You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/app-provisioning/export-import-provisioning-configuration.md
+11-4Lines changed: 11 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,8 +19,8 @@ ms.author: chmutali
19
19
ms.collection: M365-identity-device-management
20
20
---
21
21
# Export your provisioning configuration and roll back to a known good state
22
-
23
22
## Export and import your provisioning configuration from the Azure portal
23
+
24
24
### How can I export my provisioning configuration?
25
25
To export your configuration:
26
26
1. In the [Azure portal](https://portal.azure.com/), on the left navigation panel, select **Azure Active Directory**.
@@ -29,10 +29,17 @@ To export your configuration:
29
29
5. Click on download in the command bar at the top of the page to download your schema.
30
30
31
31
### Disaster recovery - roll back to a known good state
32
-
Exporting and saving your configuration allows you to roll back to a previous version of your configuration. We recommend exporting your provisioning configuration and saving it for later use anytime you make a change to your attribute mappings or scoping filters. All you need to do is open up the JSON file that you downloaded in the steps above, copy the entire contents of the JSON file, replace the entire contents of the JSON payload in the schema editor, and then save. If there is an active provisioning cycle, it will complete and the next cycle will use the updated schema. The next cycle will also be an initial cycle, which reevaluates every user and group based on the new configuration.
32
+
Exporting and saving your configuration allows you to roll back to a previous version of your configuration. We recommend exporting your provisioning configuration and saving it for later use anytime you make a change to your attribute mappings or scoping filters. All you need to do is open up the JSON file that you downloaded in the steps above, copy the entire contents of the JSON file, replace the entire contents of the JSON payload in the schema editor, and then save. If there is an active provisioning cycle, it will complete and the next cycle will use the updated schema. The next cycle will also be an initial cycle, which reevaluates every user and group based on the new configuration. Consider the following when rolling back to a previous configuration:
33
+
* Users will be evaluated again to determine if they should be in scope. If the scoping filters have changed a user is not in scope any more they will be disabled. While this is the desired behavior in most cases, there are times where you may want to prevent this and can use the [skip out of scope deletions](https://docs.microsoft.com/azure/active-directory/app-provisioning/skip-out-of-scope-deletions) functionality.
34
+
* Changing your provisioning configuration restarts the service and triggers an [initial cycle](https://docs.microsoft.com/azure/active-directory/app-provisioning/how-provisioning-works#provisioning-cycles-initial-and-incremental).
35
+
36
+
37
+
## Export and import your provisioning configuration by using the Microsoft Graph API
38
+
You can use the Microsoft Graph API and the Microsoft Graph Explorer to export your User Provisioning attribute mappings and schema to a JSON file and import it back into Azure AD. You can also use the steps captured here to create a backup of your provisioning configuration.
39
+
33
40
## Step 1: Retrieve your Provisioning App Service Principal ID (Object ID)
34
41
35
-
1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your provisioning application. For e.g. if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app.
42
+
1. Launch the [Azure portal](https://portal.azure.com), and navigate to the Properties section of your provisioning application. For e.g., if you want to export your *Workday to AD User Provisioning application* mapping navigate to the Properties section of that app.
36
43
1. In the Properties section of your provisioning app, copy the GUID value associated with the *Object ID* field. This value is also called the **ServicePrincipalId** of your App and it will be used in Microsoft Graph Explorer operations.
37
44
38
45
@@ -58,7 +65,7 @@ You will get a response as shown below. Copy the "id attribute" present in the r
In the Microsoft Graph Explorer, run the following GET query, replacing [servicePrincipalId] and [ProvisioningJobId] with the ServicePrincipalId and the ProvisioningJobId retrieved in the previous steps.
0 commit comments