displayed in the sync log search results.
If [ HDE One Directory Sync <version information> ] is displayed at the top of the expanded log, it is a user sync log.
Make sure this sync log is executed regularly and has no errors.
Case 2: If Password Synchronization is Successful
By default, it is executed regularly every 3 minutes.
Changes made to Windows Active Directory user account passwords will be reflected in HENNGE Access Control at the next sync.
If there are no changes to user passwords in Windows Active Directory, they will not be displayed in the sync log search results.
(Password changes for users on Windows Active Directory are output to the sync log only when the password is changed.)
If [Start password syncing] is displayed at the top of the expanded log, it is a user sync log.
Make sure this sync log is executed regularly and has no errors.