Apart from using the Management Portal or Setup and Sync Tool, you can also synchronize data connections via a command line.
This allows you, for example, to synchronize data in Identity Director as part of an Ivanti Automation Job: In Ivanti Automation you can configure a Task to make changes to your Microsoft Active Directory, and use the command line in another Task to synchronize these changes to Identity Director. By scheduling the Tasks, you can automate the synchronization of Active Directory changes. This also makes it possible to create a log file of synchronizations and read the results in the Job results.
Generating the command line
- To generate a command line automatically, select the relevant data connection(s) in the Setup and Sync Tool, right-click the selection and click Generate command line. This copies the command line to your clipboard, so you can paste it in, for example, an Ivanti Automation Job.
- To create a command line manually, apply the public properties /ACTION=SYNC /NAME=* to the executable of the Setup and Sync Tool.
- Use /NAME=* to synchronize ALL data connections.
- Use /NAME=<data connection name> to synchronize a specific data connection. Use quotation marks if the name of the data connection contains a space (e.g. /NAME="data connection1"). Separate multiple data connections with a semicolon (;).
- To take ownership of orphaned objects after synchronizing, add the public property /TAKEOWNERSHIP to the command line.
- To create a log file of the synchronization, add the public property /LOGFILE="<FILEPATH>" to the command line.
"C:\RES Software\IT Store\Console\resocc.exe" /ACTION=SYNC /NAME=* /TAKEOWNERSHIP /LOGFILE="C:\TEST.LOG"
The login account that executes the command line for synchronization of data connections must have the Identity Director administrative role Full Access.
Logging in Windows Event Log
During synchronization, errors may occur because of misconfiguration or unavailable external data. These errors are usually shown in a message box. In certain scenarios, for example in Ivanti Automation Tasks, showing this message is either useless (nobody will see it), or even harmful - the entire process may wait indefinitely for someone to click OK and continue execution. To avoid this, you can add the public property /SILENT to the command line and run it with elevated permissions.
The Windows Event is only created for an exception on the data source, not for an error or warning that occurs for content during data synchronization or on a successful synchronization. The Windows Event is created in the Application Windows event log and has ressoc as source.
"C:\RES Software\IT Store\Console\resocc.exe" /ACTION=SYNC /NAME="Organizations;Locations" /SILENT
When you use the command line in Ivanti Automation, the account in the Security Context needs elevated permissions.
Exit codes for Ivanti Automation
Ivanti Automation Tasks have the option Task fails/succeeds if the executable returns the following exit code:.
Possible exit codes for resocc.exe are:
- 0 success
- -1 fail