Is there a powershell or simple method to fully deactivate sync projects programiically? Setting the dprshell.isFinalized value in the database isn't enough.

I also couldn't find a command-line option or vb method to de-/activate sync projects.

Looks like there is more at play here then just changing the dprshell.isFinalized.
The setting of dprshell.ShadowCopyMode and the removal/restore of dprshell.ShadowCopy are also involved in the procedure.

Seems to me that there is a valid use case for having this: a command-line option or vb method to de-/activate sync projects.

Maybe someone from Quest can shed some light on this?

Regards,
Niels

Can you please explain your use case “Complete deactivation” in more detail?

Hello Markus,

In my case just to have the ability to stop all the sync projects processing with one script.
- for use in my OTA environments (stop everything when finished work on enviroment to prevent unnessarary provisioning/syncs to/from target systems)
- during cloning or upgrading of evironments.
- and maybe as an emergency stop in production.

I know there are always other ways to accomplish this.
But the [de-/activate] sync project button would  be a nice feature to have control over from commandline/vb.method without the need of touching other config settings.

Regards,
Niels

Hi Niels,

thanks for your thoughts on the matter.

Some quick answers about existing options:

• There is the option to enable an offline mode for a target system connector. It has some challenging pre-requisites (one queue per synchronization root obj, etc.), but you can use the Launchpad to switch the synchronization off for a target system. https://docs.oneidentity.com/bundle/one-identity-manager_basics-of-target-system-synchronization_9.3/page/sources/dpr/dprofflinemodeaktivate.htm You can also set the property DPRRootObjConnectionInfo.IsOffline to suspend / resume this target system.
• You can turn off the complete queue process by setting QBMServer.IsJobServiceDisabled which is an emergency stop for all job processing of an queue.
• You globally turn off job processing by toggling DialogDatabase.IsJobServiceDisabled (this is what JobQueueInfo is doing for an emergency stop).

Hmmm.....came across this thread looking for something else (again a CLI/Script way of doing things).

I've been tasked with looking at a PoC.

The customer is a construction company, so frequently stands up environments for the project, then rip them down at the end. One of those environments is a O365 tenant, so they want to automate the creation of the synchronization to OneIM.

I have previously tried to trace all the DPR relationships inside the DB (which is murder by the way), but there were things I couldn't find where they're stored (i.e. Mappings), so was wondering about a CLI that could be called to "clone" or similar of an existing Project or source projshell that would re-generate UIDs on import.

Any suggestions Niels de Groot or Markus Weiss-Ehlers ?

We were able to deactivate and set readonly the target systems via script by editing the db with:

Invoke-SqlCmd -Query "UPDATE DPRShell SET isFinalized = 2, ShadowCopy = '', EditedBy = '', EditedSince ='' WHERE Not UID_DPRSystemVariableSetDef = 'CCC-xxx' " -Database "D1IM" -ServerInstance "oimDB"

Invoke-SqlCmd -Query "UPDATE DPRSystemConnection SET IsReadOnly = '1' WHERE not name like 'MainConnection' and not UID_DPRSystemConnection = 'CCC-xxx'" -ServerInstance "oimDB" -Database "D1IM"

Invoke-SqlCmd -Query "update dprsystemvariable set Value = '[E]..[E]' where uid_dprsystemvariable in ('CCC-xxx','CCC-xxx','CCC-xxx')" -Database "D1IM" -ServerInstance "oimDB"

You have more than one option here. One is to add additional Entra ID tenants to the same synchronization projects. The UI way to do so is described here https://docs.oneidentity.com/bundle/one-identity-manager_connecting-to-microsoft-entra-id_9.3/page/sources/aad/aadsyncconfigotherdomain.htm

You can also create a new synchronization project using the Synchronization Editor Command Line Interface. https://docs.oneidentity.com/bundle/one-identity-manager_basics-of-target-system-synchronization_9.3/page/sources/dpr/dprsyncprojectautocreate.htm

So you know about these options:
https://support.oneidentity.com/kb/4344087/how-to-export-the-synchronization-project-shell-from-the-synchronization-editor
https://www.oneidentity.com/community/identity-manager/f/forum/38691/export-connector/90560

Not quite sure I understand your use case and why you don't use multiple variable sets within this one sync project or copy an exisiting project: Edit > Create copy