Is there a powershell or simple method to fully deactivate sync projects programiically? Setting the dprshell.isFinalized value in the database isn't enough.

I also couldn't find a command-line option or vb method to de-/activate sync projects.

Looks like there is more at play here then just changing the dprshell.isFinalized.
The setting of dprshell.ShadowCopyMode and the removal/restore of dprshell.ShadowCopy are also involved in the procedure.

Seems to me that there is a valid use case for having this: a command-line option or vb method to de-/activate sync projects.

Maybe someone from Quest can shed some light on this?

Regards,
Niels

Hmmm.....came across this thread looking for something else (again a CLI/Script way of doing things).

I've been tasked with looking at a PoC.

The customer is a construction company, so frequently stands up environments for the project, then rip them down at the end. One of those environments is a O365 tenant, so they want to automate the creation of the synchronization to OneIM.

I have previously tried to trace all the DPR relationships inside the DB (which is murder by the way), but there were things I couldn't find where they're stored (i.e. Mappings), so was wondering about a CLI that could be called to "clone" or similar of an existing Project or source projshell that would re-generate UIDs on import.

Any suggestions Niels de Groot or Markus Weiss-Ehlers ?

We were able to deactivate and set readonly the target systems via script by editing the db with:

Invoke-SqlCmd -Query "UPDATE DPRShell SET isFinalized = 2, ShadowCopy = '', EditedBy = '', EditedSince ='' WHERE Not UID_DPRSystemVariableSetDef = 'CCC-xxx' " -Database "D1IM" -ServerInstance "oimDB"

Invoke-SqlCmd -Query "UPDATE DPRSystemConnection SET IsReadOnly = '1' WHERE not name like 'MainConnection' and not UID_DPRSystemConnection = 'CCC-xxx'" -ServerInstance "oimDB" -Database "D1IM"

Invoke-SqlCmd -Query "update dprsystemvariable set Value = '[E]..[E]' where uid_dprsystemvariable in ('CCC-xxx','CCC-xxx','CCC-xxx')" -Database "D1IM" -ServerInstance "oimDB"

You have more than one option here. One is to add additional Entra ID tenants to the same synchronization projects. The UI way to do so is described here https://docs.oneidentity.com/bundle/one-identity-manager_connecting-to-microsoft-entra-id_9.3/page/sources/aad/aadsyncconfigotherdomain.htm

You can also create a new synchronization project using the Synchronization Editor Command Line Interface. https://docs.oneidentity.com/bundle/one-identity-manager_basics-of-target-system-synchronization_9.3/page/sources/dpr/dprsyncprojectautocreate.htm

You have more than one option here. One is to add additional Entra ID tenants to the same synchronization projects. The UI way to do so is described here https://docs.oneidentity.com/bundle/one-identity-manager_connecting-to-microsoft-entra-id_9.3/page/sources/aad/aadsyncconfigotherdomain.htm

You can also create a new synchronization project using the Synchronization Editor Command Line Interface. https://docs.oneidentity.com/bundle/one-identity-manager_basics-of-target-system-synchronization_9.3/page/sources/dpr/dprsyncprojectautocreate.htm