Identity Director Administration Guide
In the Management Portal at Data Model > Data Connections, use data connections to synchronize data from an external source with your environment. You can also synchronize data connections via a command line. For example, this allows you to synchronize data in Identity Director as part of an Ivanti Automation Job: In an Ivanti Automation Module, you can for example configure a Task to make changes to your Microsoft Active Directory, and use the command line in another Task to synchronize these changes in Identity Director. By scheduling the Module in a Job, you can automate the synchronization of Active Directory changes. This also makes it possible to create a log file of synchronizations and read the results in the Job results.
- Synchronization of data connections via a command line requires that your login account has been assigned the administrative role Full Access.
- To generate a command line automatically, select the relevant data connection(s) in the Setup and Sync Tool, right-click this selection and click Generate command line. This copies the command line to your clipboard, after which you can use it in, for example, an Ivanti Automation Job.
- To create a command line manually, apply the public properties /ACTION=SYNC /NAME=* to the executable of the Setup and Sync Tool.
- Use /NAME=* to synchronize ALL data connections.
- Use /NAME=<data connection name> to synchronize a specific data connection. Use quotation marks if the name of the data connection contains a space (e.g. /NAME="data connection1"). Separate multiple data connections with a semicolon (;).
- To create a log file of the synchronization, add the public property /LOGFILE="C:\TEST.LOG" to the command line, where "C:\TEST.LOG" specifies name and location of your log file.
- "C:\RES Software\IT Store\Console\resocc.exe" /ACTION=SYNC /NAME=* /LOGFILE="C:\TEST.LOG"
Logging in Event Log
During synchronization, errors may occur because of misconfigurations or unavailable external data. These errors are usually shown in a message box. In certain scenarios, for example in Ivanti Automation Tasks, showing this message is either useless (no one sees it), or even harmful - the entire process may wait indefinitely for someone to click OK and continue execution. To avoid this, you can use a command line parameter to log these exceptions to the Event Log, instead of showing a message box.
- To log errors to the Event Log, add the public property /SILENT to the command line of the Setup and Sync Tool and run it with elevated permissions. When you use the script in Ivanti Automation, the account in the Security Context needs enough rights for the elevation.
The Windows Event is only created for an exception on the data source, not for an error or warning that occurs for content during data synchronization or on a successful synchronization. The Windows Event is created in the Application Windows event log and has ressoc as source.
- "C:\RES Software\IT Store\Console\resocc.exe" /ACTION=SYNC /NAME="Organizations;Locations" /SILENT
This command line logs exceptions to the Event log. You can use this command line for unattended synchronizations, for example in an Ivanti Automation Task.
- "C:\RES Software\IT Store\Console\resocc.exe" /ACTION=SYNC /NAME="Organizations;Locations"
This command line shows exceptions as Message boxes. You can use this command line in interactive session, for example when you use the CMD shell.
Ivanti Automation Tasks have the option Task fails/succeeds if the executable returns the following exit code:. The exit codes for resocc.exe file are:
- 0 success
- -1 fail
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.