You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/app-provisioning/export-import-provisioning-configuration.md
+11-9Lines changed: 11 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,14 +8,14 @@ ms.service: active-directory
8
8
ms.subservice: app-provisioning
9
9
ms.topic: how-to
10
10
ms.workload: identity
11
-
ms.date: 10/20/2022
11
+
ms.date: 05/05/2023
12
12
ms.author: kenwith
13
13
ms.reviewer: arvinh
14
14
---
15
15
16
16
# How-to: Export provisioning configuration and roll back to a known good state
17
17
18
-
In this article, you'll learn how to:
18
+
In this article, you learn how to:
19
19
20
20
- Export and import your provisioning configuration from the Azure portal
21
21
- Export and import your provisioning configuration by using the Microsoft Graph API
@@ -28,14 +28,16 @@ To export your configuration:
28
28
29
29
1. In the [Azure portal](https://portal.azure.com/), on the left navigation panel, select **Azure Active Directory**.
30
30
1. In the **Azure Active Directory** pane, select **Enterprise applications** and choose your application.
31
-
1. In the left navigation pane, select **provisioning**. From the provisioning configuration page, click on **attribute mappings**, then **show advanced options**, and finally **review your schema**. This will take you to the schema editor.
31
+
1. In the left navigation pane, select **provisioning**. From the provisioning configuration page, click on **attribute mappings**, then **show advanced options**, and finally **review your schema**. The schema editor opens.
32
32
1. Click on download in the command bar at the top of the page to download your schema.
33
33
34
34
### Disaster recovery - roll back to a known good state
35
35
36
-
Exporting and saving your configuration allows you to roll back to a previous version of your configuration. We recommend exporting your provisioning configuration and saving it for later use anytime you make a change to your attribute mappings or scoping filters. All you need to do is open up the JSON file that you downloaded in the steps above, copy the entire contents of the JSON file, replace the entire contents of the JSON payload in the schema editor, and then save. If there is an active provisioning cycle, it will complete and the next cycle will use the updated schema. The next cycle will also be an initial cycle, which reevaluates every user and group based on the new configuration. Consider the following when rolling back to a previous configuration:
36
+
Exporting and saving your configuration allows you to roll back to a previous version of your configuration. We recommend exporting your provisioning configuration and saving it for later use anytime you make a change to your attribute mappings or scoping filters. Open the JSON file that you downloaded, copy the entire contents. Next, replace the entire contents of the JSON payload in the schema editor, and then save. If there's an active provisioning cycle, it completes and the next cycle uses the updated schema. The next cycle is also an initial cycle, which reevaluates every user and group based on the new configuration.
37
37
38
-
- Users will be evaluated again to determine if they should be in scope. If the scoping filters have changed a user is not in scope any more they will be disabled. While this is the desired behavior in most cases, there are times where you may want to prevent this and can use the [skip out of scope deletions](./skip-out-of-scope-deletions.md) functionality.
38
+
Some things to consider when rolling back to a previous configuration:
39
+
40
+
- Users are evaluated again to determine if they should be in scope. If the scoping filters have changed, a user isn't in scope anymore because they're disabled. While the behavior is the desired in most cases, there are times where you may want to prevent it. To prevent the behavior, use the [skip out of scope deletions](./skip-out-of-scope-deletions.md) functionality.
39
41
- Changing your provisioning configuration restarts the service and triggers an [initial cycle](./how-provisioning-works.md#provisioning-cycles-initial-and-incremental).
40
42
41
43
## Export and import your provisioning configuration by using the Microsoft Graph API
@@ -45,7 +47,7 @@ You can use the Microsoft Graph API and the Microsoft Graph Explorer to export y
45
47
### Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
46
48
47
49
1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your provisioning application. For example, if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app.
48
-
1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Microsoft Graph Explorer operations.
50
+
1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it's used in Microsoft Graph Explorer operations.
49
51
50
52
51
53
@@ -56,7 +58,7 @@ You can use the Microsoft Graph API and the Microsoft Graph Explorer to export y
1. Upon successful sign-in, you will see the user account details in the left-hand pane.
61
+
1. Upon successful sign-in, you see the user account details in the left-hand pane.
60
62
61
63
### Step 3: Retrieve the Provisioning Job ID of the Provisioning App
62
64
@@ -66,7 +68,7 @@ In the Microsoft Graph Explorer, run the following GET query replacing [serviceP
66
68
GET https://graph.microsoft.com/beta/servicePrincipals/[servicePrincipalId]/synchronization/jobs
67
69
```
68
70
69
-
You will get a response as shown below. Copy the "id attribute" present in the response. This value is the **ProvisioningJobId** and will be used to retrieve the underlying schema metadata.
71
+
You get a response as shown. Copy the `id` attribute present in the response. This value is the **ProvisioningJobId** and is used to retrieve the underlying schema metadata.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments