Sun Identity Manager 8.1 Resources Reference

Setting Up Active Directory Synchronization Failover

Step 1: Configure the Active Directory Synchronization Recovery Collector Task

Step 2: Define the Active Directory On-Error Process Active Sync Attribute

On each Active Directory Active Sync resource, Identity Manager defines an onError process that is called when a failure occurs during the synchronization of a resource. If an Active Directory resource defines an on-error process, this process is called if there errors occur when the poll method is called on the resource during active synchronization. This process checks the result from the IAPI objects, and if an error occurs, calls the defined process.

Configure this process to notify an administrator through email when an error occurs. Include the error text in the email body so that the administrator can determine if the error warrants that Identity Manager fails over to another domain controller.

Using the error text, the administrator is alerted to a potentially lengthy outage or an outrage due to a temporary, quickly resolved issue (such as a temporary routing issue that is resolved by the next poll attempt).

Step 3: Run Active Directory Synchronization Failover Task for the Failed Resource

If the domain controller returns an error that warrants failing over to another domain controller, run the Active Directory Synchronization Failover task from the Task page.

For manual fail-over mode, the fail-over task requests

You also must choose whether to restart Active Sync after the switch to a new domain controller is complete.

How the Task Works

When executed, the Active Directory Synchronization Failover task

ProcedureTask Actions

  1. Stops the Active Sync process on the failed resource

  2. Reads in the fail over configuration object

  3. Changes necessary resource attribute values

  4. Optionally restarts the Active Sync process.

Example of Synchronization Failure Workflow

You can configure the following example workflow as the On Synchronization Failure Process resource attribute of an Active Directory resource. The workflow looks for the error message. If it finds this message, the workflow launches a notification email to the administrator.

<TaskDefinition name=’Sample AD Sync On Error Workflow’
   syncControlAllowed=’true’ execMode=’sync’
      <WFProcess title=’Example AD Sync OnError Workflow’>
         <Variable name=’resultErrors’ input=’true’>
           <Comments>Errors returned from the resource.
        <Variable name=’resourceName’ input=’true’>
           <Comments>Name of the AD resource that returned the errors.
        <Variable name=’failureTimestamp’ input=’true’>
           <Comments>Failure timestamp, when it occurred.
        <Activity name=’start’>
           <Transition to=’checkErrors’/>
         <Activity name=’checkErrors’>
           <Variable name=’criticalError’>
            <Comments>Local variable to hold if we need to notify
        <Action name=’iterateMessage’>
           <dolist name=’msg’>
                   <set name=’criticalError’>
        <Transition to=’notify’>
         <Transition to=’end’/>
        <Activity name=’notify’>
           <Action application=’notify’>
             <Argument name=’template’    
             <Argument name=’resultErrors’ value=’$(resultErrors)’/>
         <Transition to=’end’/>
        <Activity name=’end’/>